FedScoop interview: Air Force cyber commander
Major General Suzanne Vautrinot, Commander of Air Force Cyber and Command and of Air Force Network Operations, was recently named a Symantec 2012 Cyber Awards winner. Vautrinot sat down with FedScoop Radio to talk about the award and the Air Force’s cybersecurity efforts. A transcript of the interview is below.
You are one of Symantec’s 2012 Cyber Award winners. Could you talk a little bit about what you are being awarded for and some of the work you’re doing in the Air Force Cyber Command?
I think the important thing is that the Air Force is being recognized for establishing a strategy to move forward with the vision that the nation had and a capability set that’s been advised by industry.
How far can we go? What is the full realm of the possible in that same vision and strategy that’s been provided by the commander of chief, by the secretary of defense and by my leadership? So, we built a strategy and we are acting on that strategy.
What about that strategy kind of stood out, that you think made Symantec and has made the cyber community pay attention to what you are doing?
I believe the strategy started with a recognition of where we are, and we realized up front that we do not have a homogeneous enterprise. We have a disparate group of capabilities, a very disparate set of communication architectures of networks.
I think General [Keith] Alexander said 15,000 in the Department of Defense. We have thousands in the Air Force and the first recognition was that we didn’t create a single enterprise. It’s not because single is good, but those stove pipes of excellence, those cylinders of excellence that didn’t come together, needed to be brought together so that we could then sensor them, so that we could automate and so that we could then expand capability at the same time we are preserving cybersecurity and conducting our missions.
You are on the front lines when it comes to cyber space and the things the military is doing. Can you share some of the trends you are seeing in cybersecurity right now?
Sure, let’s first talk about the trend that scares me. That’s the increasing vulnerabilities in the system and the adversaries desire to take advantage of those vulnerabilities. That is the threat.
The threat includes activists, hackers, nation states, criminals, but most importantly it’s not those people or those organizations as individuals.
It is the collaborative efforts that they use in working together to thwart our advantage as individuals to take away our personal privacy, and more importantly when I wear this uniform: our advantage as a nation, our viabilities as a nation. So when someone says that they are taking intellectual property, understand unequivocally that that is industrial espionage.
That intellectual property is our economic future, hard-earned in all of our universities, in all of our businesses, in the science and technology development and brought to bear for the strength of the nation. Gone, in milliseconds.
And gone in volumes that are terabytes. Hundreds of Libraries of Congress. So this nation’s liability is in providing security at the same time that we communicate to more forward but we’re able to communicate with privacy and with security on that intellectual property as we bring it to market and preserve the future of the nation.
What technologies are you seeing or systems, or just plans that are out there that you think are really doing a good job and helping the threat against cyber crime?
When you work collaboratively, you bring capabilities that might have just been in one sector of government together with another sector government.
So we started that with the law enforcement agencies, where they use forensics in order to identify what is the behavior, what is the background on something that is inappropriate from a legal standpoint.
That same forensics capability we applied to our forensics on the network to see what kinds of behaviors were normal and appropriate and what things were indicative of adversary behavior.
Independent of whether that adversary is a criminal, activist or a nation state. The behavior itself in the network could be immediately recognized and acted upon.
So that collaboration was the first step. The second step was taking that kind of forensics analysis and instead of doing it after the fact, we actively applied that analysis first in signatures and now in heuristics in order to be proactive to recognize the elements of an adversary’s intrusion, elements of a threat and preclude those before the threat can take hold. That trade space in between is industry working with all elements of government in order to put that into a network architecture.