Air Force CISO: Rethinking Network Resilience for Modern Cybersecurity
ALAMO ACE — The Air Force’s approach to network resilience is fundamentally changing, and according to Chief Information Security Officer Aaron Bishop, most organizations have misunderstood the concept entirely.
Traditionally, resilience has been viewed through an operational lens: the ability to recover and restore systems after they fail or face compromise. However, Bishop argued at the Alamo ACE conference in San Antonio that true resilience means preventing network failures from occurring in the first place through layered, component-level protection.
“Everyone thinks they know what resilience means, and I would venture to say most people get it wrong,” Bishop told the audience. “People tend to look at it from an operational lens: Can I continue my fight?”
Instead, Bishop advocates for resilience engineered into the system architecture itself. Zero Trust principles, which assume no actor is trustworthy by default, represent a critical shift toward this preventive model. Under Zero Trust, every component—from hardware to software to command interfaces—maintains its own protective layer.
“Zero Trust is about resilience at a micro-component level,” Bishop explained. “Each of the components of the system has its own protection, and you build on that.”
This architectural approach extends beyond cybersecurity measures alone. Achieving true resilience requires coordinated effort across supply chain management, system engineering, and design practices. Equally important is the ability to detect anomalies in real time and respond rapidly to emerging threats.
Bishop pointed to continuous monitoring through automation as essential but underdeveloped within the Air Force enterprise. Static, compliance-driven frameworks like the Risk Management Framework, he argued, create a misleading sense of security without addressing actual threats.
“By focusing on what we’re monitoring, what we’re sensing, and what we make of that information on a regular basis versus isolated anomalies, and then how we react, we improve our cycle time to react and become more resilient,” Bishop said.
Keith Hardiman, director of enterprise information technology for the Air Force CIO, echoed this sentiment while describing the current operational environment. “This is our current landscape: it’s contested, it’s complex, it’s continued to accelerate, and it’s why resilience is not optional. It’s foundational,” Hardiman noted.
The Air Force is undertaking organizational restructuring to implement this new resilience model across enterprise IT operations, working with the Deputy Chief of Staff for Warfighter Communications and Cyber Systems to ensure technology enablement aligns with operational requirements.
For the broader aerospace and defense industry, this shift signals a move away from reactive security postures toward proactive, engineered resilience built into every system layer. Organizations that fail to adopt this comprehensive approach risk operating with outdated security models in an increasingly contested environment.
Source ID: SRCE-2025-1764954526232-1206