WASHINGTON — In September, the Air Force announced the 55th Communications Squadron had met all objectives to be redesignated as the 55th Cyber Squadron, meaning the service would add a new mission defense team to its capabilities, a specialized cyber team focused on defending critical Air Force missions and installations such as critical infrastructure or computers associated with aircraft and remotely piloted systems.
The Air Force has been on a multiyear path to redesignate communications squadrons through efficiencies realized by outsourcing mundane IT efforts to private industry allowing it to reinvest its people to conduct cyber defense.
As a result, service has been in the process of building these mission defense teams, which differ from the cyber protection teams that the Air Force, and other services, provide to U.S. Cyber Command.
Specifically, while the technical tools between mission defense teams and cyber protection teams are similar, the mission is slightly different, a spokesperson from Air Combat Command told C4ISRNET. Mission defense teams are aligned to specific missions allowing for dedicated experts in each mission area, while cyber protection teams defend missions based on Cyber Command priorities. The distinction has previously been made that mission defense teams serve as beat cops while cyber protection teams are SWAT teams.
Mission defense teams serve as local wing commander resources. Transforming the communications squadrons into cyber squadrons provides wings or equivalent organizations within Space Force organic cyber defense capabilities to core mission owners, the spokesperson said.
Currently, there are 81 organizations identified as pilot mission defense teams, the spokesperson said, with three units reaching initial operating criteria. These teams are created where local commanders identify mission need and are able to reallocate existing resources to meet the new requirements.
These pilots exist across multiple geographic and functional major commands within the Air Force.
The teams consist typically of eight people with some variations based on mission areas with greater or lesser need. The size also depends on the mission they are defending where other factors such as deployment or a 24/7 operational support is needed, the spokesperson said.
Working with cyber protection teams
Despite their differences, officials have said there are natural alliances between mission defense teams and cyber protection teams, such as enhanced training.
“We found a natural symbiotic relationship between the CPTs that are out on mission and the MDTs that utilize the same weapon systems, so we’ve gone to some bases where the MDTs have not gone to training yet,” Col. Jeffrey Phillips, commander of the 67th Cyberspace Wing, said. “They’ve had their weapon system there, and so the CPTs have actually been able to load their weapon system on whatever cyber terrain the wing commander deems they want to protect, and they’ve been able to do some hands-on training with the MDT personnel that haven’t had formal training yet.”
Requests for support can be submitted by units at the base level for cyber protection team support in which the teams will work together on response efforts to an incident.
The mission defense teams are constantly surveying and analyzing their respective terrain, which can prove useful for cyber protection teams jumping in to help by providing suspicious activity and pattern of life analysis on malicious behavior.
Both teams also simultaneously participate in major command exercises as well as capstone events the Air Force refers to as Flag exercises, developing tactics techniques and procedures to better enhance real-world collaboration together, the spokesperson said.
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.