Embracing rapid continuous change in the cyber environment and having the willingness to consider new ideas in organization, procurement and operations, regardless how “out of the box,” are key to the Air Force’s advancement in the cyber realm, according to Adm. Michael Rogers, U.S. Cyber Command commander, National Security Agency director and Central Security Service chief.
“It is great to see the internal dialogue and the ongoing evolution of cyber within the Air Force,” said Rogers during an Air Force Association cyber security panel discussion in 2017. “The idea that we are going to stick to a specific construct, a specific set of operational practices or a specific set of skill sets over time, I think, is very flawed. We have got to get used to the idea of change as a normal component of this mission set. What are the implications of that change, from how you build with your human capital to how you build a mission team? What are the capabilities you need? How do you organize, whether that be formally from a command and control perspective, or all the way down to the tactical seam? How do you organize to execute the mission? It’s about the ability to bring together multiple perspectives and multiple organizations to achieve the desired outcome.”
While the Air Force has begun cross-training active-duty cyber defense specialists in offensive cyber tactics, and vice-versa, to create a force with greater overall insight into the cyber battlespace, the inherent structure, composition and operational flexibility of ANG cyber units may hold ideas for the evolution of all cyber forces, according to Tech. Sgt. Kyle Hanslovan, a cyber operator with the 175th Cyberspace Operations Group of the Maryland Air National Guard and the CEO of his own cyber security company.
“Guardsmen coming from very diverse backgrounds in the civilian world benefits the 175th COG’s flexibility in response and a culture of diverse professional perspectives on cyber problem solving,” said Hanslovan. “Some of my co-workers in the Guard come from crazy things, like molecular biology, where their perspective and abilities to solve problems is from a perspective that I would never consider. It makes us a very lethal force.”
Born of a small detachment of 35 Airmen that performed network warfare operations for intelligence agencies in 2013, the 175th COG, activated in 2016, has grown to more than 200 Airmen comprising four squadrons — the 175th and 276th Cyber Operations Squadrons, performing active cyber engagement, the 275th Cyber Operations Squadron, performing defensive operations, and the 275th Operations Support Squadron maintaining the systems those squadrons use in the fight.
In its short history, the 175th COG has also benefited from conducting the diverse cyber operations inherent in working for the governor of its home state, such as securing city and state government networks during the Baltimore riots and conducting mutual cyber support and training exercises with Maryland’s sister nation, Estonia, to working with the FBI, Secret Service and Homeland Security to protect networks during the 2013 and 2017 presidential inaugurations and supporting operations for 24th Air Force, NSA and U.S. Cyber Command.
The experience those Airmen bring from their civilian jobs, whether working cyber defense for a government agency like the FBI or State Department or being the CEO of a cyber security startup company, combined with their military operational experience, gives their commander operational choices that other combat commanders may not have.
“I don’t want them to mirror exactly what we’re doing here on the military side. I want them to be software developers, system architects, trainers or from the I.T. world, as well as the security world, because all of those skills they learn in their civilian capacity just enhances what we’re going to teach them from the Air Force side,” said Col. Jori Robinson, 175th COG commander. “We can mesh all of those skills together and provide solutions for the Air Force you probably aren’t going to get from somebody who only has Air Force training.”
Robinson learned the hard way to appreciate strength through diverse experience.
Then Air Force ROTC cadet, Robinson’s dreams of high Gs in jet fighters and zero Gs in space ended with a diagnosis of scoliosis, a curvature of her spine, during her first physical prior to undergraduate flight training.
Yet with the encouragement and assistance of her cadre and detachment commander, Col. Charles de Bellevue, the leading ace of the Vietnam War, she found a new path, military intelligence, thus launching her on a diverse career path that began with a master’s degree in strategic leadership, working in the office of the chairman of the Joint Chiefs and then on Capitol Hill in the legislative liaison office of the secretary of the Air Force; nothing short of a master-class in leadership skills.
She then gained experience in signals intelligence and joint operations with the Hostage Rescue Team at the NSA before moving to USCYBERCOM to work for Gen. Keith B. Alexander as action officer for the Commander’s Action Group. While there, she was bitten by the cyber bug and returned to school to become a certified cyber operations officer.
It was that unexpected career path, with its diverse opportunities and experiences during active duty, which enabled her to fully appreciate the value of civilian-sector experience in the 175th COG’s Airmen, like Hanslovan.
Yet, Hanslovan’s career path as a cyber security specialist was already set in his early teens while living with his parents near the Central Florida coast. It is a career born of curiosity, solitude and a little bit of larceny.
At the turn of the millennium, most of his friends spent their summers at the beach surfing on waves; uninterested, or even unaware, of surfing the World Wide Web.
Hanslovan, on the other hand, was hell bent on exploring a vast ocean of information and code, by whatever means necessary.
“Most of my time was really focused on how I could gain access to the internet,” said Hanslovan. “That was back when we had those AOL CDs. You could not get on the internet unless you paid by the minute. I taught myself how to code by going to the library to use the computer or ‘borrowing’ other peoples’ accounts at my home. So my first experience was gaining access to accounts, sending phishing emails, even, when I was young.”
Then Hanslovan met an individual that convinced him to begin using his newfound powers for good rather than evil.
“Recruiters came to me early in high school and said, ‘Hey, are you familiar with the opportunities in the Air Force?’ It was a way for me to formalize my training that I had learned through, let’s say, more nefarious internet research,” said Hanslovan. “Thank goodness I never had a car pull up to my parents’ house and guys knock at the door saying, ‘Hey, we know what you are doing’. For me, meeting that recruiter was that pivotal moment that got me fast tracked to early graduation. If I had waited any longer I could have gotten myself into some real trouble.”
Hanslovan joined the Air Force after early graduation from high school in 2003, with his first posting in England performing information assurance work and remediating cyber attacks on the base. It was this duty where he began to realize that his early ‘nefarious’ experience in Florida was actually real-world cyber security training.
“Although my job was defense, if you think about all of my experience gaining access to accounts, sending phishing emails, what I was doing as a kid and didn’t know any better, prepared me for my job in the Air Force. So when someone is trying to social engineer the commander’s email, or trying to learn about the planes and how and when they take off and other schedules, I was quick to find that, because I had done similar things in other areas,” said Hanslovan.
That outside experience as a cyber security business owner now gives Hanslovan and his ANG teammates the edge in the cyber arena.
“If you are active duty you are working 9-to-5, but the reality is there are other duties and other things that get in your way, things like reports and promotions,” said Hanslovan. “As a contractor and now as a business owner, I live and breathe cyber-security all day, every day. So when I get to come one weekend a month, after getting to do all that defense, and I put that offensive hat on, I know how they are going to defend against this type of attack and how we can get around that.”
Although he cannot speak of actual ANG operations, Hanslovan believes that the ANG’s successes in cyber contests, both civilian and military, illustrates their capabilities.
“So the closest thing I get to a knife fight or hand-to-hand combat is when I go out and compete at DEFCON’s Capture the Flag or one of those major security conferences. The National Guard teams that I have played on, we usually kick butt and take names,” said Hanslovan. “On the commercial side, we actually won the World Series of Hacking at DEFCON’s Capture the Flag a couple of years ago which demonstrates the talent you get to bring in from the outside. We are world competitors who get to put on the uniform and give back, just in slightly different way from active duty.”
The competitors at these events can often be as real as the real world.
“Sometimes at these competitions, it might be known that some of these groups might be affiliated with a state-sponsored school, or maybe they are known to be intelligence assets,” said Hanslovan. “There is no better way to go head to head, crazy enough, than in a room full of hackers. That doesn’t necessarily mean guys in the basement with a hoodie on. That really means going against a group of people who have their skills in place and they are capable of using them for good in defense or maybe for more nefarious reasons. There is no better opportunity for us to learn and utilize our skills in a real environment by competing in these events.”
There is no better way to go head to head, crazy enough, than in a room full of hackers.
Those lessons are immediately utilized thanks to a National Guard initiative launched in 2017 — the Innovations Program. It is designed to encourage the entrepreneurial mentality of an internet startup within the National Guard; what Hanslovan terms an “intrapreneure.”
“Without embracing some of those ideas, we are going to continue at the pace that we are, which is ‘All right. We know this is an issue, let’s write a policy on the issue, let’s slowly fix the issue and let’s roll it out and then evaluate 10 years later whether we fixed it,” said Hanslovan. “If you are moving at that pace we will always be behind. So I am hoping we continue to move in that direction of looking at innovative ways where Airmen on the ground are coming up with ideas and working with leaders that are willing to take the risks. Leaders who will say, ‘You know what? I am going to move fast and break things.’ And that is bold. So I hope we continue to get that support from all levels within the Air Force.”
Hanslovan adds that the integration of civilian cyber experience in ANG units reaches its full potential due to what he terms ‘transparency’ on the operations floor.
“I’m a technical sergeant. But, I have also been doing this for 15 years. So what’s neat, similar to the special operator community, when we go in and do operations, a lot of the time our rank comes off,” said Hanslovan. “We are able to critique, not just the highest rank coming to a junior Airmen, but vice versa. It’s transparency, and that is a little bit different in this organization where this rank means everything; that’s our organizational structure…That transparency has to happen and that’s not just with coworkers, that’s with rank…the operational landscape changes way to quickly to not have that.”
Col. Kevin ‘Jungle’ George, ANG Advisor to SAF CIO/A6, believes that daily change in the cyber mission set, as defenders block and adversaries exploit newly identified vulnerabilities to networks, means the military can’t afford to train once and expect personnel to remain the dominant force.
“They need a constant intel feed of zero-days, bad actors, tools, and patches. When we combine the experience and training our ANG personnel bring from the private sector with their AF training, the result is a force multiplier. New tools, tactics, techniques and procedures are continuously updated, applied on mission, and shared with our active duty counterparts,” said George.
When we combine the experience and training our ANG personnel bring from the private sector with their AF training, the result is a force multiplier.
“We saw this occur when the 275 COS mobilized on a Cyber Protection Team mission in 2015 and we see it over and over again as other ANG units roll into Cyber Mission Force missions. Because of the persistence in the ANG and the likelihood that our personnel are working similar jobs in the private sector, I expect this to continuously improve over the coming years. I’m sure it occurs in other AF career fields, but it is particularly valuable in cyberspace operations and I predict it will continue to be indefinitely.”
George believes that an innovative, targeted application of ANG units in long-term engagements can benefit the force as a whole, particularly in areas where active duty units are limited by the rotation of personnel.
“All services are struggling to establish and maintain uniformed cyber tool developers. That’s very difficult to accomplish when it takes 3 to 5 years to create an apprentice tool developer and a PCS cycle is about 3 years. The ANG could be a valuable environment to perfect that capability or possibly data analytics, or artificial intelligence.”
Hanslovan and Robinson believe such issues with attracting and retaining cyber talent need to be addressed by the force as a whole.
While serving on active duty, beginning with securing base networks in England in 2003, Hanslovan was always in the fight, including deploying to Afghanistan attached to a special forces team, but rapid change in the civilian cyber sector and pressure to give up the keyboard in order for his military career to advance, led him to separate.
“I never intended when I joined the Air Force to leave active duty. I was going to put in my 20, but then I realized that things were moving so fast on the outside that I felt like I was left out. So I jumped out of active duty and transitioned to the National Guard,” said Hanslovan. “I’ve been in the Air Force for 14 years now. I have been a fast burner, I promoted from senior airman to staff sergeant first time. I made tech. sergeant right away. But, I will be a tech. sergeant for the rest of my career. And that’s crazy. The reality is I have got to be hands-on-keyboard to give back the way that is most beneficial…I will never put on master sergeant. Thank goodness in our world nobody ever says, ‘Don’t listen to the tech. sergeant.’ Usually it’s more like, ‘Oh, gosh. This guy’s got a lot of experience, it’s time to listen to the tech. sergeant.’”
Robinson believes that the Air Force is on the right path by encouraging innovation and open dialogue to navigate a problematic intersection of military structure and tradition with such a new and constantly changing arena of warfare.
“We’re constantly talking about cyber policy and cyber reactions because we are very much building this plane were already flying,” said Robinson. “It’s a really interesting conversation when you start talking about growth and development and the force management of the cyber career field. The 175th COG has brilliant minds that want to continue to move up the leadership chain. But on the exact opposite hand you have individuals that want to stay in the trenches and don’t care about the promotion. They want to be on keyboard and crack away at their target.”
Robinson is more concerned the surge in military enlistment post 9/11, especially in technical fields like cyber, has given way to an increasing turnover rate.
“It’s becoming a family business and we need to maybe make the family a little bit bigger and reach out,” said Robinson.
In order to attract those new technical minds, Hanslovan sees the need to change the acquisition of talent.
“In my civilian business, when I find a candidate, they are hired or we have passed within a couple of weeks,” said Hanslovan. “In the Air Force, we might do that in six months. I know it hurts to say that, but I think the biggest hurdle we have is how do we get the best talent to come in and, even harder, how do we retain it. Right now the best answer as a big Air Force is hopefully we can retain them in the National Guard, but long-term that doesn’t work. No offense, as much as I like to think our unit is important, and we are, we are there for one weekend a month and two weeks a year and in the short-term when we deploy. We have got to be able to figure out how to keep fulltime talent like myself. I think if we don’t address that, we are going to pay.”
Still Hanslovan is glad to be part of the evolution of the digital warfighter.
“People just like me and my coworkers who are still devout and still want to give back to our country…we make up a giant pool of talent who want to keep up with the newest latest and greatest, but still want to give back. I am super grateful for that,” he said.
Editor’s note: Since this story was reported Col. Jori Robinson has been named Vice Commander of the 175th Wing of the Maryland Air National Guard. A new commander for the 175th COG has yet to be named.