NELLIS AIR FORCE BASE, Nev. — The 505th Test Squadron utilizes Combined Air Operations Center-Nellis to host varying types of testing, tactics development and advanced AOC training. The 505th TS’s latest test, which started Nov 18, was AOC Operations in a Cyber Denied Environment.
This test was aimed at building tactics, techniques and procedures for operating an AOC in a cyber-degraded and contested environment.
Degraded and contested operations involve introducing adversary capabilities and difficult situations into operations in order to bring a sense of realism.
“This is the first test that I’m aware of that is specifically aimed at degraded operations within the AOC,” said Doug Erlenbusch, 505th TS chief of combat operations. “This test is focused on building tactics, techniques and procedures to defend the AOC from cyber-attacks and to also develop new processes should the AOC find itself having to operate in a degraded operations environment.”
The cyber threat is more of a threat to the AOC then we have thought about in the past, Erlenbusch said. For a country that is outmatched militarily, it’s far more cost effective for them to improve their cyber capabilities then to spend money trying to build a military power on par with that of the United States.
One way the 505th TS simulates degraded operations is through the assistance of the 57th Information Aggressor Squadron.
“All the lessons that we are learning, and we are learning a ton, are being used to develop TTPs so we can move forward,” said Maj. Kenneth Voigt, 505th TS director of operations. “The 57th aggressors are the ones that are going to help us develop these TTPs because they are keeping it a realistic robust scenario.”
According to Capt. Tracie Konietzko, 57th Information Aggressor Squadron threat flight commander, this is the first time the 57th IAS has been involved with the initial testing porting of a new program or procedure.
“The Aggressor unit has never been asked to come and do a test,” Konietzko said. “We normally do vulnerability assessments.
“In a vulnerability assessment we are going to be using adversary tactics; however we are going to not be known.”
We are a threat representative we have studied the adversary and we are the best to represent them in a test format. We are trying to best demonstrate what an adversary would attempt to do to an AOC, she added.
Konietzko explains that following a script isn’t what the 57th IAS is used to. One big difference is there is no defense to counteract everything we do. The white force running the test have full access to our scripts but the operators on the floor have no idea what we are going to do or when we are going to do it.
“Basically we are not testing the system, we are testing the operators,” she said.
We are going to test them to see what they are going to do when something doesn’t go right. They will not know whether any problems that occur are from us, their equipment or just a mistake on their behalf, she said.
“This is a first for us as in we are not just trying to get them but we are trying to teach them in a scripted manner,” she said. “This way they will have data point and everything is measurable.”
This phase, involving over 200 personnel from five different organizations and three different bases, is the first stage of a multi-iteration test that will go through at least the end of the fiscal year.
“The training that our AOC subject matter experts are receiving will greatly benefit the CAF as we move forward and start implementing these techniques and procedures,” Voigt said. “The techniques we learn through this test may one day be used in events such as Red Flag and Virtual Flag and one day they may be even used in real combat situations.”
“The world is becoming more reliant on cyber capabilities and we need to understand that battle-space to better defend against those types of threats,” said Capt. Mark Wuertz 505th TS test director.
With this type of testing the operators will sharpen their situational awareness and they will have a better idea of what the adversaries out there might be capable of, Wuertz added.
“You have to take precautions and realize that the threat is there,” Erlenbusch said. Once you know the threat is there and what they are capable of you can create a plan to defend against it.”