Cyberspace Defense Analysis Weapon System

Mission

The Air Force Cyberspace Defense Analysis (CDA) Weapon System (WS) provides operational effects designed to protect and defend critical U.S. Air Force data at the nexus of adversarial threats, United States (US) Air Force (AF) priorities and key missions and user behavior on USAF networks.  The CDA WS conducts operations in concert with the AF Cyberspace Defense (ACD) WS, AF Intranet Control (AFINC) WS, Cyberspace Vulnerability Assessment/Hunter (CVA/H) WS, Cyberspace Command and Control Mission System (C3MS), and Cyberspace Security Control System (CSCS) WS.  CDA conducts Defensive Cyberspace Operations by monitoring, collecting, analyzing, and reporting on sensitive information released from friendly unclassified systems, such as computer networks, telephones, email, and USAF websites. CDA is vital to identifying Operations Security (OPSEC) disclosures.  The CDA WS is the primary system assigned to provide Operations Security (OPSEC), Communications Security (COMSEC) and unintentional and intentional Insider Threat (InT) monitoring for all AF operations, missions and functions; focusing on data loss prevention and information damage assessments.

The CDA weapon system is operated by one Active Duty unit [68 Network Warfare Squadron (NWS) and two Reserve units [860 Network Warfare Flight (NWF) and 960 NWF] located at Joint Base San Antonio Lackland TX, and Offutt AFB NE, respectively.

Background

This weapon system evolved from OPSEC programs designed to identify vulnerabilities for commanders in the field and was officially designated by Air Force Chief of Staff in March 2013. 

Features

The CDA weapon system has two variants. Both variants are designed to monitor, collect, analyze and report on information transmitted via unsecured telecommunications systems to determine whether sensitive or classified information is being transmitted. Compromises are reported to field commanders, OPSEC monitors or others to determine potential impacts and operational adjustments. The second variant currently provides additional functionality for conducting 1) information damage assessment based on network intrusions and 2) assessment of AF unclassified web sites. The second variant is only operated by the 68 NWS.

The CDA weapon system provides monitoring and/or assessment in six sub-discipline areas:

Telephony: monitors and assesses AF unclassified voice networks.

Radio Frequency (RF): monitors and assesses AF communications within the VHF, UHF, FM, HF, and SHF frequency bands (mobile phones, Land Mobile Radios, wireless Local Area Networks).

Email: monitors and assesses unclassified AF email traffic traversing the AF Network (AFNet).

Internet Based Capabilities (IbC):
monitors and assesses information that originates within the AFNet that is posted to publicly accessible IbC not owned, operated, or controlled by the Department of Defense (DoD) or the Federal Government.

Cyberspace Operational Risk Assessment (CORA): assesses data compromised through intrusions of AF networks with the objective of determining the associated impact to operations resulting from that data loss. This sub-discipline is in the second variant.

Web Risk Assessment (WRA): assessment of information posted on AF unclassified owned, leased, or operated public and private web sites in order to minimize exploitation of AF information by potential adversaries that can negatively impact AF and joint operations. This sub-discipline is in the second variant.

Active Indicator Monitoring (AIM):
 Prevents unauthorized access to or attacks on AF-owned, - leased or –operated systems or networks.  CDRAFCYBER, through the 624 OC, will task CDA units to search for information vulnerabilities that if intercepted by an adversary, would facilitate unauthorized access to the AFIN or increase the effectiveness of adversary cyberspace operations.   

General Characteristics

Primary Function: Support OPSEC and conduct Defensive Cyberspace Operations by assessing unsecure Air Force communications.

Crew Positions: Four person crew consisting of one Cyberspace Operations Controller and three Cyberspace Defense Analysts. Multiple crews are on duty at any time. All mission crews are supported by mission support personnel.

Inventory: Three

Major Command: Headquarters Air Force Space Command (HQ AFSPC)

Numbered Air Force: 24 AF

(Current as of January 2017)