Countering Threats Automated Platform

The Countering Threats Automated Platform program, under Program Element (PE) 0302609V, is managed by the Defense Counterintelligence and Security Agency (DCSA) and funded through the Defense-Wide Research, Development, Test & Evaluation (RDT&E) appropriation. The primary objective of this program is to advance the Department of Defense's (DoD) capabilities in detecting, analyzing, and mitigating insider threats by leveraging modern technology and integrated data solutions. This initiative supports the DCSA's mission to ensure a trusted federal and industrial workforce and to protect critical national security assets.

Defense Security Analysis and Threat System (DSATS) is the principal line item within this program element. DSATS, previously known as the DITMAC System of Systems (DSOS), is designed to provide a comprehensive platform for insider threat management and analysis. The system collects, integrates, reviews, and assesses information from a wide array of sources, including DoD Insider Threat hubs, counterintelligence, security, cybersecurity, personnel management, workplace violence, anti-terrorism risk management, law enforcement, and user activity monitoring across DoD networks. This multi-source approach enables the identification and mitigation of risks to DoD personnel, assets, and information.

A key goal for DSATS in FY 2026 is to transition its operations to a self-hosted cloud environment, which will enhance scalability, security, and data management. The program aims to add new user roles, migrate data from legacy systems, and integrate with both internal DCSA and external systems to facilitate broader information sharing. DSATS will also improve dashboards and reporting capabilities, and complete independent verification and validation testing to ensure system reliability and effectiveness.

Another major objective is the development and deployment of automated data ingest capabilities. By enabling the system to automatically collect and process data from additional sources, DSATS will enhance its analytic efforts, allowing for more focused risk analysis and faster response times. These improvements are intended to support commanders at installation levels, providing them with better tools to manage insider threat cases and improve situational awareness.

In FY 2025, the program focused on building towards a Minimum Viable Capability Release (MVCR) for a case management tool. Development efforts centered on workflows, reporting, User Access Monitoring (UAM), and Behavioral Threat Analysis Capability (BTAC). These capabilities were deployed to DITMAC and other DoD agencies such as the Navy, Army, Air Force, and Missile Defense Agency, supporting installation-level reporting for prevention, assistance, and response programs.

For FY 2026, planned enhancements include further development of the self-hosted cloud environment, expansion of automated data ingest, and improvements to reporting, analysis, and data visualization. The program will continue to add data sources and refine analytic capabilities to ensure that enterprise requirements are validated and that the system remains responsive to evolving threats. The decrease in funding from FY 2025 to FY 2026 reflects a reduction in development costs as the program transitions from initial capability delivery to enhancement and sustainment phases.