Managing for Mission Assurance in the Face of Advanced Cyber Threats

Don Snyder, Lauren A. Mayer, Myron Hura, Suzanne Genc, Colby P. Steiner, Laura Werber, Kathryn O'Connor, Keith Gierlack, Paul Dreyer, Bernard Fox

ResearchPublished May 24, 2021

Current cyberspace threats are highly dynamic, complex, and ubiquitous in time and space. Activities to ensure resiliency to adversarial cyber operations throughout the Air Force have organically organized themselves to be somewhat fractionated, with blurred lines of authority and no overall coordinating mechanism to ensure that all related activities are identified, tasked, and implemented and act in concert to achieve enterprise objectives. The authors develop a foundation for better managing efforts to ensure resiliency to adversarial cyber operations at the enterprise level aimed at mission assurance in the Air Force. This structure includes guidance on the allocation of roles and responsibilities for tasks to ensure resiliency to adversarial cyber operations and mechanisms to create a cohesive initiative in which each individual and organization is working toward a common goal. The authors also stress the need for leaders to instill in airmen, civilians, and contractors an understanding that the conflict in cyberspace is ubiquitous in time and space; that operations in cyberspace might be decisive in warfare; that all airmen, civilians, and contractors play a role in ensuring resiliency to adversarial cyber operations; that nothing can be completely secure in cyberspace, which leads to a sense of responsibility to carry on mission(s) in the face of an attack through cyberspace; that connecting one system to another (or to a network) carries potential risks; and that personnel have an obligation to report anomalies in data, nonnominal procedures, and potential cyber incidents.

Key Findings

Enterprise management to ensure resiliency to adversarial cyber operations has gaps

  • The DoD and the Air Force lack a clearly stated objective for cybersecurity and cyber resiliency that concisely articulates the objective for all airmen, civilians, and contractors.
  • High-level policy in the Air Force does not comprehensively delineate tasks for resiliency to adversarial cyber operations and does not allocate the roles and responsibilities for these tasks to each organization.
  • The culture for cybersecurity in the Air Force is immature and in need of shaping by leadership.

Recommendations

  • The Air Force should issue a clearer objective and strategy for cybersecurity, embracing both cyber defensive measures and the ability to continue missions through adversary cyber operations holistically.
  • This treatment of cybersecurity activities should employ a balance of cyber defensive measures and cyber resiliency measures (of systems and missions) and employ a balance of enterprise networks and cyber-physical systems.
  • Activities that require quick decisions using detailed knowledge in a complex environment should be distinguished from those that do not.
  • Leaders should institute cultural change, promoting recognition that there is conflict in cyberspace between the United States and others that is ubiquitous in time and space and that all individuals and organizations within the Air Force play a role in being resilient to adversarial cyber operations. Failure to perform that role effectively could be decisive.

Order a Print Copy

Format
Paperback
Page count
74 pages
List Price
$23.00
Buy link
Add to Cart

Topics

Document Details

  • Availability: Available
  • Year: 2021
  • Print Format: Paperback
  • Paperback Pages: 74
  • Paperback Price: $23.00
  • Paperback ISBN/EAN: 978-1-9774-0614-9
  • DOI: https://doi.org/10.7249/RR4198
  • Document Number: RR-4198-AF

Citation

RAND Style Manual
Snyder, Don, Lauren A. Mayer, Myron Hura, Suzanne Genc, Colby P. Steiner, Laura Werber, Kathryn O'Connor, Keith Gierlack, Paul Dreyer, and Bernard Fox, Managing for Mission Assurance in the Face of Advanced Cyber Threats, RAND Corporation, RR-4198-AF, 2021. As of September 11, 2024: https://www.rand.org/pubs/research_reports/RR4198.html
Chicago Manual of Style
Snyder, Don, Lauren A. Mayer, Myron Hura, Suzanne Genc, Colby P. Steiner, Laura Werber, Kathryn O'Connor, Keith Gierlack, Paul Dreyer, and Bernard Fox, Managing for Mission Assurance in the Face of Advanced Cyber Threats. Santa Monica, CA: RAND Corporation, 2021. https://www.rand.org/pubs/research_reports/RR4198.html. Also available in print form.
BibTeX RIS

Research conducted by

This research was commissioned by the Air Force Chief Information Dominance and Chief Information Officer in the Office of the Secretary of the Air Force and conducted within the Resource Management Program of RAND Project AIR FORCE.

This publication is part of the RAND research report series. Research reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND research reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.