col kevin wooton commander 31 may 2011 n.
Skip this Video
Download Presentation
Col Kevin Wooton Commander 31 May 2011

Loading in 2 Seconds...

play fullscreen
1 / 12

Col Kevin Wooton Commander 31 May 2011 - PowerPoint PPT Presentation

  • Uploaded on

Col Kevin Wooton Commander 31 May 2011. 67th Network Warfare Wing The Air Force’s Cyber Ops Wing. Overall Classification: UNCLASSIFIED. Where we are… where we’re going. Cyber today is where Airpower was in the 1930s…. O perate. Operations Of and On the Net. A ttack. D efend.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Col Kevin Wooton Commander 31 May 2011' - ayla

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
col kevin wooton commander 31 may 2011
Col Kevin Wooton


31 May 2011

67th Network Warfare WingThe Air Force’s Cyber Ops Wing

Overall Classification:


where we are where we re going
Where we are… where we’re going

Cyber today is where Airpower was in the 1930s…

67 nww focus


Operations Of and On the Net



67 NWW Focus
  • Conducting the full range of Network Warfare
    • Network Operations(Establish)
    • Net Defense(Control)
    • Full Spectrum(Use)

67 NWW

690 NSG

Net Ops

26 NOG

Net Defense

67 NWG

Full Spectrum

CSAF’s Sep 00 One Air Force…One Network NOTAM committed AF to fundamentally changing the way we leverage our networks.

CSAF’s msg established AFNetOps, 3 Jul 03…To effectively protect Air Force networks and the advantages they provide, network control…need[s] to be applied in a coherent, disciplinedfashion under control of a single AF commander.

CSAF’s 3 Aug 05 memo on AFNETOPs support to USSTRATCOM laid out a path to provide C2 of the AF network.

CSAF’s 15 May 09 directive memorandum established AFNETOPS/CC authority to issue ordersfor the operation of AF networks.

End-Game: C2 network with focused, precision results

AFNetOps Vision


AFNetOps Reality

O&M responsibility Matrix

AFMCVPN managed by NCC

Except at

Kirkland where its


AFCYBER = MAJCOM NOSCs under one commander

afnet migration niprnet
AFNet Migration (NIPRNET)

One AF-wide

Active Directory Forest


14 Networks into One

840K users across 413 sites


E-mail for Life

Single Sign-on  Anywhere

Reduce System Complexity

AF-wide Collaboration

STATUS (9 May 11)

138K users // 29 sites

16% of AF

10 Legacy Nets Shutdown

net defense current ttp
Net-Defense: Current TTP


  • 24/7/365 presence
  • Crews review 10K+ suspicious events per day
  • Report foreign IP activity to IC
  • Correlation analysis - low & slow
  • Recommend IP blocks to NOD
  • Unity of effort w/other agencies


  • TCNOs up 28% since 2006
  • ASIMS strings – filter suspicious net activity
  • Strong relationship with vendors – share knowledge
  • Blue assessment – see what hacker sees


  • Highly skilled computer network/forensics analysts
  • Focal point for net intrusions
  • Isolate exploitation method & extent of compromise
  • Work closely with OSI & counter-intel agencies


Air Force: 232



full spectrum ops current units
Full Spectrum Ops Current Units
  • 91 NWS
    • Telephone Network Ops
  • 315 NWS
    • Core of AF Ops at Ft Meade
    • Daily joint operations

Current/Future Initiatives

  • Host-Based Security System (HBSS), desktop-level security
  • Information Operations Platform (IOP), intrusion prevention system
  • Network defense common operating picture (ArcSight)
  • EnCase – Remote Incident Response Forensics (EnCase)
  • AF Gateways (aka AF Network Increment 1), network demilitarized zone
  • Vulnerability Lifecycle Management System (VLMS)
  • Fidelis for OperationsSecurity (OPSEC): SNS monitoring/Insider threat
current future initiatives cont d
Current/Future Initiatives (cont’d)
  • Continuity of Operations (COOP)/Alternate Operations Locations (AOL)
  • ROE-governed TTPs/Execution: Stan/Eval
  • Partnerships for rapid TTP and tool development: ESC, AFCA, Rome Labs, 688 IOW
  • Active/Dynamic Defense
  • Indications and Warnings of malicious activity based on actionable, targeted Intel



Full Spectrum


67 NWW - Air Force’s Execution Arm for Cyber Warfare