Download eBook for Free

Full Document

FormatFile SizeNotes
PDF file 2 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

Research Summary

FormatFile SizeNotes
PDF file 0.1 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.


Purchase Print Copy

 Format Price
Add to Cart Paperback100 pages $27.50

Research Questions

  1. What can wing-level organizations do for mission assurance in the face of adversary cyber operations, both at home station and when deployed?
  2. What should other organizations do, and what organizational mechanisms are needed, to support the ability of wing-level organizations to survive and operate when under adversarial cyber attack?

Military systems and operations have become increasingly dependent on interconnected electronics and data. As that dependence grows, so too does the need for mission assurance in the face of adversarial operations through cyberspace.

A key nexus for mission assurance lies at the organizational wing level (wings, deltas, and Air Operations Centers), where operational and support activities come together to produce Department of the Air Force missions. Wing-level organizations need to assure their missions despite cyber attacks, but current initiatives to empower wings to this end are in their infancy.

The authors of this report recommend workable, effective strategies for how the Department of the Air Force can better organize, train, and equip to this end. They focus on four strategic lines of effort: to defend the wing's systems; to respond to and recover from cyber incidents; to maintain resiliency of the wing's missions when systems fail; and to maintain sufficient situational awareness to make decisions to accomplish defense, response and recovery, and resiliency.

More specifically, the authors discuss tasks for each of these strategies and identify current deficiencies, along with potential remedies, in each task group. Not every task can be done at the wing level, but the wing will play key roles in each. The authors discuss which roles should be performed at the wing level and which should be performed elsewhere. They also offer recommendations regarding the best use and constitution of Mission Defense Teams (MDTs), whose goal is to assist wing-level commanders in maintaining mission assurance.

Key Findings

  • The ability of a wing-level organization to survive and operate when under cyber attack is fundamentally a mission assurance problem, not a cybersecurity problem.
  • It is complicated by the complexity of the cyber environment and the lack of actionable feedback on what works and what does not.
  • Nearly any system can be attacked, so nearly every mission element is susceptible.
  • Exactly how to make operations robust to cyber attacks is an unsolved problem; wings need to continuously learn and adapt as the cyber landscape continuously evolves.
  • Cyber mission assurance tasks should be apportioned among all units within a wing, not assigned to one unit.
  • All cyber mission assurance tasks need to be done during peacetime and wartime. To be effective during the worst attacks, strategies must be able to meet wartime needs.
  • Each wing-level organization needs a detailed understanding of its mission structure.
  • Training for cyber terrain mapping of wing-level missions needs to represent the types and complexities of real missions.
  • Intelligence organizations might not have the necessary resources to support an increase in demand from MDTs.
  • The focus of management at the wing level should be those aspects that it knows best and for which the ability to adapt when under attack exists only locally.
  • The ultimate responsibility for cyber mission assurance in a wing lies with the wing commander, who must know how to use MDTs, what roles to assign to other individuals and units within the wing, and how to foster the right culture.


  • Wing commanders should take full ownership of and issue a commander's intent regarding cyber mission assurance of the wing.
  • Wing commanders should create teams for the ability to survive and operate in a cyber-contested environment and use MDTs exclusively for cyber defense of systems.
  • Wing commanders should create an appropriate learning culture for cyber mission assurance to solve the many problems in this area that do not have formulaic answers.
  • Wing commanders should develop squadron and group commanders to have better cyber mission assurance expertise so that the next generation of wing commanders possesses better heuristics.
  • Major Commands (MAJCOMs) and Field Commands should establish more-centralized command and control for the response to and recovery from cyber incidents.
  • MAJCOMs and Field Commands should establish accountability for wing-level units to evaluate commanders on their readiness with respect to the commander's intent.
  • Program Management Offices should develop the appropriate tools for cyber defense of cyber-physical weapon systems.
  • Program Management Offices should provide technical guidance to MDTs for cyber defense of cyber-physical weapon systems, perhaps in the form of technical orders, and develop training for MDTs tailored to their cyber-physical weapon systems.
  • Air University should enrich Functional Mission Analysis-Cyber (FMA-C) training to help students move from simple classroom examples to the complicated missions of a wing and provide exemplars of sound FMA-C analysis that are similar to a wing's mission.
  • Air University should temporarily expand to provide reachback capabilities or field teams to assist wings during mission mapping.

Research conducted by

The research described in this report was sponsored by the Deputy Director of Operations, Air Combat Command and conducted by the Force Modernization and Employment Program within RAND Project AIR FORCE.

This report is part of the RAND research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.