Every single day, the cyber warriors at the 33rd Network Warfare Squadron come face to face—keystroke to keystroke—with hundreds of attacks against the service’s main and massive network.
To help them accomplish the squadron's mission to defend the full Air Force Network (AFNET)—which the service uses for daily business, like emails and file sharing—it operates and relies on a special sidekick, the Air Force Cyberspace Defense (ACD) weapon system. The $543 million, custom-built suite of devices and programs is deployed throughout the AFNET ecosystem, always watching it, ever reactive to suspicious activity it recognizes.
It’s “fairly defined terrain,” said Lt. Col. Samuel Snoddy, commander of the 33rd NWS, which operates out of JBSA-Lackland, Texas. By that, he means the squadron’s 306 cyber warriors—comprising military, civilian, and contract personnel—know they’re defending between 600,000 and 700,000 cyber “endpoints” 24 hours a day, seven days a week, 365 days a year. Simply put, endpoints are keyboards or other devices allowing interaction with USAF’s internal networks—whether by friend or foe. Out of USAF’s seven cyber weapon systems and the teams operating them,“We have the largest terrain,” Snoddy said, adding that all the systems complement each other.
Traffic to and from AFNET’s endpoints spills into creeks of data flow, subsequently branching into rivers and eventually into any one of the 16 existing gateways currently governing all AFNET traffic.
“The gateways are very complex architecture that support massive amounts of traffic and data flowing through them,” Snoddy told Air Force Magazine. “[There are] probably hundreds of devices and programs that make up each one of these gateways across the Air Force.”
The ACD weapon system is able to spot abnormalities because it knows “what good traffic looks like,” Snoddy said.
“It’s the border wall,” he summarized. “If we see something we don’t like, we stop it at the gate.”