Managing for Mission Assurance in the Face of Advanced Cyber Threats
ResearchPublished May 24, 2021
Air Force activities to ensure resiliency to adversarial cyber operations are somewhat fractionated, with blurred lines of authority and no overall coordinating mechanisms to ensure that all related activities are identified, tasked, and implemented and act in concert to achieve enterprise objectives. The authors recommend better ways to manage, at the enterprise level, efforts to ensure resiliency of missions to adversarial cyber operations.
ResearchPublished May 24, 2021
Current cyberspace threats are highly dynamic, complex, and ubiquitous in time and space. Activities to ensure resiliency to adversarial cyber operations throughout the Air Force have organically organized themselves to be somewhat fractionated, with blurred lines of authority and no overall coordinating mechanism to ensure that all related activities are identified, tasked, and implemented and act in concert to achieve enterprise objectives. The authors develop a foundation for better managing efforts to ensure resiliency to adversarial cyber operations at the enterprise level aimed at mission assurance in the Air Force. This structure includes guidance on the allocation of roles and responsibilities for tasks to ensure resiliency to adversarial cyber operations and mechanisms to create a cohesive initiative in which each individual and organization is working toward a common goal. The authors also stress the need for leaders to instill in airmen, civilians, and contractors an understanding that the conflict in cyberspace is ubiquitous in time and space; that operations in cyberspace might be decisive in warfare; that all airmen, civilians, and contractors play a role in ensuring resiliency to adversarial cyber operations; that nothing can be completely secure in cyberspace, which leads to a sense of responsibility to carry on mission(s) in the face of an attack through cyberspace; that connecting one system to another (or to a network) carries potential risks; and that personnel have an obligation to report anomalies in data, nonnominal procedures, and potential cyber incidents.
This research was commissioned by the Air Force Chief Information Dominance and Chief Information Officer in the Office of the Secretary of the Air Force and conducted within the Resource Management Program of RAND Project AIR FORCE.
This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.