One-on-one with the Air Force’s cyber chief
It would almost be easier to list the operations Timothy Haugh isn’t involved in.
As the head of Sixteenth Air Force (Air Forces Cyber) the three-star lieutenant general oversees a number of missions that the service consolidated into a single information warfare entity in 2019.
Before he assumed command, Haugh served in senior positions at U.S. Cyber Command — including director of intelligence and chief of the National Cyber Mission Force — that left him well-versed in multiple facets of the digital domain.
Those experiences could prove crucial as his organization supports Cyber Command; defends the service’s networks and those of the nascent U.S. Space Force; and executes defensive and offensive cyber operations for key combatant commands, including U.S. European Command — which has been in the spotlight since Russia’s invasion of Ukraine.
The Record recently interviewed Haugh virtually from his headquarters at Joint Base San Antonio-Lackland Air Force Base in Texas. This transcript has been edited for length and clarity.
The Record: People see the terms ‘information operations’ and ‘warfare’ but might not know what they mean. What are 'information operations’ for the Air Force?
Lt. Gen. Timothy Haugh: We stood up in October 2019. The problem that we were trying to solve was integration of capabilities. We had independent activities that we’re really excellent in — cyber, intelligence, surveillance and reconnaissance, our electromagnetic spectrum, electronic warfare activities, our weather and then we were growing information operations capabilities — but all of those were in separate organizations.
The task that [former Air Force Secretary Heather Wilson] gave us was to integrate those activities for the purpose of being able to present a greater capability than the individual parts.
The information operations side of it is really the idea of, how do you affect adversary behavior? How do we use the data that we've got access to across our various roles and missions, and then be able to — in some way — message our adversary? That can be through public affairs, that can be through direct messaging. It can be through any number of means.
The information warfare activities is how do we integrate it all together to present capabilities that would now leverage cyber and intelligence, electronic warfare and cyber or our intelligence understanding of an adversary with the behavior that we're trying to shape.
TR: How are you partnering with industry? What's changed on that front since you took command?
TH: As we look at the roles and missions that we execute, the one that has been most profoundly changed in terms of our industry partnership has been the networks that we run for the United States Air Force.
We run the unclassified and classified networks for the Air Force. Obviously, we've all transformed through COVID. What that manifested for our airmen that run the Air Force networks was we went from having about 10,000 users who worked remotely to 300,000 overnight.
That transformation required a partnership with industry, with Cyber Command and NSA. It was about how do we work across the whole Department of Defense to extend and allow remote access to our networks but do it in a way that is cyber secure and defensible — as we transform our architecture in real time. That, partly, was done through a partnership with industry. We created a new cloud approach that allowed us to both defend it and make services available we hadn't done before.
TR: You’re responsible for integrating cyber into planning and execution for U.S. European Command. What keeps you up at night about Ukraine?
TH: What I can talk to you about is how we've approached partnerships because I think it is important and gives you some context.
What is different now in the cyber domain is our partnership — in this case with EUCOM — to be able to reach out to allies. Where in the past, they could have a partnership from a cyber perspective but their staff wasn't always created to do that.
Now within the U.S. Cyber Command components, we have a dedicated element of our staff to work partnerships with allies. We've exercised with a number of European nations over the last year. We've done activities to make sure that there's information sharing; whether that be through the partnerships that Cyber National Mission Force conducts or through U.S. Cyber Command to make sure that we can share and we're sharing data appropriately if there's a cyber threat.
That work now has become really routine. And our partnership, both with the geographic combatant command and then with those allies, who are all dealing with the same thing, which is a nation that most likely is experiencing ransomware that has impacts on their overall MOD network and then trying to grow a cyber force.
We have taken on a portion of that role, as requested by [Cyber Command and NSA chief Gen. Paul Nakasone and Gen. Tod Wolters, head of European Command], which is to partner with a number of those allies to grow their capacity. Those are the types of activities within the department that has allowed Cyber Command to be a really good partner with those combatant commanders that have a geographic focus and are really working with a number of nations to build their capacity.
TR: It sounds like the U.S. and its allies and partners in the region are joined at the hip.
TH: It depends on the nation, in terms of where they are in their growth of cyber within their military. Cyber Command has done a really good job of creating exercise venues where we can bring multiple nations together. We can share, in particular our defensive tradecraft, how we approach our ability to partner with an intelligence element to give us data, how we then use that data to be more effective.
That has worked really, really well. Those forums allow for building a collaboration and also to do some initial growing of capacity.
TR: The 16th Air Force is charged with securing the networks the Space Force uses. When will that service be mature enough to protect its own systems?
TH: We're the cyber component to U.S. Space Command. Then we operate the networks that the Space Force uses every single day for the execution of their missions.
We just did a day-long dedicated session with the Space Force team because what they have really done expertly — as they've stood up the Space Force — is they have focused on the cybersecurity in defense of the weapon systems that Space Force operates.
While we're their network provider, they have completely committed to creating the right type of approach that allows them to defend their weapon systems that they're presenting to U.S. Space Command, while also making that cybersecurity data available back to the Air Force.
Their approach has really been somewhat lead-turning where the department defense is going for how we defend weapons systems and how we dedicate the right set of sensors and data approach to those weapons systems. I couldn't be more impressed.
TR: Is there an end date in mind for the Space Force to also protect its networks?
TH: From my perspective, as the operator of the network, we're treating that like we will do that forever — until there's a determination in the Air Force with the Space Force to change that.
TR: What do you think needs to be done to attract the cyber talent to the Air Force and then keep it?
TH: When I look at our force, we have the talent inside of our force. Our challenge is retaining the right amount of the right talent.
We have to be able to retain the density of talent to meet the expectations that general Nakasone has from the secretary and the combatant commanders. There are things that we are evaluating.
TR: Where’s the trendline for retention right now?
TH: We've been relatively static in terms of what it looks like in our retention.
TR: The Cyber Mission force is due to grow by at least 14 teams in the coming years, aside from an ongoing force structure assessment by Cyber Command. How will the CMF grow in the future?
TH: I'm uncertain about growth.
The demand signal for us is to fully fill those teams with training qualified individuals, so that we can get into a normal military cycle of deploy, reset, train, rest, deploy. We don't want to be demanding of this force, to be in a constant deployment cycle.
This is an experience we went through with our ISR force, when demand was so high for our intelligence capacity. Those airmen were fully engaged every day and we didn't have a reset opportunity.
TR: When do you think you're going to reach a point where it is routine?
TH: We're seeing improvements in that, in terms of the overall capacity that we're able to present. That'll be an area that we'll work really closely with cyber command, which is what is the right amount of time for reset? This is a discussion that's happening within the Department of Defense and with Cyber Command: what is our baseline going to look like as we approach our readiness?
I wouldn't put a timeframe on it.
We know we can train airmen. We need to retain them at a level that allows us to increase our readiness. That's the balancing act.
The faster we pull the right levers in our retention will really define that timeline.
Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.