DTRA Cyber Activities

The DTRA Cyber Activities Procurement Program is a line item within the Defense Threat Reduction Agency (DTRA) budget, specifically focused on supporting the agency's mission requirements related to cybersecurity. The primary goals of this program are to ensure the life-cycle replacement of deployable cyber toolkits, upgrade end-of-life equipment, and evolve current technologies to meet the agency's Zero Trust architecture requirements. This program is funded under the Major Equipment procurement activity, with allocations for fiscal years 2024, 2025, and 2026, reflecting a strategic investment in maintaining and enhancing DTRA's cyber defense capabilities.

For FY 2024, the program addressed several key objectives. One major effort was the replacement of end-of-life network equipment, which is critical for integrating into the Enterprise Network Logging Capability. This integration supports Department of Defense (DoD) requirements for monitoring, alerting, reporting, and responding to cybersecurity events that impact the agency. Additionally, the FY 2024 budget funded the procurement of nine Cyber Assessment systems previously known as Black Rhino Assessment systems which are lightweight, portable kits equipped with advanced cybersecurity technologies and software. Funding also supported a long-term storage system to address customer data storage needs.

In FY 2025, the program's budget focused on procurement and upgrades rather than large-scale system replacement. The main objectives for this year include acquiring a deployable toolkit to enhance DTRA's cyber capability and integrating cyber assessments into the agency's overall mission assurance framework. This integration is designed to ensure that both physical and cyber vulnerabilities are identified, enabling senior leaders to make informed risk decisions. FY 2025 funds also support upgrades to system storage, hardware, and software that have become obsolete, as well as the life-cycle replacement of cybersecurity tool suites and licensing for tools that integrate with the Enterprise Security Incident Event Manager (SIEM) and network logging capabilities.

The FY 2026 budget for DTRA Cyber Activities reflects a further refinement of program objectives. Funding will be used to license, update, configure, and tune the agency's SIEM and Security Orchestration, Automation, and Response (SOAR) capabilities. These efforts directly support DTRA's transition to a Zero Trust Architecture, in line with DoD policies and guidelines. The focus for FY 2026 is on enhancing incident response, enabling proactive threat hunting, and improving overall cyber resilience, which are essential components of the agency's strategic cybersecurity and national defense posture.

Across all fiscal years, the DTRA Cyber Activities program is justified by the need to comply with key DoD directives, including CJCS Instruction 6510.0 (Information Assurance and Support to Computer Network Defense) and DoDI Instruction 8510.01 (Risk Management Framework for DoD Information Technology). These directives require robust network and system visibility, comprehensive log review, alerting, and data retention capabilities, all of which are supported by the program's investments in hardware, software, and licensing.

The program's procurement strategy emphasizes the life-cycle replacement of critical cyber infrastructure, ensuring that DTRA remains equipped with current and effective technologies. By investing in deployable toolkits, network equipment, and advanced cybersecurity platforms, the agency aims to maintain operational readiness and resilience against evolving cyber threats. The net decrease in funding from FY 2025 to FY 2026 is attributed to the completion of major system procurements in the previous year, with FY 2026 focusing on software licensing and configuration rather than hardware acquisition.