AFCEC, AFCYBER partnership boosts infrastructure security

  • Published
  • By Amy Ausley
  • Air Force Civil Engineer Center Public Affairs
The commander from Air Forces Cyber and the director the Air Force Civil Engineer Center signed an initiative here June 12, designed to strengthen the security of industrial control systems, or ICS, supporting critical Air Force infrastructures.

At installations, ICS are used for many functions, ranging from heating and air conditioning system troubleshooting, to dealing remotely with environmental issues which affect people and equipment, said Tarone Watley, an AFCEC's ICS expert. This initiative is an effort to harden ICS and protect them from outside attack while gaining efficiencies in several areas including manpower, operations and environmental hazard prevention.

"Protecting ICS within the Air Force is a component of our line of effort to defend the Air Force information network and other key mission systems. Partnering with the civil engineering community enables us to do that much more effectively," said Maj. Gen. James K. McLaughlin, the 24th Air Force and AFCYBER commander. "Our work in this area also gives us practice in tactics, techniques and procedures which can be applied elsewhere if we are ever called upon to support national efforts."

The 688th Cyber Wing worked on behalf of the AFCYBER to help develop the AFCEC-AFCYBER Nexus collaboration.

"We're really being pioneers and connecting cyber defenders with the civil engineer community and it's a forward-thinking model," said Col. Dean Clothier, the 688th Cyberspace Wing vice commander. "It puts us out in front, allowing us to work on some of the nation's hardest problems, and makes the Air Force very proactive across government."

The Nexus Collaboration is a result of AFCEC and AFCYBER's shared dedication to support warfighters worldwide.

"We're excited to partner with AFCYBER to strengthen these critical infrastructures and ensure they are safe from outside threats so the Air Force mission can continue without disruption," said Joe Sciabica, the AFCEC director.

According to officials, the control systems consist of computer processors that automate physical processes. Generally, they involve two components: the computer network and the operational technology which consists of the hardware that makes the process happen. AFCEC has taken care of the hardware while AFCYBER has handled the network.

The two organizations have crossed paths on many projects and, with the Nexus collaboration, they have a clear way forward to join together and get the most out of ICS protection.

The connection between AFCEC and AFCYBER is a natural progression, said 1st Lt. James Gaglio, the 346th Test Squadron defensive cyber operations test director and one of those involved in the process of creating the Nexus collaboration document.

"ICS has become increasingly reliant on information and networking technologies," Gaglio said. "We are starting to see that civil engineering is no longer separated into its own realm, but highly integrated with cyber components since ICS rides on the networks the cyber community controls. The partnership between the cyber and civil engineering communities is a great step forward in terms of collaboration and advancement."

The Nexus collaboration is the next step to ensure everyone is on the same page

"We saw that there has to be a partnership so we are not duplicating efforts," Watley said. "We are trying to achieve a common vision for securing these systems and this document is the culmination of that. The formal signing between AFCEC and AFCYBER means our two organizations will proceed together in this effort in a formalized fashion."

The document identifies 14 issues to be addressed. As part of the collaboration, AFCEC and AFCYBER will soon form working groups to address the five top priorities.

The first item is hardening: increasing security of the current ICS by accelerating deployment of a civil engineering-created software program to monitor, detect, respond and restore ICS.

Other important areas include: developing ICS security standards, completing a comprehensive inventory of Air Force ICS assets, instituting standard contracting language for ICS acquisitions and operations, and mitigating Air Force base critical public and private ICS disruptions.

"A big part of addressing these candidates is identifying the people, processes and organizations that will allow us to apply structure to those specific Nexus areas as well as work together and synchronize our efforts," Clothier said. "As we get routines and standard operating procedures in place, we will keep moving down the list until we get to a very effective, productive and systematic relationship throughout."