The objective of the project documented here was to examine how cybersecurity might bebetter managed at the enterprise level in the U.S. Air Force, including the allocation of roles andresponsibilities for the central tasks for securing cyberspace and ensuring Air Force missionsdespite attacks through cyberspace. This report should be of interest to all in the Air Force and tomany other government agencies.

The research reported here was commissioned by the Air Force Chief InformationDominance and Chief Information Officer in the Office of the Secretary of the Air Force andconducted within the Resource Management Program of RAND Project AIR FORCE as part of afiscal year 2018 project, “Organizational Roles in Cyberspace Mission Assurance.”