InfoSec News: Red Flag cyber operations: Part II - Cyber operators stand against red team 'aggressors': http://www.afspc.af.mil/news/story.asp?id=123246419
By Tech. Sgt. Scott McNabb
24th Air Force Public Affairs
NELLIS AIR FORCE BASE, Nev. -- It's not supposed to be easy.
For the first time in Red Flag exercise history, cyber and space
operators are a fully integrated part of the friendly forces "blue team"
that defend the interest of the United States and her allies against the
aggressors of the "red team."
"It's imperative that our operators are faced with difficult scenarios.
The intent is that they learn from the high pressure scenarios to
rapidly and deliberately integrate their unique skills and capabilities
with air and space forces to better prepare them grow as cyber operators
and as leaders," said Col. Mark Ware, 24th Air Force director of
operations. "When the other Airmen participating in Red Flag see the
impact on flying and space operations with and without cyber support,
they should better understand what their cyber teammates bring to the
fight and how we can all work together to defeat our adversaries."
Initial results from the realistic combat training exercise indicate the
blue team's cyber operators made it through early struggles to reach
mission success and, in some cases, shut down various red team
capabilities before they were employed.
"The way I see it, in ancient Greek or Roman times, warriors wore 60 to
70 pounds of armor," said 2nd Lt. Louis Murphy, who belongs to the 33rd
Network Warfare Squadron, but served as commander for the blue team,
working out of the Information Operations range, located at Lackland Air
Force Base, Texas. "Today in Iraq and Afghanistan, they also wear about
60 to 70 pounds of body armor. It's a lot better armor, but it's never
perfect. The same is true for cyber. No matter what program you have, it
won't be perfect. You adjust and get better."
Red team's cyber aggressors are formidable and push the blue team to
their very limits. Elements of Red Flag's cyber red team include:
- Detachment 2, 318th Information Operations Group, charged with
creating an exercise scenario that will allow for realistic cyber
play and integration with standard kinetic operations;
- The 57th Information Aggressor Squadron provides the cyber targets
for U.S. Air Force cyber warfighters;
- The 177th Information Aggressor Squadron, Kansas Air National
Guard, is the sister squadron to the 57th IAS.
These units along with some individual Reserve Airmen provide a wide
breadth of opposition for the blue team to lock horns with.
Capt. Christian Fisher, Det. 2 Exercise Flight commander, said he and
others worked on scenarios for months to optimize the training
"It is important for cyber operations to be included in Red Flag so that
members of the cyber community can plan and execute a mission alongside
the air and space operations communities," said Captain Fisher. "Without
integrating those three, no one outside the cyber community is ever
going to know where cyber operations are going to be beneficial because
they will have no idea what the cyber community is capable of. In order
to make cyber operations as effective as they can be they need to be
integrated with air and space operations, and the first step of that
integration is participating in large force exercises like Red Flag
where non-cyber operators can see what cyber brings to the fight."
"Seamless integration of joint operations is the ultimate goal for these
new efforts in Red Flag," said Maj. Gen. Richard Webber, 24th Air Force
commander. "We are elevating the level of training to new heights, in
order to learn how to best employ our operational forces to achieve
desired effects for the joint and coalition teams."
Captain Fisher said the impact of including cyber operations in Red Flag
is that it allows for more solutions to the tactical problems that are
presented to the exercise participants.
"In some cases cyber operations may allow for a similar but less
persistent effect on a target set than dropping a bomb, which may be
more beneficial in the long term depending on what the desired end state
is," he said. "It's really how Red Flag continues to be a premier
training event for the Air Force even as the operational environment
changes based on the evolution of technology."
Maj. Frank Lyons, 57th IAS team chief, gave an example of a possible
scenario his red aggressors would test the blue team with.
"We (the red team) set up a cyber café where a terrorist is uploading
the latest propaganda video to a server so all his buddies can see it,"
he said. "The blue forces would do something to either prevent the video
from being seen, or to prevent the terrorist from having Internet
Each cyber aggressor team varies in size according to the mission. For
Red Flag 11-3, there are 24 team members operating as the adversary.
Maj. Drew Bjerken, 177th IAS Weapons and Tactics Flight commander and
overall Red Flag 11-3 red team mission commander, said he looks forward
to presenting a cyber adversary that is reactive and in some cases
aggressive rather than only providing targets as in years past. The
majority of the red team offensive cyber operators come from the 177th
IAS while the majority of the red team defenders belong to the 57th IAS.
"Allowing red to go offensive presents blue net defenders their first
opportunity to integrate so deeply into Red Flag," said Major Bjerken.
"This integration is key, as Air and Space Operations Centers commanders
know what to do when they are under attack by air or ground forces, but
often they are unaware of how to react and what needs to be done when
under attack by cyber forces."
Chief Master Sgt. Kevin Slater, 24th Air Force command chief, said
operations integration may be the most important success story of this
"Cyber's integration into Red Flag is as much about educating our air
and space teammates on the critical mission assurance attributes of
cyber as it is an opportunity to further our efforts to operationalize
the cyber domain and the cyber warriors who operate in it," he
Cyber operators taking part in Red Flag didn't happen overnight. Captain
Fisher said he, personally, has been integrating cyber operations into
U.S. Warfare Center exercises, to include Red Flag, for two years now.
He said Det. 2, 318th IOG has been doing this for almost six years.
"This was the next logical step as we continue to mature Air Force cyber
operations. We are building a "Culture of Cyber" in the Air Force,
structuring cyber training in the model of air and space operations
training," said General Webber. "Red Flag is the best tactical exercise
in the world and adding cyber to the 'fight' made sense because the
cyber domain is integral to the Air Force's ability to fly, fight and
win. Our operators are getting right alongside their air and space
counterparts, testing their abilities in realistic wartime situations.
This will make Red Flag more realistic and train our Airmen to make the
right decisions when things get tough."
Captain Fisher said a successful exercise is one where the participants
learn something. He wants cyber operators to walk away from this
exercise with a better understanding of operations outside of the cyber
community, based on their interaction with everyone else during this
"I think the biggest area for improvement for the cyber community is
going to come from the lessons that we learn in running the command and
control of cyber operations within the AOC," he said. "Currently there
exist a handful of theories on how to best integrate and control cyber
operations within the AOC; this will be one of the first exercises where
we will be executing operations based on some of those theories. When
the exercise is done, we should be able to walk away with a much clearer
understanding of where cyber operations fits into the AOC structure and
what the best way to C2 cyber operations within the AOC is."
The final week of Red Flag 11-3 is underway and cyber inputs will add
the crescendo to this unique exercise. General Webber said he looks
forward to studying the results of the exercise, and is thankful the men
and women in cyber operations will be able to take their experiences
back with them.
"The red team is truly testing the skills of our blue team members, but
the blue team continues to counter the attacks and strengthen the
defense," he said. "As tactical cyber involvement grows within Red Flag
and more of our operators get the opportunity to take part in the
exercises, we will create a more seasoned, battle-ready cyber force. I
hope that our cyber, space and air operators all come away from this
exercise with an appreciation for each other's missions, and bring back
to real-life operations a sense of how to better coordinate and
integrate for greater operational results."
(Editor's Note: This is the second story in a series about Air Force
cyber operators taking exercise inputs in Red Flag.)