NELLIS Air Force Base, Nev. — The internet is a battleground, and information is the prize. News reports of a shopping retailer losing control of customers’ digital data and an internet browser being compromised are some of the recent evidence of the constant cyber-threat present in the World Wide Web.
The digital war over information is one Air Force cyber specialists fight on a daily basis. To give these Airmen an upper-hand against their online adversaries, the 24th Air Force takes part in several training exercises, to include Red Flag.
Red Flag is large scale combat training exercise held multiple times per year and hosted at Nellis Air Force Base, Nevada, that gives air, space and now cyberspace service members from the U.S. and allied nations the ability to come together to train as a team. Air, Space and Cyber domains are integrated between tactical and operational level participants during Red Flag at the Combined Air Operations Center – Nellis (CAOC-N)/505th Test Squadron. Through the exercise, each organization learns to work together to form a stronger total force, while also being shown how their individual talents fit into the bigger picture.
Cyber first played a part in the Red Flag exercise series in 2007, said Daryl Crissman, the 318th Cyber Operations Group, Detachment 2 chief of weapons and tactics. At first their initial involvement was limited and only made up a small portion of the simulated mission. Over the past two to three years, however, Cyber has made measurable gains in becoming a fully integrated component of the exercise.
“Our mission is to train the next generation of cyber warriors and we look at what we call the full spectrum … defensive and offensive operations,” said Michael Homsy, the 24th Air Force exercise planner and cyber range coordinator. “We have several teams that are being developed … teams that are designed to go after the adversary and their infrastructure and degrade their ability to launch their capabilities against us, as well as defend critical infrastructure as it pertains to our country.”
Though the 24th AF participates in other annual exercises, such as Black Demon and Cyber Flag, Homsy said Red Flag is considered the capstone event. Due to the scope of the exercise, they are able to participate with a wider range of cyber applications to support other Air Force components, such as air and space.
“Red Flag has always been primarily focused on the flying community,” Homsy said. “It is designed to give the new pilots their first operational missions. Cyber has only really come into its own in the last few years. We had to show that we could accomplish our training objectives without impacting the flying training objectives. We had to show that we can add value to the overall exercise by being a part of the exercise, and we were able to do just that.”
In February 2012, cyber Airmen were given a chance to actively play their part in the exercise through the help of a new training network. With the new setup, they were able to give a tangible example of their capabilities while defending the combined air operations center at Nellis AFB.
“In Red Flag 11-3, we brought the Joint IO Range,” Crissman said. “It is a closed network that we’re allowed to play on and bring … our tools and our weapon systems.”
The Joint IO Range is a cyber-range that is used during the exercise as a training ground for cyber assets, Crissman said. It is modeled after the Air Force’s network, but is completely separated; therefore it doesn’t affect any other active networks. It gives Airmen the distinct advantage of trying new systems, defenses and attacks prior to deploying them in a real-world environment.
“One of the things that we’ve been working on in the past year is presenting a contested, degraded, and operationally limited environment for the training audience and presenting them with a problem and making them solve it,” said Julie Fluhr, a 505th Test Squadron non-kinetic operations subject matter expert. “One of the advantages to Red Flag is, because it is a closed system, we can allow the aggressors to do things that they can’t do on real-world networks.”
During the three week exercise, Airmen are given a mission tasking based on a given scenario. Each week of Red Flag increases in difficulty. As the participants become more practiced and familiar with the scenario, the bar is raised. As the exercise further develops, Airmen are able to adjust their tactics and procedures to reach their objectives.
“They break down what happened during the course of the (debrief) period to see what actions were taken — what defensive actions; were they successful or not?” Homsy said. “And that’s when the real learning begins, because you’re now deconstructing the actual actions.”
Participants in Red Flag are also encouraged to learn about different aspects of the total force in order to work together more effectively and cohesively.
“Red Flag is integral in showing operators how we affect the air picture and how we can actually integrate with the flying community,” said Tech. Sgt. Scott Karter, the 92nd Information Operations Squadron NCO in charge of operations training. “It allows us to see how we have an impact on the overall mission.”
Karter attended Red Flag in February and through that experience developed a new understanding by working in conjunction with Airmen in other career fields.
“Dealing with the (air and space) community for the first time in my career was interesting,” he said. “They seemed to not understand what we did, just as much as we didn’t understand what they did. Our integration together allowed us to see how we helped each other. They became able to rely on us to defend their assets, while we were able to help fulfil their missions.”
Airmen with the 24th AF weren’t the only one’s seeing a new big picture as other Air Force communities were introduced to the many facets of cyberspace warfare.
“We grow up in our own worlds,” said Lt. Col. Christopher Jarvis, the 505th Test Squadron chief of combat operations. “I’m an electronic warfare officer by trade, so I grew up understanding electronic attacks, jamming other assets, (and information), surveillance and reconnaissance … Through Red Flag, years ago, I learned the tactical executing side, the bomb dropping, the missile shooting. It’s only been recently that I’ve even gotten the opportunity to learn how space and cyber works.”
Bringing together the diverse combat components help to dissuade the narrow thinking that there is only one way to affect a target. For example, Jarvis said, if the objective of the mission was to take out an opponent’s headquarters building, there are multiple ways to get that done.
“We can drop a bomb; we can blow it up, or we can take cyber capabilities and use a sort of non-kinetic denial capability,” he said. “If I can shut down the building’s ability to communicate then I’ve achieved that same effect at the cost of probably less money and then obviously less lives.”
If the Internet is destined to become the new battlefield of the 21st Century, it will be the Air Force, and more specifically the 24th Air Force, who will have the advantage with exercises such as Red Flag. In future warfare, it will be cyber Airmen challenging online adversaries, in addition to the traditional mission of bombers, fighters and RPAs, who will fight and win on the digital battlefield.
“Basically, they are looking at what went wrong and then do a recon analysis on it,” he said. “What went wrong? Why did it go wrong? What can we do to fix it next time? Then they go back and integrate that into the next stage of planning, so they don’t make the same mistake again.”