The story our network tells

A member of a Cyber Protection Team participates in the Air Force's Exercise Black Demon, designed to validate his ability to protect and defend specific critical missions or assests. Unlike other communications specialists who work to defend and protect an entire network, CPTs have advanced training and skillsets that go deeper into locating and then neutralizing the threats posed to high priority missions. (U.S. Air Force photo by Airman 1st Class Daniel Garcia)

A member of a Cyber Protection Team participates in the Air Force's Exercise Black Demon, designed to validate his ability to protect and defend specific critical missions or assests. Unlike other communications specialists who work to defend and protect an entire network, CPTs have advanced training and skillsets that go deeper into locating and then neutralizing the threats posed to high priority missions. (U.S. Air Force photo by Airman 1st Class Daniel Garcia)

HANSCOM AIR FORCE BASE, Mass. - Acquisition personnel here are setting up a system to monitor the health of the network enabling all U.S. Air Force operations.

The U.S. Air Force network, which you could be using to view this article, is huge. 800,000 end points, like desktops, laptops, mobile devices and classified terminals generate 100,000 security events per hour. It’s comparable in size to networks used by the largest multinational corporations, like major oil companies. By taking the pulse of the network, they hope to improve security, reduce maintenance costs and mine data produced by millions of daily operations.

“If you just think of the sheer scale of the network, and the number of connections that happen every minute, it can be mind-boggling,” said 1st Lt. John Bennion, Data Analytics Pathfinder program manager at Air Force Life Cycle Management-Hanscom. “But the connections themselves are all tracked. While we couldn’t possibly delve into the content of each individual connection, the pattern the connections make over time can tell us very valuable information. That’s big data analytics. We’re extracting patterns from the flow of data in an entire system to identify problems quickly and predict threats.”

Bennion and his team are working with contractors to automatically analyze security events. Security events occur when the Air Force network is exposed to potentially dangerous websites, like those blocked by a firewall, or when individuals fail to provide improper credentials.

So far, Bennion’s team has spent $1.6 million, and is on track to invest more than $5 million by next fiscal year. The initial contract processes terabytes of data per day, which is the amount of network data one base can generate. They will eventually scale up to a system that can analyze events from the entire network. Network-wide maintenance costs can be reduced by giving Airmen the ability to see patterns and predict future breakdowns.

“Right now, a lot of the analytics we do are still very manpower-intensive. The risk of creating information overload is high,” said Eric Delage, a contracted lead systems engineer for the Data Analytics Pathfinder. “For a system as large as the entire network, significantly more automation is critical. We need to be able to sample the whole system and provide Airmen with useable information so they can detect potentially damaging security breaches, or see where hardware may be malfunctioning, quickly.”

The contractor, Enlighten IT Consulting, began tracking a portion of the network at the end of July. Within a year of its contract, in conjunction with a yet-to-be determined Air Force test squadron, Enlighten will provide Bennion’s team recommendations on how to move forward and scale up the data analytics project to provide useable information on the entire network.