AF Defensive Cyberspace Operations

Abstract

AF Defensive Cyberspace Operations (AF DCO) provides defensive cyber capabilities that protect the AFNET and DoD network enclaves, to include their associated computer systems, software applications and sensitive operational information against unauthorized intrusion, corruption, and/or destruction. The emphasis of the program is directed toward defensive cyberspace capabilities, computer and network systems security, damage assessment and recovery, cyber threat recognition, attribution, and mitigation, and active response methodologies in response to evolving threats and changes to cyber environment. These areas of emphasis are realized through research and development, test and acquisition in the areas of proactive defense, defensive counter cyberspace, cyberspace intelligence, surveillance and reconnaissance, command and control situational awareness, persistent network operations, as well as decision support, recovery, and digital forensics. Firestarter utilizes cyber and Information Assurance (IA) technology investments by US Cyber Command, the Defense Advanced Research Projects Agency (DARPA), the National Security Agency (NSA), Director of National Intelligence (DNI), Intelligence Advanced Research Projects Activity (IARPA), the Department of Homeland Security (DHS), and various government research laboratories, to jump-start its development of solutions to existing Air Force cyber and IA requirements. This program supports AF Cyberspace strategic direction in support of Cyber Defense which provides capabilities to 16th AF, as AF component to US Cyber Command (USCYBERCOM), Defense Information Systems Agency (DISA), National Security Agency (NSA), and other services to ensure Global Information Grid (GIG) cyber and IA requirements are being met. Activities performed include those designed to identify, analyze, test, rapidly acquire, and integrate emerging IA and cyber technology and defensive cyberspace weapons systems and capabilities into all regions of the GIG - terrestrial, airborne, and space systems. In addition, this effort will support implementation of DoD Enterprise-wide IA & Computer Network Defense (CND) Solutions Steering Group (ESSG) solutions. Current Air Force systems, such as the AFNET NIPRNet Gateways, SIPRNet Modernization program, and Host Based Security System leverage this technology to meet their information assurance and defensive cyberspace needs/requirements. Cyberspace Vulnerability Assessment/Hunter Team (CVA/H) weapon system develops new capabilities to provide Air Force Cyber Command (AFCYBER) and Combatant Commanders additional mobile precision in addition to currently fielded protection capabilities to identify, pursue, and mitigate cyberspace threats. The CVA/H weapon system performs defensive sorties world-wide via remote or on-site access. CVA/H executes vulnerability, compliance, defense and non-technical assessments, best practice reviews, penetration testing, and Hunter missions of AF and DoD networks and systems. Hunter operations characterize and then eliminate threats for the purpose of mission assurance. The Hunter mission focuses on the capability to find, fix, track, target, engage, and assess (F2T2EA) the advanced persistent threat (APT). This effort funds the development efforts to enhance command and control situational awareness and to expand the capability of the current weapon system to meet the scope and scale of USCYBERCOM directed Cyber Protection Teams and AF Mission Defense Teams. Cyberspace Defense Analysis (CDA) is an assessment of non-secure telecommunications to determine type and amount of sensitive and/or classified information that may have been disclosed to our adversaries and encompasses several mission subsets, including: Telephony Communications, Radio Frequency (RF) Communications, Email Communications, Internet based Capabilities (IbC), and Cyber Operations Risk Assessment (CORA). CDA is the cyberspace weapon system that is used to conduct assessments during peace time and contingency operations. The CDA weapon system protects the AF's critical information such as PII, OPSEC, and other sensitive information through passive monitoring and active Data Loss Protection (DLP). CDA shows its true capability in the force protection realm and helps ensure our adversaries are not provided early warning of our plans, capabilities, or limitations. Continued funding is essential in developing new capabilities to combat the rapidly evolving cyber threat. Cyberspace Defense Analysis (CDA): The CDA weapon system conducts Defensive Cyberspace Operations (DCO) and network defense by monitoring, collecting, analyzing, and reporting sensitive information transiting or residing on the AFNet. Without proper funding the CDA Operators will not be able to determine potential impacts and operational adjustments resulting from information disclosures or identify compromised information from network intrusions. There will be a decreased assurance of network defense and an increase in the amount of lost PII, OPSEC, and other sensitive information. The CDA mission subsets include: Telephony Communications, Radio Frequency (RF) Communications, Email Communications, Internet based Capabilities (IbC), and Cyber Operations Risk Assessment (CORA). CDA is the cyberspace weapon system that is used to conduct assessments during peace time and contingency operations. CDA shows its true capability in the force protection realm, OPSEC, Data Loss Prevention, etc. and helps ensure our adversaries are not provided early warning of our plans, capabilities, or limitations. Continuing funding is essential in developing new capabilities to combat the rapidly evolving cyber threats. The Cyberspace Defense Analysis (CDA) weapon system must development new capabilities to provide additional information protection capabilities to monitor, collect, analyze, and report cyberspace threats and identify compromised data. These capabilities encompass the support to OPSEC protection and Data Loss Prevention. The CDA program will utilize various contractual vehicles when necessary such as Solutions for Enterprise-Wide Procurement IV (SEWP IV), General Services Administration (GSA) Federal Supply Schedules, Network-Centric Solutions (NETCENTS), and other competitive contracts (if required). The use of multiple-award contractual vehicles provide access to a wide range of commercially-available products and services required to meet Defensive Cyber Operations requirements related to combat the rapidly evolving cyber threats. The AF Cyberspace Defense (ACD) weapon system is designed to prevent, detect, and respond to adversarial penetration into AF unclassified and classified networks. ACD supports Air Force and Combatant Commanders by conducting synchronized Defensive Cyber Operations (DCO) and providing 24/7/365 monitoring and defense of USAF and US Central Command Secure/Non-secure Internet Protocol Router Network (SIPRNET/NIPRNET) systems against hostile attack. Daily intrusions to the AF network are analyzed in a forensics manner to identify a multitude of counter defensive and defensive tools and techniques that are required to truly strengthen cyber security. The Air Force Research Laboratory (AFRL), Air Force CyberWorx and other Federal R&D entities often have cutting edge solutions, that, with Research and Development funding, can be taken to the technology readiness level (TRL) needed for rapid deployment as new capability to counter critical cyber weapon system vulnerabilities. Funding for this effort will focus on development of capability, capacity, and potential modifications to increase the utility of the ACD weapon system to the warfighter as well as testing requirements for new capabilities. Activities include studies and analysis to support both current program planning and execution and future program planning. This program element may include necessary civilian pay expenses required to manage, execute, and deliver weapon system capability. The use of such programs funds would be in addition to the civilian pay expenses budgeted in program element 0605831F. In FY20 $0.075M was expended for civilian pay expenses in this program element, and in FY21 $0.103M is forecasted for civilian pay expenses in this program element. This program is in Budget Activity 7, Operational System Development because this budget activity includes development efforts to upgrade systems that have been fielded or have received approval for full rate production and anticipate production funding in the current or subsequent fiscal year.

Open PDF

Document Details

Document Type
R2 Budgetary Justification
Publication Date
Oct 01, 2022
Source ID
0208088F_7_3600_PB_2022
Change Summary Explanation
Service Agency Name
Air Force

Entities

Organizations

  • United States Air Force

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force Research Laboratories
  • Application Software
  • Command And Control
  • Computer Networks
  • Cyber Defense Techniques
  • Cyber Protection
  • Cyber Threats
  • Cyberattacks
  • Cybersecurity
  • Cyberspace
  • Cyberspace Operations
  • Department Of Homeland Security
  • Electronic Mail
  • Homeland Security
  • Insider Threats
  • Network Protocols
  • Test And Evaluation

Fields of Study

  • Computer science

Readers

  • Civilian Systems Systems Program Capability Development and Upgrade Support Activity Expense and Pay Management.
  • Cybersecurity.

Technology Areas

  • Cyber
  • Fully Networked C3
  • Fully Networked C3 - Command and Control
  • Space

Related Documents