Years after establishing a cyber fighting arm, the U.S. Air Force is still trying to define just what cyberoperations are so that it can determine what troops and resources it should dedicate to cybersecurity versus simple IT work -- and increase its offensive cybercapabilities.
Right now, the military -- and rest of the government -- lumps everything from basic antivirus protection and network maintenance into the "cyber" category, along with high-end operations along the lines of Stuxnet.
The looseness of the definition has caused enormous confusion among military officials.
"The Air Force, a few years ago, made a decision that our legacy communications and information experts would all become cyberspace experts," said the Air Force's chief information officer, Lt. Gen. Michael Basla during a recent briefing with reporters at the Pentagon.
"That has a lot of good logic behind it because a good portion of that force has a lot of the technological expertise required in the cyberspace domain."
However, most of these people build and maintain networks; they are not involved in or trained for cyber espionage and combat. So now the service is trying to separate IT administration from cybersecurity.
"I think we will draw a clearer line and distinction between what is required to build, operate and maintain (Air Force networks) and what is required to operate on the network," said Basla.
Everyone from the Air Force's chief of staff, Gen. Mark Welsh, to the Government Accountability Office has been confused by the nebulous definition of cyber.
Basla said the service divides its cyberforces and tech buys into three categories. Perhaps 94 percent of Air Force cyber resources go toward the day-to-day operations and network defense.
Next are the Air Force's aggressive, "active" cyberdefenses, which engage about 5 percent of the service's resources.
"Defensive cyberspace operations is a proactive defense strategy," Basla said. "What that means is we are attuned to (suspicious ) activity in the network, we're discovering, we're detecting, we're analyzing and then we're taking action when we discover something that is a potential threat so we can avert that threat or we can shut that threat down."
Last, there's the highly classified world of offensive cyberoperations. "This is, just like the term implies, when you take offensive action (similar to) other activities to the air, land, space, sea domains; that's a really small portion of the force, it's like, less than 1 percent," said the three-star general.
Better defining cyberoperations will help the military decide how to allocate precious resources to cyber.
In September, Welsh said that he is wary of committing resources to cyber until he has a better feel of just what is expected of his service in that domain.
"I don't know of a really stated requirement from the joint world, through U.S. Cyber Command in particular, as to what exact kind of expertise they need us to train to and to what numbers to support them and the combatant commanders," said Welsh during a press conference after his speech at a recent Air Force Associations annual conference in Maryland.
Welsh went on to say that up to 90 percent of Air Force cyberpersonnel are simply responsible for operating and defending Air Force IT systems.
"They're not what NSA would call a cyberwarrior for example," said the four-star, meaning that a very small percentage of Air Force cyberoperators specialize in offensive operations. "That's confusing to the rest of the Air Force because the rest of the Air Force doesn't understand. They don't really know what we're doing."
Reed is a national security reporter for Foreign Policy magazine.