By Senior Master Sgt. Leland Weathers and Tech. Sgt. Ben Johnston 127th Cyber Operations Squadron
On April 1, 2016, the 127th Cyberspace Operations Squadron faced a challenge to find 71 qualified personnel to establish a new squadron, many of whom needed to cross train into new career fields. The squadron activation was only 12 months away and required 20 of those Airmen to operate a Cyber Protection Team, ready to defend key Air Force weapon systems and other cyber assets. During the stand-up process, the squadron was also tasked with establishing traditional programs required for new units.
Under the direction of United States Cyber Command, the Air Force fielded 20 Cyber Protection Teams charged with surveying, securing and protecting national critical infrastructure, combatant command Areas of Responsibility and missions. U.S. Cyber Command is shifting focus from simply defending computer networks to defending missions, such as the refueling missions of the KC-135s and KC-46s at McConnell Air Force Base.
In preparation for the 127th COS activation, 16 members from various backgrounds, including intelligence, medical and communications maintainers, completed over eight months of training to become Defensive Cyberspace Operators. They would go on to complete additional specialized training to become mission qualified so they could operate the Cyberspace Vulnerability Assessment/Hunter weapon system. These operators are trained in network analysis, host forensics on a variety of operating systems, and malware analysis. Additional members cross trained into cyber maintainer roles to provide mission support.
“The biggest challenge was transitioning from the training pipeline into a new squadron that was rapidly creating quality technical processes while executing onsite missions,” said Staff Sgt. Scott Trembly.
Once trained and stood-up, 127th Cyberspace Operations Squadron took up the 856th Cyber Protection Team mantle in April 2017. During the six-month activation, 20 mobilized operators from the 127th COS were tasked with five planning and assessment missions.
“We really had to come together to tactically plan and accomplish the missions,” said 2nd Lt. T.J. Tasker. “This mobilization wouldn’t have succeeded without everyone working together as a team.”
CPT missions include onsite visits for planning and coordination, interviews with operations and maintenance personnel, and technical data collection. Analysis of the data collected occurs at home station and results in reports on how the local cyber defenders can increase the cyber-security posture of the network in the short term, and how to operate and manage security and ensure mission assurance over the long-term.
A team of five led by 2nd Lt. Katherine Cornwell spent two weeks on-site at the mission partner location gathering network traffic and analyzing vulnerabilities for the Executive Airlift Communications Network, a system that provides critical command and control services to senior leadership. Following the on-site data collection, the team spent another four weeks analyzing the collected data to produce a Risk Mitigation Plan and a Mission Defense Plan.