ESC-managed center takes new strides in AF cyber security

  • Published
  • By Monica D. Morales
  • 66th Air Base Wing Public Affairs
MAXWELL AIR FORCE BASE-GUNTER ANNEX, Ala. --  The 754th Electronic Systems Group is further forging its role in the Air Force's cyber domain after recently awarding a contract for a $10-million security protection plan. That plan goes hand-in-hand with the group-managed Air Force Application Software Assurance Center of Excellence that stood up last month.

"During the last five years, the Air Force has transitioned from a client-server to a Web-based environment," said Greg Garcia, 754th Electronic Systems Group director. "Along with that net-centric approach come entirely new challenges in the online world, and that's where network and application security assistance come into play."

The 554th Electronic Systems Wing, the 754 ELSG's parent organization located at Hanscom AFB, Mass., develops many of the combat operations applications that drive combat support for the Air Force and the Department of Defense.

Through a contract awarded to Telos, the AF will have access to the Fortify Application Security Suite, which will aid in developing source code in addition to identifying, protecting and monitoring applications from potential attacks. This includes compromises caused by a full range of malicious activities, including Structured Query Language injection, cross-site scripting, buffer overflows and many others.

The two-year, $10.2 million award carries options that could increase its total value to a maximum of $75 million to provide these application-level security products and services.

"This will aid in securing the work of the Net, in addition to the network itself," Mr. Garcia said.

When translated into a defense environment, this software suite may prevent practices that commonly occur in industry when hackers infiltrate a Web site. And in a war fighting context, preventing a security issue can stop misinformation affecting every level of decision making before it starts.

A storefront Web site that sells plasma TVs, for example, can be hacked to allow a Secure Socket Layer transaction to change the purchasing price from $2,000 to $10,000 without the server detecting any abnormality. If a site does post-audit transactions, the manipulated purchase price wouldn't be detected until long after the customer has received the items purchased via his online shopping cart.

In the world of defense, this same compromised transaction can mean that a cargo movement system incorrectly reflects that critical engine or aircraft parts are not available in a particular location.

This could result in the unnecessary routing of the wrong parts to the wrong location, slowing a war fighter's efficiency and decision-making abilities.

"Just imagine if the OODA Loop of decision making is compromised, then those products can even be re-routed to the wrong location," Mr. Garcia said. "That's really where the business capabilities are built in, and that's what we're trying to protect."

Potential situations like these are what the 754 ELSG-managed Center of Excellence will examine and consequently develop application security best practices that may serve as guides to other organizations.

Though the center's teams are physically located in Montgomery, Ala., they aim to extend their tools, techniques and training opportunities beyond the scope of the 554 ELSW and potentially into other venues like the Air Force's emerging Cyber Command, the Defense Department and other federal entities.

Mr. Garcia said that while it's tempting to simply "check the box" in terms of applying appropriate security measures, the nature of cyber security is far from static and requires a constant assessment of current and potential future threats.

"The challenge is to really understand that computer security is on an ever-evolving path," he said. "The world of security is very dynamic and applications security, along with computer security, is constantly under assault. For that reason, there needs to be continual attention to the protection of our war fighting capabilities."