Mission Defense Team: What is it?

  • Published
  • By Senior Airman Brandon M. Shuman

A foreign adversary attempts to use a virus to hack into your base’s computer system, with the ultimate goal of reaching your aircraft systems and putting them out of commission. In this type of scenario, what do you do? This is the type of situation the Mission Defense Team has to consider every day.

The Air Force’s cyber defense has traditionally been reactive. Computers would get infected with a virus and then need to get repaired.

According to Master Sgt. Christian Coleman, NCOIC of the Mission Defense Team for the 911th Communications Squadron, in the traditional sense of cyber defense and cyber security, computers and e-mails were evaluated to ensure that they were not hacked into.

With the ever-increasing threat and constant changes in the cyber world, the Air Force has lacked small tactical assets for wings and wing commanders to defend their key cyber terrain. So, Air Force leadership sat down and thought about how they dealt with cybersecurity, said Coleman. Air Force leadership decided to find out which IT assets were critical to the actual mission and find a way to defend those assets at the wing level.

Maj. Bennett Reid, director of operations for the 911th CS, says most of the individuals attempting to hack into a Department of Defense network are not going to attempt it at a larger military installation.    

“I’m going to an easy target that’s vulnerable and getting into that network,” said Reid.

The network systems are sophisticated and interconnected, said Reid. The adversary can hack into one system and move to another, then another and it’s very difficult to detect.

One goal of the MDT is to catch the virus before it can be loaded onto the system. The MDT performs defensive cyber operations on a day-to-day basis, which includes monitoring systems for indicators of compromise.

“A great analogy would be if you were a detective and you’re investigating a break in, you would go around and check all the places where somebody might have broken into,” said Coleman. “You check the doors, doorknobs and windows. So what we do is monitor places where somebody might break in or affect one of the systems.”

The MDT also has a computer system called the cyber vulnerability assessment hunter (CVAH). It performs proactive “hunts” on the base network to seek out and destroy possible enemy compromises before they can make it to an aircraft system.

 The MDT looks at what weaknesses and vulnerabilities exist in some of the assets on key cyber terrain, computer and IT systems that are central to the wings mission, and how they can make these more defensible, said Coleman.

“This is the future of the communication squadron and this is the type of mission we’re going to start taking on instead of IT support,” said Reid. “We’ll solely be doing cyber mission defense in some capacity. That is the strategic plan right now for all communication squadrons.”