One-of-a-kind 'Cyber Defense Team' essential in monitoring internal security

  • Published
  • By Karen Abeyasekere
  • 100th Air Refueling Wing Public Affairs
RAF MILDENHALL, England --  Set up at the start of this year, the 100th Communications Squadron Cyber Defense Team was formed after 100th CS staff spent more than 7,000 man-hours preparing for the command cyber readiness inspection, and information assurance inspection.

These inspections uncovered infrastructure vulnerabilities and suggested process improvements.

The 100th CS commander, Lt. Col. Gene Mattingly, decided that the best way to deal with this, and to track and prevent future vulnerabilities, was to set up the CDT, manned with 100th CS operations and information assurance Airmen.

"It took us a few months to figure out exactly what we wanted to do, but I was convinced it was imperative to build on the success of the efforts to prepare for the CCRI, and to not lose our edge especially now that the CCRIs might come in unannounced," Mattingly said.

The team was led by 1st Lt. Josh Bohnert, formerly of the 100th CS.

The Defense Information Services Agency is responsible for all Department of Defense information systems and inspected the 100th CS's secure and technical implementation guides, Bohnert said.

"We used our vulnerability scanning software to review compliance of every workstation for the CCRI," said Bohnert. "We found that we weren't where we wanted to be at to be in compliance with those guides, so that's when we put in the 7,000 man-hours to get us back on track."

The CDT's role is to look at computer vulnerabilities, develop and employ fixes, but they don't do it alone. They integrate closely with the 83rd Network Operations Squadron, Detachment 4, and the Integrated Network Operations and Security Center, at Langley Air Force Base, Va., to resolve vulnerabilities.

"At the time this was the highest CCRI score in the Air Force and it was the first CCRI for [RAF] Mildenhall," said Bohnert.

The team, now led by 2nd Lt. Adam Latapie, continuously works on many projects, which include proactively seeking out network vulnerabilities.

These often take the form of software patches and security updates, which are pushed out to computers where patches didn't load.

"These updates are vital to 'close back doors' which intruders could potentially find and enter the systems through," explained Latapie.

The five-man team is the first and only cyber defense team tiger team in the Air Force.

"Lieutenant Bohnert put together a composite of what I was envisioning for the CDT, and I then briefed it at the U.S. Air Forces in Europe A6 commanders' conference last fall," Mattingly said. "Granted, it didn't get much fanfare, but that didn't stop us.

"I remained convinced that the CDT is essential to monitoring our internal security - these folks are dedicated to making sure our combination of thousands of personal computers and servers get the security patches required," the commander said. "They then dispatch the right folks to enquire when we see a system that hasn't responded to a patch, or requires further hands-on maintenance."

The CDT is currently working on approving and managing all commercial internet service provider points of presence on RAF Mildenhall, which helps mitigate a large list of vulnerabilities associated with unmanaged networks, according to Latapie.

They are also working on transitioning all printers on base to the virtual-local area network. The resulting V-LAN will resolve a known security concern, allow customers to add their own printer and greatly reduce the communications support team man-hours currently required to install printers.

"We're trying to change the mindset of the way we conduct normal processes," said Staff Sgt. Spencer Penton, 100th CS CDT. "We want to make it more efficient, as well as improve security. Once this project is implemented base wide, it will significantly improve the security posture of the base."

There are about 500 printers on base.

"It's a significant vulnerability that was identified in an inspection last year," Penton said. "Another goal we have is to increase the efficiency of the way people go about adding and managing their printers."

Until now, the process has meant that people have to put in a trouble ticket with the enterprise service desk, then the ESD routes it back to the CST, who then set up a printer for the user - which can take a while.

"The new process will eliminate the need for trouble-tickets," Latapie said. "Sometimes it takes days to get a low-priority ticket through, which can be very frustrating for our customers."

Penton said once the process is standardized throughout the base, it will be very simple.

"As we migrate the printers, we'll send out advance notification to inform customers of the changes," he said. "The notification will provide very [detailed] instructions, informing customers of exactly what to do."

This process has already been established within 100th CS, and is going smoothly. It's being monitored to check for any problems before it gets pushed out to the rest of the base.

"Our cyber defense team remains focused on ensuring our cyberspace security, and at Team Mildenhall we are able to fly, fight and win in air, space and cyberspace," Mattingly said of his team.

"We must collectively do our part to maintain security of our cyber-systems. However, the CDT is that team of 'elite cyber guards' at the base - I'm proud of them, and their work is daunting, but they go with due diligence, knowing full well that a vulnerability accepted by one, is accepted by all in cyberspace," the 100th CS commander said.