24th Air Force – Air Forces Cyber (AFCYBER) recently declared initial operational capability (IOC) of its newest cyber weapons tool, the Automated Remediation Asset Discovery (ARAD) Dec 15, 2016. ARAD is a modification to the AF Cyber Security and Control System (CSCS), a cyber weapon system declared IOC by Air Force Space Command (AFSPC) A/2/3/6 20 Oct, 2014.
Early in fiscal year 2015, the Secretary of the Air Force (SAF) Chief Information Officer (CIO), Lieutenant General William J. Bender, directed 24th Air Force (24AF) to perform a military utility assessment (MUA) on Tanium, a commercially available technology, regarding its operational utility. This MUA resulted in 24AF updating operational requirements establishing the baseline need for ARAD.
Subsequent to the initial MUA, 24AF recognized this type of commercial technology held the potential to radically improve endpoint baseline control, maintenance, health/hygiene, security and defense. Working through AFSPC, 24AF updated the requirements for vulnerability management and defensive cyberspace operations (DCO) initiating the need for ARAD.
The objective of the ARAD system is to leverage leading-edge technology to comprehensively modernize and efficiently improve vulnerability management execution, DCO, system health, asset management, and situational awareness capabilities.
“ARAD brings improved speed and precision across the enterprise. We are excited about the potential ARAD holds to improve our situational awareness and cyberspace defense,” said Brigadier General Mitchel Butikofer, 24th Air Force vice commander.
As noted in Department or Defense (DoD) News article, “DoD CIO Awardees Excel in Cyber, IT,” by Shannon Collins, Defense Media Activity, the ARAD Team won the 2016 Department of Defense Chief Information Officer Team Award for Cyber and Information Technology Excellence for implementing this endpoint management technology. “The team drove an unprecedented eight-month acquisition schedule to deliver tools that enable operators to identify and fix network vulnerabilities in seconds instead of weeks and the ability to detect, track, target, engage and mitigate adversarial activities in near real time. This solution can be leveraged across the federal enterprise.”
What does this mean for the Air Force and CSCS? ARAD will dramatically improve the management of discovering vulnerabilities and automatically remediate them within seconds to minutes, verses days or weeks across the entire enterprise. ARAD has the ability to discover and identify adversary activity and actions within seconds; alerting at the point of the infiltration and exploitation significantly improving AFCYBER DCO ability to respond more quickly and implement response actions more effectively.
With this concept to improve AFCYBER capabilities, the Air Force Life Cycle Management Center (AFLCMC), in close collaboration with AFSPC and 24AF initiated a full and open acquisition resulting in the integration and employment of ARAD. This effort required AFLCMC, AFSPC, 24AF, the 688th and 67th Cyberspace Wings, and Air National Guard to coordinate and implement ARAD on systems across the Air Force control portions of the Department of Defense unclassified information network.
AFSPC and 24AF are working with SAF, AF Major Commands and DoD Services and Agency to implement ARAD capabilities across all AF networks and ultimately all DoD networks.
“This is the cyber platform we will fight from in the future,” stated Bender in his most recent visit to 24AF.
As 24AF-AFCYBER continues to balance cyber operations based on its six lines of effort, “Build, Operate, Secure, Defend, Engage and Extend,” it is evident advancing cyber tools and technology, such as ARAD, become a game changer for operations and defense. We are only at the beginning to understand its full, long-term potential.