OFFUTT AIR FORCE BASE, Neb. -- The 557th Weather Wing celebrated the activation of the Weather Integrated Cyber Intrusion Detection System May 15, 2025, at Offutt Air Force Base, Nebraska.
In 2019, the 557th WW identified the need for an in-house Defensive Cyberspace Operations toolkit to war against cyber threats. Air Combat Command provided the wing with its Cyberspace Vulnerability Assessment/Hunter System. However, late last year the Air Force discontinued the CVA/H system, which left the Wing hunting to find a solution.
“When we lost our legacy cyber defense system on September 30, we had a gap in tools and capabilities that we use to look for adversaries while we brought WICIDS online” said Lt. Col. David Bresser, 2nd Systems Operations Squadron commander. “WICIDS is our new toolkit to find indications of malicious cyber actors on our network. Without it, it is like we are hunting in the dark; our toolkit is the flashlights used to search across large data sets, correlate events, and ultimately find the breadcrumbs of evidence that bad actors have or have not left behind on our network, allowing us to take informed actions to better secure our systems.”
Before the wing could bring the WICIDS to fruition, they had to find the funds to purchase the software and hardware for the system.
“The biggest hurdle was ensuring we could quickly execute a $656K contract for the hardware and software solution,” said Col. Matthew Sattler, 557th Weather Wing deputy commander. “The 2nd Weather Support Squadron team worked hard to ensure the correct equipment and software was identified to ensure successful execution of the money at the end of the fiscal year. The importance of cyber security meant we chose to prioritize funding this DCO tool over other competing requirements.”
The wing established a team of experts who were able to come together and strategize on how they would assemble the system. While working with the 16th Air Force, they were able to get the system accredited and approved to operate.
“This included developing a 3,000+ line programming script to automate the cybersecurity process, configuring four new operator workstations, creating a comprehensive system security plan with over 500 security controls, and developing a comprehensive nine-module training pipeline culminating in a series of rigorous exams for future WICIDS operators,” Bresser said. “Through their dedication and innovation, they achieved initial operational capability on 12 May 2025, bringing the system online.”
“The rigorous process (for approval) required meticulous attention to detail, innovative solutions to emerging challenges, and a collaborative approach to ensure all security requirements were met,” said Robert Adams, 16th Air Force authorizing official designated representative.
Adams also noted that 2 SYOS was the first cyber weapons system to successfully complete the Department of the Air Force’s new Risk Management Framework process. Nancy Sullivan, 2nd SYOS cyber protection flight director, put a lot of thought and carefulness into picking her team of engineers running WICIDS.
“It began with seasoned cyber operators who already had experience with a similar system called Cyber Vulnerability Assessment/Hunter. Since they were familiar with the basics, they only needed a brief introduction to the new Security Onion software,” Sullivan said. “For new cyber operators in training, a whole new training program had to be created from scratch. This program included three main parts: an Initial Skills Course, Initial Qualification Training, and Mission Qualification Training. The reason for this was that people from different military and civilian backgrounds were joining the team, and they all needed to be on the same page.”
Sullivan and her team know the vitalness of WICIDS, which is to protect the 557th WW and other Department of Defense agencies from cyber-attacks.
“A cyber-attack on the 557th Weather Wing's datacenter could have far-reaching consequences, disrupting not only their own operations but also those of other military branches, government organizations, and foreign allies,” Sullivan said. “If the data center is compromised, it could lead to a cascade of failures, affecting the Army, Navy, Air Force, and other organizations that rely on their weather forecasts. It could also impact government organizations like the National Weather Service and Federal Aviation Administration, as well as foreign allies like NATO partners.”
Sullivan and her team are up to the challenge of protecting the United States and its allies from cyber threats.
“I feel immense pride to lead a team of this caliber, leading a top-rated team is a privilege that is an incredibly humbling and rewarding experience,” Sullivan said. “My team has always had the capacity to handle change and accept all challenges that come their way.”
Bresser said he believes WICIDS now stands as a testament to the 2nd SYOS teams’ dedication and ingenuity.
“This unique, custom-built system not only safeguards critical weather data but also provides enhanced threat detection capabilities across the weather domain, allowing the team to offer real-time heuristics-based analysis like the CVA/H,” Bresser said. “WICIDS is poised to evolve and adapt to the ever-changing cybersecurity landscape, ensuring the 557th Weather Wing can continue to deliver its vital mission: providing the weather information that drives behavior worldwide.”