Cyber Security and Control Systems (CSCS) Phase 1 (19-42)- Day 2
Cyber Weapon System
A combination of one or more weapon used cyber capabilities with all rested equipment, materials, services, personnel, and means of delivery and deployment required for self-sufficiency.
Weapon System
A combination of one or more weapons with all related equipment, materials, services, personnel, and means for delivery and deployment (if applicable) required for self-sufficiency.
Switch
A device that connects other devices together within the same network.
Router
A hardware network device that determines the next network point to direct a packet to reach its destination.
Indications and Warnings
ACD Weapon System capability that detects and alerts on anomalous, unauthorized, or malicious activity.
Vulnerability Remediation
ACD capability that tracks and fixes identified vulnerabilities.
Containment
AF Cyber Defense (ACD) capability that prevents the spread of malware and eliminates unauthorized access.
Intel
Actively or passively gathered information of the adversary and it's actions.
AFINC
Allows for diverting, denting, disrupting, delaying, or degrading an adversary's ability to maneuver in the cyber terrain, specifically between the AFNet and external enclaves, to include the internet. Includes 16 NIPR gateways, and 15 SIPR C2 nodes. Two operating units are '26 NOS (AD)'and '960 COG, Det1 (AFRC)'
Cyber Operations Risk Assessment (CORA)
Assess data compromised through intrusions of AF networks with objective of determining associated impact to operations resulting from data loss.
Web Risk Assessment (WRA)
Assess information posted on AF unclassified owned, leased, or operated public an private web sites to minimize exploitation of AF information by potential adversaries.
Combat Operations Division (COD)
C3MS Division responsible for monitoring and adjust ping execution of the current CTO.
Intelligence, Surveillance, and Reconnaissance Division (ISRD)
C3MS Division that disseminates cyber threat information to AF and AFCYBER weapon systems in defense of the AFIN and in support of Offensive Cyberspace Operations.
Strategy Division (SRD)
C3MS division that initiates the CTO cycle.
CDA capability monitors unclassified email for PII, OPSEC or other violations.
Telephony
CDA capability that monitors telephones for keywords. Assesses AF unclassified voice networks.
Cyber Vulnerability Assessment (CVA)
CVA/H capability performs a vulnerability assessment to provide decision makers with the IA posture of a given network.
Counter Cyber Response Operations (CCRO)
CVA/H capability pursues and engages threats in a network.
Advanced Defensive Counter Cyber Operations (ADCCO)
CVA/H capability that detects, locates, and tracks threats within a given network.
Chief of Staff of the Air Force (CSAF)
Designates a system as a weapons systems and assigns each weapon system to a lead command.
Computer/network logs
Electronic record of events.
Client Endpoint Protection Operator (CPO)
Ensures all hosts have up-to-date antivirus software.
Operations Controller (OC)
Evolving position (Cyber Battle Managers); Command and Control (C2) for DODIN missions.
Cyberspace Defense Analysis (CDA)
Monitors, collects, analyzes, and reports on sensitive information from computer networks, telephony and radio systems, electronic mail, and AF websites.
Cyber Vulnerability Assessment/ Hunt (CVA/H)
Multi-role tactical level asset; cyber protection teams (CPT) conduct global cyberspace operations to deter, disrupt, and defeat adversaries on AF networks.
ACAS (Assured Compliance Assessment Solution)
Network-based security compliance and assessment solution designed to provide awareness of the security posture and network health of DoD networks.
Joint Regional Security Stack (JRSS)
Next generation gateway system that accommodates higher bandwidth and increased redundancy.
Directory Services Operator (DSO)
Operator Position that has a role to provide basic authentication and accessibility to clients in a domain.
Vulnerability Remediation Operator (VRO)
Operator position that provides remote systems management, operating system deployment, security patch management, and compliance and asset reporting.
Monitoring Management
Operator position that uses Solar Winds, SCOM, and Netcool to perform their duties.
Storage Virtualization Operator (SVO)
Operator position that uses VMware.
Boundary Protection Operator (BPO)
Operator position with the role to allow, deny, redirect, and log traffic traversing base firewalls and proxies.
Cyber Command and Control Mission System (C3MS)
Plans, directs, coordinates, assesses, and conducts Command and Control (C2) of cyberspace operations in support of AF and joint requirements. C3MS operating units include the 624 OC.
Air Force Cyber Defense (ACD)
Produced effects by employing synchronized network defense operations to prevent detect, and respond to incursions at the network host, base boundary, and AF gateway levels. Capable of performing forensics analysis operations or gathering info and intel used to make decisions.
NIPR Integrated Management Suite (IMS)
Provides out-of-band management network that serves as the nervous system for NIPR platforms and serves as the primary means for AFINC crew members to command and control AFNGS platforms and employ Defensive Cyber Operations (DCO) effects.
NIPR Service Delivery Points (SDP)
Router enterprise mesh that ties together components of the AF unclassified network between base/site external NIPR routers, area processing centers, AFNGS, JRSS, and any other elements of unclassified network. At least one dedicated SDP per base.
SolarWinds
Software tool that uses a GUI interface and provides network monitoring
Voice Protection Systems (VPS)
Stops unauthorized outbound modem calls and private ISP dial-up connections that open security back doors into networking resources.
Cyber Weaponization
The process of taking an offensive/defensive cyber capability from deployment to operational and requires CONOPS, TTPs, legal review and launch platform.
AF NIPR Gateway System (AFNGS)
Where all NIPR traffic entering/leaving the AF unclassified networks must pass and serves as the interface between DISA, IAP's, DoD NIPR, and Active Duty unclassified networks. Capabilities and components include switches and routers, DNS and DHCP servers, Packet Capture, Firewalls, and Web Proxies.
