Reoptimization for Great Power Competition

GPC Key Decisions

USAF Case for Change

SecAF Memo

Air Force FAQ for Reoptimizing Great Power Competition

“We need these changes now; we are out of time to reoptimize our forces to meet the strategic challenges in a time of great power competition.”

~ Secretary of the Air Force Frank Kendall

The United States faces a time of consequence marked by significant shifts in the strategic environment. To remain ready, the U.S. Air Force must change.

In early 2024, the Department of the Air Force unveiled sweeping plans for reshaping, refocusing, and reoptimizing the Air Force and Space Force to ensure continued supremacy in their respective domains while better posturing the services to deter and, if necessary, prevail in an era of Great Power Competition. Through a series of 24 DAF-wide key decisions, four core areas which demand the Department’s attention will be addressed: Develop People, Generate Readiness, Project Power and Develop Capabilities.

Today, the Air Force once again finds itself at a critical juncture—an era of Great Power Competition marked by a new security environment, a rapidly evolving character of war, and a formidable competitor. This new era requires understanding its challenges and the attributes needed to succeed.

Embracing change is not a choice; it is a necessity. The Air Force must “reoptimize” into an enterprise prepared for high-end conflicts and long-term strategic competition.

Protection of Common Types of Department of Defense Controlled Unclassified Information

Air Force Research Laboratory

Video by Dave Pope

March 3, 2022 | 5:20

Welcome back!

Today is number 6 in the Blue Cyber Series. We’ll be talking about protection of common types of Department of Defense controlled unclassified information. My name is Kelly Kiernan and I'm here representing the Department of the Air Force Chief Information Security Officer and AFWERX.

Most information produced for the government is protected as controlled unclassified information or CUI. You can find multiple training presentations at this web link. There you will also find guides on how to mark CUI. And be sure to recognize that it is the full implementation of NIST SP 800-171 which the DoD defines as adequate security for protection of CUI.

In our talk today, we're going to discuss several types of CUI that you may encounter on your small business journey. However, there are many more types of CUI and you can learn about them at the National Archives website. At that site, the National Archives will provide definitions, safeguarding and dissemination authorities, and banner marking notes.

When it comes to marking CUI, there are two types: basic and specified. The difference between the two has to do with the law. At this site, you will find a handbook and the handbook will guide you on marking the two types of CUI.

As a small business, the most common category you will encounter is controlled technical information or CTI. Examples of CTI include: engineering data, engineering drawings, source code, executable code, studies, and analyses created for the government. You will be creating CTI as a government contractor. Another CUI category you may encounter is export controlled research. This is unclassified information concerning certain items such as commodities, technologies, software knowledge, or other information whose export could adversely affect our national security. Another category is sensitive personally identifiable information or PII.

PII, if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. You must protect PII as CUI.

Another category of CUI is legal privilege. This category includes attorney work product and attorney client privilege. More information about this category can be found at the National Archives.

Another important CUI category is protected health information or PHI, which is regulated by the HIPAA agreement. PHI must be marked and protected as CUI.

Small business research and technology has its own CUI category. This information must protected as CUI. More information is available at the National Archives website.

Another important category of CUI is general proprietary information. Proprietary information must be marked and protected as CUI within the Department of Defense. Here are some examples of general proprietary information: they include material and information relating to or associated with a company's products, business, or activities included but not limited to financial information data or statements, trade secrets, product research and development, existing and future product designs, and performance specifications.

It is worth noting that export controlled research is regulated by the international traffic in arms regulations or ITAR and the export administration regulations or EAR. Your technical point of contact or contracting officer representative will have more information on how to protect CUI in these two categories.

The Chief Data Officer of the Department of the Air Force has issued a memo to small businesses. You will find it here at www.afsbirsttr.af.mil in the about section. In this memo, the Department of the Air Force Chief Data Officer reminds small businesses about the requirements and regulations that are necessary to protect data and information within the Department of the Air Force.

Thank you for your time today. We discussed protection of common types of Department of the Air Force CUI that you might encounter in your small business journey. This is a reminder that this presentation is not a substitute for reading the FAR and DFARS in your small business contract. My name is Kelly Kiernan and I'm here representing the Department of the Air Force Chief Information Security Officer and AFWERX. More