Defensive CYBER Tool Development

The Defensive CYBER Tool Development program (PE 0605041A) is a key Army research, development, test, and evaluation (RDT&E) initiative focused on advancing defensive cyber capabilities for tactical environments. This program element encompasses multiple projects, each designed to address specific operational needs in cyber defense. The overarching goal is to enable Army units to detect, understand, and respond to cyber threats in real time. The program is structured to support both the modernization of command and control (C2) systems and the integration of advanced cyber situational awareness and defensive operations tools at the tactical level.

CYBER Situational Understanding (Cyber SU) was a software-only mission command application developed to provide maneuver commanders at the brigade through Army Service Component Command levels with real-time awareness of cyber and electronic warfare threats. The primary objective of Cyber SU was to deliver a Cyber Electromagnetic Activity (CEMA) overlay on the commander's Common Operational Picture, integrating data from multiple sources to visualize and assess cyber impacts across physical, logical, and persona layers of the tactical battlespace.

The program aimed to operate within the constraints of tactical hardware and bandwidth, supporting expeditionary operations and aligning with the Army's Common Operating Environment standards. Cyber SU was designed to ingest and synchronize data from a variety of Army programs of record, such as the Tactical Defense Cyber Operations Infrastructure and the Electronic Warfare Planning and Management Tool, to provide a comprehensive view of friendly, adversary, and neutral cyber activities.

The system also supported collaboration at the tactical edge and was structured with an open systems architecture to facilitate integration with other services and third-party technologies. The Army approved the termination of Cyber SU in June 2024, with its requirements being realigned to other ongoing efforts such as the Informational Dimension and Unified Network Operations programs.

Tactical DCO-I (TDI) is the remaining active project under the Defensive CYBER Tool Development program. TDI is a software-only initiative that delivers pre-configured Defensive Cyber Operations (DCO) applications, enabling both local and remote cyber defenders to conduct surveillance and maneuver against adversaries within the Army's tactical networks. The program's goals include automating the deployment of DCO tools, detecting and mitigating cyber threats, and supporting both global and regional defenders in countering advanced persistent threats.

TDI development follows a five-year Information Technology (IT) Box construct, with multiple Capability Releases (CRs) planned to incrementally deliver new features and updates. Each CR addresses specific needs, such as data aggregation from various echelons, integration with the Army's Tactical Data Fabric, and the implementation of Security Orchestration, Automation, and Response (SOAR) capabilities. Recent and planned releases have also incorporated artificial intelligence and machine learning models to enhance threat detection and response at the tactical edge.

TDI funding is allocated to complete development engineering and integration for upcoming Capability Releases, as well as to support the convergence with Army Data Strategies and the implementation of automated security operations. The program also includes resources for developmental and operational testing, training development in coordination with the Army Training and Doctrine Command (TRADOC), and ongoing systems engineering and management support. The acquisition strategy emphasizes agile, continuous integration and delivery to ensure the TDI capability remains responsive to evolving cyber threats and operational requirements.