by Justin Oakes
66th Air Base Group Public Affairs
3/5/2015 - HANSCOM AIR FORCE BASE, Mass. -- It's
not often that the public gets to hear about the Air Force's inner
workings when pertaining to highly-classified networks. However, a
Special Programs team from Hanscom AFB's Command, Control,
Communications, Intelligence and Networks Directorate has recently
emerged and made its presence known.
"We have developed an agile and efficient process for delivering
solutions that protect against the cyber insider threat," said Lt. Col.
Richard Howard, Materiel Solutions Analysis chief.
Unlike other teams within the Special Programs Division, the Materiel
Solutions Analysis section, or MSA for short, is the only one that
functions outside the classified realm.
The team's mission is to rapidly identify and test government and
commercial-off-the-shelf hardware and software, and if viable,
transition it to the classified arena. However, combating the cyber
insider threat on secure networks quickly became one of MSA's primary
In January 2014, the Special Programs unit stood up the MSA Lab, where
the team tests and scrutinizes commercial and government technologies
that could potentially function on a secure network, and at the same
time, serve as a deterrent for insider attacks. The MSA Lab consists of
three sections: Level 1, a robust unclassified area used to test
incoming technologies; Level 2, which has the potential to perform
classified tests; and Level 3, which is a virtual demonstration room.
Since MSA's inception it has fielded more than 100 proposals on insider
threat mitigation technologies from commercial companies, both large and
"The MSA Lab is unique, and by design, highly specialized on the needs
of a select classified community," said Paul Krueger, MSA chief
engineer. "Being co-located at Hanscom AFB with the Hanscom Collaboration and Innovation Center
is important so that when necessary, we can take advantage of its
infrastructure for massive joint and multi-nation coalition warfighting
experiments and demonstrations."
Upon significant amounts of testing, the Air Force partnered with MIT
Lincoln Laboratory and began to notice a common misconception within
"We saw a disturbing trend emerging from companies -- that there is a
single solution fix to insider attacks," Howard said. "The cyber insider
threat is complex, and to believe a single technology exists that will
prevent malicious insiders from stealing, altering or destroying
sensitive information is inaccurate."
To better understand and depict the intricacies of this problem, MSA
engineers devised a model known as the Insider Threat Universe, also
known as the ITU.
The ITU concept is comprised of layers that convey how certain
technologies protect in part -- but not in all -- the Air Force's secure
Confidentiality, integrity and availability make up the basis of the ITU
with information serving as the core. Procedures, policies and
monitoring are other items that directly impact information concerns.
Specific areas such as data-at-rest encryption and role-based access
controls represent technology layers also used to protect information.
The MSA team realized the need to socialize the ITU concept and generate
open communication among other Department of Defense agencies also
faced with growing insider threat problems.
Last month, the MSA office hosted the first Cyber Insider Threat Workshop at Hanscom.
More than 100 cyber, security and acquisition professionals from more
than 30 organizations attended. Representatives from the MSA office, Air
Combat Command, Air Force Research Laboratory, 24th Air Force, Carnegie
Mellon University, C3I Infrastructure Division, MIT Lincoln Laboratory
and MITRE discussed current mitigation efforts and how they fit into the
According to MSA officials, there were two main takeaways from the event.
"The cyber insider threat is complicated, difficult to define and a
challenge to defend against," Krueger said. "The ITU model is a useful
tool that can be used to help define these threats, but it is a
constantly evolving concept."
Krueger also called for more effective communication across the Air Force, government, and other agencies throughout the DOD.
"Communication is the only way synergy can be developed across the
board," he said. "Making the community aware of currently used
technologies, as well as equipment and software that's being tested and
fielded by facilities like the MSA Lab, is critical to solving this
During the last year, the demand for MSA-vetted technologies has
increased exponentially. In order to keep up with testing and analysis,
the lab increased from two to seven engineers plus support from MIT
Lincoln Laboratory, MITRE and various contractors.
This week, Maj. Gen. Craig Olson, C3I and Networks Directorate program
executive officer, presented MSA's areas of interest to industry during
the annual 2015 New Horizons event in Newton, Mass.
"Not only is this a great opportunity to bring our efforts to light
outside of DOD agencies, but it will also allow us to gather valuable
feedback on how our industry partners deal with insider cyber threats,"
Since the Materiel Solutions Analysis team was created, it has stood up a
testing lab, developed a threat model and organized a forum fostering
dialogue among other DOD agencies -- all in the name of cyber security.
"In order for us to successfully mitigate the cyber insider threat
problem, organizations across the DOD must work together; technological,
physical and administrative solutions should be leveraged across the
DOD IT enterprise," said Col. Jeffrey Kligman, Special Programs Division
senior materiel leader. "Communication and innovation are key to
securing our computing environment."