The cyber risk to the Air Force’s non-network systems is “very real and concerning,” Lt. Gen. Bill Bender, the service’s chief information officer, told reporters Thursday. “We’re very much concerned with legacy systems that a determined adversary certainly could hack into and either take control [of], or disable, or confuse all our systems’ operators,” Bender told the Defense Writers Group in Washington, D.C. A successful attack, he said, could have devastating effects “if it were done … in a very thoughtful manner to disable our ability to fight on our terms, if you will, in a future war.” Bender did not share specific vulnerabilities, but said the service has fortunately found most on its own. To mitigate the threat, USAF is transforming its workforce to understand the key cyber terrain and system dependencies to protect mission assurance. “The goal here is to understand what constitutes a risk and where the vulnerabilities are and to be able to assure our ability, despite a determined air adversary, and despite a cyber-contested environment … to accomplish our mission,” Bender said. His office will attempt to commercialize and commoditize the traditional communication services and support mission while repurposing airmen to mission assurance.
Once vulnerabilities are found, Bender said, the service plans to “bolt on” cybersecurity as quickly as possible. Legacy systems aren’t the only concern though. “Ultimately, the F-35 is only a fifth-gen fighter if you can leverage all of the technology and its ability to … ingest, distill, and then disseminated the data that it’s able to collect … ,” Bender said. While developing new weapons systems, the service is working to ensure certain cybersecurity parameters are met before they receive authorization to operate on the networks and proceed past acquisition milestones. “It’s new,” he said, “we’re learning as we go.” He noted recent reporting on the cyber vulnerabilities of the F-35, including its Autonomic Logistics Information System (ALIS), “has been favorable…”