After only two years since the U.S. Air Force’s (USAF) launched Kessel Run, its Branch Chief Erynn Petersen touted the success they have seen in providing USAF with agile and resilient cybersecurity responsiveness at MeriTalk’s Cyber Security Brainstorm today. Petersen also stressed how Kessel Run can pose as a model for other cybersecurity teams.
USAF started Kessel Run to create an in-house capability to “deploy software faster to fighters in the field,” Petersen said, adding that the resiliency the program has built is based on agile and is customer-centric.
“The heart of Kessel Run is about being user-focused, user-centered in our design thinking, and then iterating really quickly, being agile,” Petersen said.
Petersen explained that Kessel Run has five capability areas that help them accomplish its mission and that her team has developed a closed-loop system and holds drills to help it maintain quick and effective incident responses. She said that Kessel Run’s incident response time is now under five minutes.
“That means within five minutes in hearing about that incident, we are reaching out to the developers who wrote the … code and getting them together and getting them on the line, figuring out how do we fix this as soon as possible,” Petersen said. “When we hear about the people working around this in government, who have to wait 200 days to fix an incident, we’re thinking about, ‘Okay, how do we help these teams around us cut that time down to less than 10 minutes, less than 15 minutes?’”
Petersen added that other government stakeholders have approached Kessel Run requesting information on how the program runs and manages its systems, and she emphasized at the end of her talk that she would like to see Kessel Run’s partners and the cybersecurity community reach a point where it can identify and respond to issues quickly.
“We’re going to have to figure out how to operate faster; we’re going to have to figure out how to be able to have our partners who develop the code respond faster,” she said, adding that “I think that really is a legacy that we need to be behind over the next six, 12, 18 months.”