Luke’s new Mission Defense Team provides active cyber security

Air Force photograph by Senior Airman Ridge Shan

Luke Air Force Base’s Mission Defense Team, a group of talented and vigilant communications and cyber warfare Airmen, maintain the 56th Fighter Wing’s network communications security and prevent the exploit of potential vulnerabilities in the base’s network by monitoring, identifying, and communicating threats.

Security vulnerabilities in network security can be created both by internal mishaps and malicious attacks from the outside. The MDT is able to monitor and respond to both.

“Our primary goal is to defend the five to ten percent of the base that is most critical to mission success or failure, like support systems that affect sorties,” said 2nd Lt. Michael House, 56th Communications Squadron MDT lead. “We monitor anything and everything that’s sent over the base network, which can be email, web activity, or all kinds of other stuff that leaves or enters the base in the cyber realm.”

The MDT program began in 2016 as part of the Cyber Squadron Initiative, an Air Force-wide cybersecurity effort. Initially, at least one base in each major command was identified to be a host for an MDT to test the idea’s effectiveness.

“Maxwell was the first base identified,” House said. “In fiscal year 2017, we were identified here at Luke for the Air Education and Training Command. We were the sixth team to reach Initial Operational Capability.”

Luke’s MDT, which reached IOC on June 13, 2018, operates by monitoring base network traffic through sensors placed throughout the area of operations, and then communicating any threats, anomalies, or suspicious activity to operations specialists, investigators, and higher leadership.

“We’ve historically had passive defense measures which consisted of items that are plugged into computers or are automatically a part of the build, and ensuring that your anti-virus works properly,” said Master Sgt. Douglas Teutsch, 56th CS MDT section chief. “[The MDT] is active cyber defense. We look at the entire mission map and see where there are key cyber dependencies in the areas with the most critical roles. If we can identify where something can be modified or changed to create an effect that can lead to unacceptable losses, that’s where we’ll setup defense measures.”

The MDT will expand to include two additional cyber warfare operators by the fall, which will help the MDT to provide more specific coverage for critical security areas.

“The plan after that is to move the entire communications squadron from a more traditional maintenance focus to more of an MDT focus,” House said. “The idea is that there will still be a maintenance flight to do traditional communications squadron stuff, but also multiple MDTs defending multiple weapons and flight support systems.”

According to Lt. House, the MDT’s vigilant work has already prevented and will continue to prevent security incidences throughout its existence.

“In cyber, it’s not quite like on TV, where you find the bad guy and you figure out their motives,” House said. “It’s a bigger process, but through our functional mission analysis, we’ve identified critical vulnerabilities and passed that information off to the operations flight to patch and minimize those threats to the network.”