Reoptimization for Great Power Competition

GPC Key Decisions

USAF Case for Change

SecAF Memo

Air Force FAQ for Reoptimizing Great Power Competition

“We need these changes now; we are out of time to reoptimize our forces to meet the strategic challenges in a time of great power competition.”

~ Secretary of the Air Force Frank Kendall

The United States faces a time of consequence marked by significant shifts in the strategic environment. To remain ready, the U.S. Air Force must change.

In early 2024, the Department of the Air Force unveiled sweeping plans for reshaping, refocusing, and reoptimizing the Air Force and Space Force to ensure continued supremacy in their respective domains while better posturing the services to deter and, if necessary, prevail in an era of Great Power Competition. Through a series of 24 DAF-wide key decisions, four core areas which demand the Department’s attention will be addressed: Develop People, Generate Readiness, Project Power and Develop Capabilities.

Today, the Air Force once again finds itself at a critical juncture—an era of Great Power Competition marked by a new security environment, a rapidly evolving character of war, and a formidable competitor. This new era requires understanding its challenges and the attributes needed to succeed.

Embracing change is not a choice; it is a necessity. The Air Force must “reoptimize” into an enterprise prepared for high-end conflicts and long-term strategic competition.

DoD Cloud Computing

Air Force Research Laboratory

Video by Dave Pope

March 3, 2022 | 4:56

Welcome!
My name is Kelly Kiernan and I'm here representing the Department of the Air Force Chief Information Security Officer.
This is number 11 in the Blue Cyber Series. It's called “DoD Cloud Computing.”
The place to begin when talking about DoD cloud computing is a look at the DFARS clause 252-239-7010 cloud computing services. This DFARS applies when a cloud solution is being used to process data on the DoD’s behalf or the DoD is contracting with a cloud service provider to host or process data in a cloud. Whatever cloud you choose, this DFARS requires that you ensure:
that the cloud service provider meets all the requirements of the DoD cloud computing security requirements guide,
that they use government related data only to manage the operational environment that supports government data
and that your cloud service provider complies with cyber requirements for incident reporting and damage assessment
At the FEDRAMP website, you will find a list of the DoD approved cloud service providers. You may choose one of those or another cloud service provider but whatever cloud service provider you choose, they will need to comply with the DoD cloud computing security requirements guide, which can be found on the Internet and in the reference section at the end of this presentation.
One of the key features of the cloud environment that you choose will be the impact level for which DoD has approved that cloud service provider. An impact level of two is to handle information with sensitivity of public or non critical mission information and the security controls there are those of FEDRAMP moderate. However, if you're going to be protecting controlled unclassified information, you'll want to choose a cloud service provider with an impact level of four or five.
Another cloud computing concept to tackle is cloud computing as a service.
You can see by this model that there are many different possibilities when it comes to cloud computing as a service and there are different levels of management responsibilities depending upon which one you choose. Regardless of which one you choose, the protection of Department of Defense data and information remains your responsibility.
Enterprise cloud is a multi-cloud and multi-vendor ecosystem with three different cloud offerings. Let's take a look at each one.
The first cloud environment to talk about is the Defense Enterprise Office Solution or DEOS. DEOS is an enterprise commercial cloud environment supporting the DoD strategy to acquire and implement enterprise applications and services for joint use across the Department of Defense.
The second DoD cloud environment to talk about is milCloud 2.0. milCloud 2.0 has many benefits. It is secure: dozens of inherited critical security controls that it has are not available in the commercial cloud; it is easy to use, customers can buy cloud services in as few as 48 hours; and it is affordable as compute, storage, and network cloud services are priced at commercial parity.

The third DoD cloud computing environment to talk about is Cloud One. Cloud One is a multi-hybrid cloud environment with DoD centrally funded hosting that utilizes both Amazon Web Services and Microsoft Azure to host the Air Force’s enterprise general purpose applications. Cloud One provides a plethora of services that will accelerate the accreditation process, ensuring continuous compliance with security controls and facilitate rapid future deployment of capabilities.
The key to security in the cloud environment is continuous monitoring. You can see in this diagram that Cloud One creates the infrastructure layer for the security stack, which includes Platform One and your application.
Thank you for joining me today. My name is Kelley Kiernan and there are more talks like this one on the Blue Cyber Education Series website. That website is hosted on the Department of the Air Force Chief Information Security Officer website. And a reminder that this talk is not a substitute for reading the FAR and DFARS in your small business contract. So long. More