CROCS Turns OT Cyber Policy Into Action

The Air Force’s Cyber Resiliency Office for Control Systems (CROCS) is translating high-level Pentagon cyber directives into operational steps to secure control systems across the department.

Technical Director Daryl Haegley said the office was created to close a long‑standing policy gap to secure operational technology (OT). The Department of the Air Force has spent more than a year assembling stakeholders from mission assurance, intelligence, operations and logistics to develop a 100‑point cyber plan. The office now tracks progress on each initiative and convenes more than 100 OT experts monthly to coordinate implementation.

Haegley emphasized that missions depend on their continuous availability. No base can operate without electricity, water and other critical services. CROCS plays a central role in aligning those priorities and helping assign appropriate levels of cyber risk.

The office is also pushing services to train for degraded conditions. Bases are conducting energy resilience exercises that simulate cyberattacks by disconnecting from commercial power and disrupting systems like HVAC.

“Operating in a contested environment — and training and rehearsing that — is what CROCS is trying to coordinate,” Haegley said.