WEBVTT 00:00.840 --> 00:02.951 everybody . My name is Master started 00:02.951 --> 00:04.729 Herman . I'm a cyber operations 00:04.729 --> 00:06.840 craftsman with a 33rd network warfare 00:06.840 --> 00:09.007 squadron on I have a spark tank idea . 00:09.007 --> 00:11.229 So like , many of you have been working 00:11.229 --> 00:13.451 from home for the past several months , 00:13.451 --> 00:12.880 and I've been working on a project 00:12.880 --> 00:15.047 called Titus , which is , uh , seeking 00:15.047 --> 00:17.750 to improve the Air Force's network by 00:17.760 --> 00:19.927 looking at commercial breast practices 00:19.927 --> 00:22.149 and bringing commercial I T partners on 00:22.149 --> 00:24.840 board . So I've been trying to square 00:24.840 --> 00:27.470 that with our cybersecurity posture and 00:27.480 --> 00:29.591 determine how best we can secure that 00:29.591 --> 00:31.813 type of network . And I think I have an 00:31.813 --> 00:33.869 idea that not only makes the network 00:33.869 --> 00:36.091 more secure , but it makes it easier to 00:36.091 --> 00:38.202 use as well . So , like many of you , 00:38.202 --> 00:40.369 I've been using the Air Force Reserves 00:40.369 --> 00:40.070 Command desktop anywhere Virtual 00:40.070 --> 00:43.270 service to get access to Area 52 eso If 00:43.270 --> 00:45.214 you use that service , what you're 00:45.214 --> 00:47.326 actually getting is a virtual machine 00:47.326 --> 00:49.381 that gives you access to the F net , 00:49.381 --> 00:52.640 just like you at work . So the idea is 00:52.640 --> 00:54.760 to segment the network . Currently , 00:54.760 --> 00:56.704 it's segmented . On a geographical 00:56.704 --> 00:58.927 basis . You log into a base network and 00:58.927 --> 01:00.982 that gives you access to things that 01:00.982 --> 01:03.093 are restricted to that base network . 01:03.093 --> 01:05.260 Uh , and there are certain resource is 01:05.260 --> 01:07.482 at the base level . In certain resource 01:07.482 --> 01:09.704 Is that air shared , For example , file 01:09.704 --> 01:11.816 servers , emails , shared service and 01:11.816 --> 01:13.704 also certain web servers that are 01:13.704 --> 01:15.760 restricted to dot mil domain . Eso , 01:15.760 --> 01:17.704 for example . Before I was a cyber 01:17.704 --> 01:20.810 operations I craftsman , I was aircraft 01:20.810 --> 01:23.280 mechanic . Eso We log in it to the Air 01:23.280 --> 01:26.140 Force portal to get access time DS to 01:26.150 --> 01:27.928 order aircraft parts , document 01:27.928 --> 01:29.983 aircraft maintenance and things like 01:29.983 --> 01:31.817 that . So those were the kind of 01:31.817 --> 01:33.983 services that I'm concerned about from 01:33.983 --> 01:36.150 a security perspective that can have a 01:36.150 --> 01:38.372 definite impact on the Air Force s . So 01:38.372 --> 01:40.830 the idea is thio put all those resource 01:40.830 --> 01:43.050 is into functional categories and give 01:43.050 --> 01:45.170 them access through virtual machines 01:45.170 --> 01:48.410 for specific mission set so security 01:48.410 --> 01:50.521 forces could access the resource they 01:50.521 --> 01:52.466 need for their mission . And those 01:52.466 --> 01:54.688 resource those , uh , networks could be 01:54.688 --> 01:56.910 shared between multiple bases , ideally 01:56.910 --> 01:58.966 between the entire air force . So as 01:58.966 --> 02:01.077 you move from base to base , you have 02:01.077 --> 02:03.188 access to the same information in the 02:03.188 --> 02:05.660 same the same network . You can build 02:05.660 --> 02:07.604 collaboration tools between people 02:07.604 --> 02:10.170 within those same networks . You can 02:10.180 --> 02:12.124 you can communicate between people 02:12.124 --> 02:14.236 within the same network . When you're 02:14.236 --> 02:16.513 doing your regular checking your email , 02:16.513 --> 02:18.680 doing your Web surfing , anything like 02:18.680 --> 02:20.902 that could be done from the Legacy af . 02:20.902 --> 02:22.847 Net or the eye test network . When 02:22.847 --> 02:24.770 you're doing missions or doing 02:24.770 --> 02:26.881 something critical to your job , that 02:26.881 --> 02:29.214 could be done from a segregated network . 02:29.214 --> 02:31.980 As you move up through the wing naff 02:31.980 --> 02:33.924 and manage comments , you may need 02:33.924 --> 02:36.036 access to multiple networks . You can 02:36.036 --> 02:38.202 also design networks that talk to each 02:38.202 --> 02:40.147 other and in specific ways . But I 02:40.147 --> 02:42.258 think that having that in place could 02:42.258 --> 02:44.091 make our network more secure and 02:44.091 --> 02:46.258 defendable . The base level would know 02:46.258 --> 02:48.202 what resource they need protect to 02:48.202 --> 02:50.313 accomplish their base mission we need 02:50.313 --> 02:52.536 Resource is the bait last base level to 02:52.536 --> 02:54.313 build virtual servers for these 02:54.313 --> 02:56.258 machines , as well as training for 02:56.258 --> 02:58.258 comScore INGE to execute it . But I 02:58.258 --> 03:00.147 think it could have a significant 03:00.147 --> 03:00.370 impact on the way we secure the Net .