By K. Houston Waters , 66th Air Base Group Public Affairs
/ Published March 31, 2021
Capt. Sarah Miller and Tech. Sgt. Carrol Brewster, 834th Cyber Operations Squadron, discuss options in response to a staged cyber attack during a drill in June 2019. The Enterprise IT-as-a-Service Integrated Program Office, headquartered at Hanscom Air Force Base, Mass., stood up a Security Operations Center in San Antonio in late February to provide increased cyber threat detection for Buckley Garrison, Colorado, and Offutt Air Force Base, Nebraska. (U.S. Air Force Photo by Maj. Christopher Vasquez)
A Hanscom IT team stood up an Enterprise IT-as-a-Service Security Operations Center, referred to as an ESOC, in San Antonio in late February to ingest data from Buckley Garrison, Colorado, and Offutt Air Force Base, Nebraska.
With updated visualization and automation capabilities, the new ESOC will provide cybersecurity professionals with increased threat detection resources, allowing shorter response times.
“The ESOC will impact Airmen and Guardians by increasing mission effectiveness using integrated cyber command and control capabilities,” said Col. Raymond Tramposch, cybersecurity lead, EITaaS Integrated Program Office, headquartered here. “Standing up the ESOC provides a new cybersecurity tool that will automate a number of tasks and enable Airmen and Guardians to put more focus on critical security incidents.”
The ESOC uses data-centric and commercial software tools to provide a platform to defend commercial IT networks and EITaaS systems and devices.
By conducting security and defense operations in partnership with the 16th Air Force, 616th Operations Center, and 33rd Network Warfare Squadron, all located at Lackland Air Force Base, Texas, this capability also supports the Air Force Cyber mission.
“The use of the ESOC drives the Department of the Air Force to greater cybersecurity measures that defend the network our Airmen and Guardians use every day,” said Capt. John Phinney, program manager, EITaaS IPO. “This milestone within the EITaaS effort correlates with [Air Force Chief of Staff] Gen. [Charles] Brown’s charge of ‘Accelerate Change or Lose’ and sets the foundation for delivering cybersecurity enterprise services across the Air and Space Forces.”
Standing up the ESOC demonstrates how networks supporting Air and Space Force locations and the EITaaS boundary can be effectively protected using state-of-the-art tools and industry-leading best practices, said Col. Brenda Oppel, director, EITaaS IPO.
The ESOC will not replace the current work performed by 16 AF of providing network monitoring and security, she added.
“The ESOC will demonstrate its capabilities to observe and report incidents to operational units within the 16 AF, including the 33 NWS,” said Oppel. “Any response to events will be directed by 16 AF in accordance with existing Air Force instruction and the Incident Response Plan developed for the ESOC.”
To establish the ESOC, the Hanscom EITaaS team worked closely with the Defense Information Systems Agency, U.S. Cyber Command, the Dept. of Defense Information Network, 16 AF, the Chief Information Officer under the Secretary of the Air Force, Air Combat Command, and other organizations within the Air Force Life Cycle Management Center.
The establishment of the ESOC is just one of several ongoing EITaaS Risk Reduction Efforts, which is the Air Force’s multi-year approach to exploring technical, operational, security, and organizational requirements for Enterprise IT. Click here to learn more.
In the future, the EITaaS Integrated Program Office intends to expand ESOC services to additional installations, in alignment with EITaaS Risk Reduction Effort priorities.