How the U.S. Air Force Monitors 1 Million Cyber Attacks Per Day

By Woodrow Bellamy III  | October 27, 2016
Send Feedback

[Avionics Magazine 10-27-2016] The U.S. Air Force estimates there are more than 1 million cyber attacks on its network of more than 1 million airborne and ground-based networked computer systems on a daily basis. Two squadrons, the 561st (NOS) Network Operations Squadron headquartered at Peterson Air Force Base, and the 960th NOS Air Force Reserve unit, are tasked with protecting the Air Force’s computer network from cyber intrusions. 
A four-ship formation performs a flyover during the Air Force Memorial’s 10th anniversary ceremony in Arlington, Va., Oct. 14, 2016. The flyover consisted of several different airframes representing the heritage of the Air Force. Photo: U.S. Air Force/Scott M. Ash. 
Thomas Exline, the cyber security and control system operations manager for the Air Force refers to the 561st NOS as a $10 billion weapons system. The system is designed for 24/7 network operations, as well as supporting defensive operations within both classified and unclassified Air Force networks.
“If our systems go down, C-130s don’t fly and Cheyenne Mountain Air Force Station doesn’t function,” Exline said, in a news brief released by the U.S. Air Force. 
The 561st NOS works on the “back side of things” according to the Air Force. Both manned and unmanned aircraft are connected to the Air Force network through an airborne network as well. 
“Look at what goes out in the press. You hear about North Korea and other places hacking something, but you don’t hear about it happening in the military because of the people in this building,” said Senior Master Sgt. Joseph Drueke, the 561st NOS operations flight superintendent, referring to the 561st NOS headquarters at Peterson Air Force Base.
Some of the hacking attempts on the U.S. Air Force network are handled automatically by security software, while others are harder to counter. According to Exline, to deal with more advanced cyber attacks, the 561st NOS has shifted from primarily being a “backshop unit” to an operational crew alignment. Mirroring a standard operations group, each crew has all the specializations within the 561st NOS, providing support at all times.
Derik Dietel, the 561st NOS alpha crew commander, says some of the biggest vulnerabilities to the U.S. Air Force network “phishing” attacks, which can occur when personnel click something by mistake in their email. The Air Force defines phishing as “defrauding an online account holder of personal information by posing as a legitimate business.”
It can be a challenge balancing security and usability for almost one million computers.

“We want to make it seamless for the end user,” said Staff Sgt. Cory Smith, a 561st NOS vulnerability assessment operations instructor. “If we are doing our job right, nobody will know we are there.” 

Receive the latest avionics news right to your inbox