System cybersecurity must begin with engineering, Air Force general says
By Phillip Swarts
A Royal Netherlands Air Force F-16 Fighting Falcon flies a training mission over Tucson, Ariz. (U.S. Air Force photo/Master Sgt. Jeffrey Allen)
The Air Force needs to look beyond cybersecurity as a battle between desktop computers and start thinking about how it affects aircraft and systems, a top general said Thursday.
"In the Air Force, we are behind the power curve in understanding the implications to our aircraft of cybersecurity," said Gen. Ellen Pawlikowski, the head of Air Force Materieal Command.
"The view is: Okay, if it’s not plugged into the network, it’s safe," she continued. "But there are so many connections to the network, to our satellites, to our aircraft and our other systems that we have to be thinking about cyber when you’re in an F-15. An F-15 can be as vulnerable to a cyber -attack."
Speaking to reporters at a breakfast hosted by the Center for Media and Security in Washington, D.C., , Pawlikowski said the service is seeing more advanced cyber-attacks more advanced than ever before.
Gen. Ellen Pawlikowski, head of Air Force Materiel Command, says the service must consider how new systems and platforms will perform in a cyber environment — and that needs to be understood from the beginning, when they are being engineered.
Photo Credit: Air Force
"We have a much smarter set of adversaries that have very effective tools for challenging us, and so we have to step up our game in terms of developing and countering those threats," she said.
Part of stepping up, the general said, is understanding how systems will operate in the cyber realm from the very beginning. As the officer in charge of the Air Force's research, development, testing and evaluation for most systems, Pawlikowski said the service must consider how new systems and platforms will perform in a cyber environment — and that needs to be understood from the start.
"What we've learned as we've gone through this is, cybersecurity has to be right there in the beginning, in the systems engineering process," she said. "You've got to bake it in from the beginning. And then you have to have constant diligence. You cannot for a moment think that you don't have to be actively monitoring your cybersecurity."
When Materieal Command receives requirements for a new airframe, one of the first steps is to look at what will be needed to meet them’s going to be needed. The plane needs to do this, so therefore how powerful must does the engine need to be, how far does it need to fly before refueling, what materials are neededdoes it need to be made of.
Pawlikowski says they’ve now added cCyber considerations have now been added to that list. Is this engine vulnerable to a cyber attack? Can it be hacked?
In order to do that, the general said she needs cyber experts — not as operators but as engineers.
"We have to hire cyber specialists, not just as the operators that are sitting on the counsel that are actually actively defending the networks, but the engineers in the beginning," she said. "Not necessarily cybersecurity specialists, but electrical engineers, industrial engineers, computer scientists whoto understand the basic elements of cybersecurity science."
That could very well require a closer partnership between the Air Force and national universities to place an emphasis on cyber engineering, Pawlikowski said.
Meanwhile, Materieal Command is looking to bolster its own team that tests the cyber defenses of existing and developing systems, she said.
"We have a cybersecurity squadron in the Air Force Test Center [at Edwards Air Force Base, California], and we’re going to probably grow that to a group so that we have the ability to test our systems," Pawlikowski said.