AFSOC incorporates weapon systems cyber defense in Emerald Warrior 22.1 Published May 20, 2022 Air Force Special Operations Command Communications and Information HURLBURT FIELD, FL -- Air Force Special Operations Command incorporated defensive cyberspace operations actions, for the first time, into the overall training objectives during Emerald Warrior 22.1, May 2-13. The exercise fused cyber effects into aircraft operations and employed two mission defense teams, with the cyber defense correlation cell and demonstrated how AFSOC will deploy MDTs to defend weapon systems from cyber-attacks. The communications and information element within AFSOC developed a realistic scenario to maximize training and awareness of cyberspace threats to aircraft avionics. The identified scenario and events allowed maintainers, cyberspace and aircraft operators, intelligence and battle-staff members the opportunity to see the impacts of cyber threats to weapon systems, firsthand. During the exercise, AFSOC staff and MDTs worked with Shift5, a commercial cyber security company, to test and validate a real-time cyber intrusion detection system on an aircraft, and a cyber-incident response software tool within the Cyberspace Vulnerability Assessment/Hunter to assist MDTs in executing cyberspace defense operations. Shift5’s technology enabled MDTs with the 1st Special Operations Communication Squadron and 27th SOCS, Cannon Air Force Base, New Mexico, to test their training, and raised awareness of cyber threats to the operational community. The MDT with the 1st SOCS included three personnel with the 87th Electronic Warfare Squadron, Eglin Air Force Base, Florida, and two instructors with the 39th Information Operations Squadron. Additionally, the MDT with the 27th SOCS was augmented by three personnel with the 193rd SOCS at Harrisburg Air National Guard Base, Pennsylvania. The Defense Enterprise Cyber Range Environment for Command, Control and Information Systems provided a realistic training environment which challenged the participating MDT’s technical, analysis and mission-planning skills, while being actively attacked and challenged by a cyber-red team with the U.S. Army’s threat system management office. Members with the 318th Cyberspace Operations Group, Joint Base San Antonio-Lackland, Texas, provided a secure data transport between all players and teams on a closed-looped network. The scenario involved a flying aircraft experiencing a critical event of unknown origins that exercised numerous operational processes, leading to the discovery of a cyber-threat. During the exercise a sortie reported mission computers failures and performed actions enabling the aircraft to “limp home.” When the plane touched down, maintainers with the 901st Special Operations Aircraft Maintenance Squadron executed a cybersecurity checklist and MDTs began to work. The MDT’s actions saved the maintainers from replacing the mission computers, as well as saving the U.S. Air Force $750,000 for each mission computer that would need to be replaced. With the realistic training incorporated into Emerald Warrior 22.1, impacts of cyber threats to aircraft, and how those threats affect operations and readiness, ensured aircraft maintainers, MDTs and operators remain ready and relevant to cyber-attacks.