AF Defensive Cyberspace Operations

The AF Defensive Cyberspace Operations program is a Department of the Air Force (DAF) initiative focused on developing, integrating, and modernizing cyber defense capabilities to protect Air Force and Department of Defense (DoD) networks, mission systems, and control systems. The primary objective is to ensure mission assurance and operational effectiveness in the face of evolving cyberspace threats. The program is structured under Budget Activity 7, Operational Systems Development, emphasizing research, development, testing, and evaluation (RDT&E) of systems that are either fielded or approaching full-rate production.

The Integrated Defensive Cyberspace System (IDCS) is the central line item for FY25 and FY26, consolidating previous efforts such as Cyberspace Vulnerability Assessment, Cyber Defense Analysis, and AFCERT. IDCS aims to deliver an integrated enterprise-level cybersecurity architecture that provides situational awareness, advanced analytics, and rapid defensive response across the DAF's cyber terrain. Key objectives include developing a common sensor platform, a big data platform, and integrating these with Joint Cyber Warfighting Architecture and Advanced Battle Management System. IDCS supports both fixed and mobile use cases, enabling rapid deployment of defensive cyber sensor capabilities and facilitating automated decision-making and human/machine teaming for cyber operators.

Computer Security RDTE: Firestarter focuses on late-stage science and technology development and transition of cyber defense and information assurance technologies. The program's goals are to enhance proactive defense, incident response, malware detection, cyber hardening of industrial control systems, and AI/ML-enabled cyber mission assurance. Firestarter leverages investments and research from multiple government organizations to accelerate the development and integration of solutions for Air Force C4I systems. These capabilities are incrementally integrated into the IDCS framework to ensure compatibility and operational synergy.

Cyberspace Vulnerability Assessment previously funded the development and enhancement of a weapon system that provides mobile precision and hunter missions to identify, pursue, and mitigate cyberspace threats on AF and DoD networks. The program supports the development of command and control situational awareness tools and expands the capability of Cyber Protection Teams and Mission Defense Teams. As of FY25, these activities have been transitioned to the IDCS line item to streamline modernization and integration efforts.

Cyber Defense Analysis supported a weapon system that conducts defensive cyberspace operations by monitoring, collecting, analyzing, and reporting sensitive information on the AFNet. The objective is to protect critical information, such as PII and OPSEC, through passive monitoring and active data loss protection. Assessments cover telephony, RF communications, email, and internet-based capabilities, helping prevent adversaries from gaining early warning of Air Force plans or capabilities. This effort has also been consolidated under IDCS for greater efficiency.

AFCERT previously described the Air Force Cyber Emergency Response Team's activities, which have now been subsumed under IDCS. The focus is on developing and deploying defensive cyber sensor capabilities, enhancing situational awareness, and supporting operational units such as Sixteenth Air Force, 688th Cyber Wing, and Cyber Protection Teams. IDCS equips these units with modular hardware, edge cloud-compute platforms, and containerized software to execute missions supporting both enterprise and tactical edge operations.

Across all line items, the program emphasizes continuous integration and delivery, agile software development, and the use of commercial off-the-shelf, government off-the-shelf, and open-source solutions. Acquisition strategies leverage pre-competed contracts, model-based systems engineering, and collaboration with related programs to maximize cost efficiency and interoperability. Advisory and Assistance Services, program management, and civilian pay expenses are included to support development and sustainment activities. The consolidation of legacy efforts into IDCS addresses a critical capability gap, providing the DAF with a unified, scalable, and resilient cyber defense posture essential for mission assurance and air power projection.