A Hanscom Air Force Base IT team stood up an Enterprise IT-as-a-Service Security Operations Center in San Antonio in late February to ingest data from Buckley Garrison, Colorado, and Offutt AFB, Nebraska.
With updated visualization and automation capabilities, the new ESOC will provide cybersecurity professionals with increased threat detection resources, allowing shorter response times.
“The ESOC will impact Airmen and Guardians by increasing mission effectiveness using integrated cyber command and control capabilities,” said Col. Raymond Tramposch, EITaaS Integrated Program Office cybersecurity lead. “Standing up the ESOC provides a new cybersecurity tool that will automate a number of tasks and enable Airmen and Guardians to put more focus on critical security incidents.”
The ESOC uses data-centric and commercial software tools to provide a platform to defend commercial IT networks and EITaaS systems and devices.
By conducting security and defense operations in partnership with the 16th Air Force, 616th Operations Center, and 33rd Network Warfare Squadron, all located at Lackland AFB, Texas, this capability also supports the Air Force cyber mission.
“The use of the ESOC drives the Department of the Air Force to greater cybersecurity measures that defend the network our Airmen and Guardians use every day,” said Capt. John Phinney, EITaaS IPO program manager. “This milestone within the EITaaS effort correlates with (Air Force Chief of Staff Gen. Charles Q. Brown, Jr.‘s) charge of ‘Accelerate Change or Lose‘ and sets the foundation for delivering cybersecurity enterprise services across the Air and Space Forces.”
Standing up the ESOC demonstrates how networks supporting Air and Space Force locations and the EITaaS boundary can be effectively protected using state-of-the-art tools and industry-leading best practices, said Col. Brenda Oppel, EITaaS IPO director.
The ESOC will not replace the current work performed by the 16th AF of providing network monitoring and security, Oppel said.
“The ESOC will demonstrate its capabilities to observe and report incidents to operational units within the 16th AF, including the 33 NWS,” Oppel said. “Any response to events will be directed by 16th AF in accordance with existing Air Force instructions and the Incident Response Plan developed for the ESOC.”
To establish the ESOC, the Hanscom EITaaS team worked closely with the Defense Information Systems Agency, U.S. Cyber Command, the Department of Defense Information Network, 16th Air Force, the chief information officer under the secretary of the Air Force, Air Combat Command, and other organizations within the Air Force Life Cycle Management Center.
The establishment of the ESOC is just one of several ongoing EITaaS Risk Reduction Efforts, which is the Air Force’s multi-year approach to exploring technical, operational, security, and organizational requirements for Enterprise IT.
In the future, the EITaaS IPO intends to expand ESOC services to additional installations, in alignment with EITaaS Risk Reduction Effort priorities.