Cyber Security Intelligence Support

Cyber Security Intelligence Support is a program element within the Air Force's Research, Development, Test & Evaluation (RDT&E) budget, specifically under Operational Systems Development (Budget Activity 7). The primary goal of this line item is to fund the continued development, modification, and integration of cybersecurity tools and activities that support Department of Defense (DoD)-wide military intelligence efforts. The program is managed by the Air Force-owned DoD Cyber Crime Center (DC3), which leads the development of advanced cyber defense services and tools, aligning with the 2023 National Cybersecurity Strategy. A particular focus is placed on protecting companies within the Defense Industrial Base (DIB) that do business with the DoD, ensuring their networks are safeguarded against data exfiltration and unauthorized access.

CADO-IS (formerly CI-PED) and Automated Data Obfuscation (ADO, formerly STORMSYSTEM) are two major initiatives under this program. These efforts involve developing scalable network detection solutions, real-time alerting, and capabilities for detecting and reporting malicious cyber activity. The sensor program developed under this line item is designed to be more advanced and complementary to legacy efforts, such as service-specific sensors and in-house intrusion detection systems. The integration and deployment of these solutions on DIB networks are intended to enhance the detection and prevention of cyber threats targeting critical defense technologies.

Defense Forensic Evidence Networked Data Repository (DFENDR) is another key component funded by this line item. DFENDR supports the Law Enforcement Evidence Data Repository (LEEDR) program, which is ongoing at Fort Eisenhower, Georgia. DC3 conducts a Capabilities Based Assessment (CBA) for DFENDR, focusing on improving the collection, storage, and analysis of forensic evidence related to cyber incidents. This capability is crucial for supporting law enforcement and counterintelligence operations across the DoD, enabling rapid and secure sharing of intelligence and evidence.

TECH SURVEIL COUNTER MEAS EQPT is the specific project number associated with this program element. The objectives here include the development of software and hardware systems, integration and transition of lab-developed cyber capabilities, developmental testing, operational evaluation, and risk reduction efforts. The program also supports studies, analysis, pilots, and demonstrations to improve the protection of critical technologies.

Contractors such as Perspecta (Peraton), CACI, and MITRE are engaged in various aspects of capability development, sensor development, and data capability enhancement, reflecting a collaborative approach to advancing cyber defense technologies.

The acquisition strategy for Cyber Security Intelligence Support emphasizes a tailorable and flexible approach that allows rapid updates and delivery of both material and nonmaterial solutions to meet urgent operational military intelligence needs. The strategy enables solutions to enter the acquisition process at any phase of the lifecycle, supporting the rapid development environment and DevOps capacity necessary for protecting critical technologies. This approach is intended to synchronize collection, focus operational activity, and facilitate the rapid sharing of intelligence across the DoD.

Funding is directed toward professional and technical subject matter expertise, research, prototyping, development, and testing of cybersecurity tools. There are no civilian pay expenses forecasted for this program element in FY 2025 or FY 2026, as such expenses are managed under other program elements. The decrease in funding for FY 2026 is attributed to adjustments in the DFENDR component supporting the LEEDR program.

Planned activities for FY 2025 and FY 2026 include enhancing the design and ability to support research, prototyping, development, and testing of cybersecurity tools. The program aims to synchronize collection, focus operational activity, and rapidly share intelligence to support DoD-wide military intelligence efforts. Cyber Security Intelligence Support provides advanced cyber defense capabilities and supports the protection of sensitive defense technologies and infrastructure.