Current as of December 18, 2025
MISSION
The Cyberspace Defense Analysis (CDA) Weapon System (WS) provides constant monitoring for the collection, analysis, and reporting of unsecured and unprotected telecommunications systems to determine if they are being used to transmit sensitive or classified information. It serves as the operational area of the USAF's Defensive Cyberspace Operations (DCO) by monitoring, collecting, analyzing, and reporting on sensitive information released from friendly unclassified systems such as computer networks, telephones, electronic mail (E-mail), and USAF websites. The CDA WS helps organizations evaluate Operations Security (OPSEC) and Communications Security (COMSEC) practices and determines the amount and type of information available for adversarial collection. Additionally, the CDA WS provides functionality for conducting information damage assessment based on network intrusions, as well as cybersecurity and OPSEC assessments of USAF-owned and -operated unclassified websites.
BACKGROUND
Commanders at all levels have an OPSEC program that identifies organizational vulnerabilities. CDA enables the identification of OPSEC disclosures through detection while protecting the legal rights and civil liberties of friendly forces using unsecured and unprotected telecommunications systems. It provides dedicated and responsive assessment capabilities to determine the mission impact of information released or disclosed from owned or leased communication systems and networks to secure USAF information and operations. It was officially designated by the Chief of Staff of the Air Force in March 2013.
FEATURES
CDA provides continuous monitoring of Air Force unclassified networks. CDA operates in three sub-discipline areas:
1. Email: CDA products provide operational commanders with near real-time reports of classifies or critical information disclosures that may adversely affect U.S. (and allied /coalition) operations. ESSA mission reports on OPSEC violations. AIM mission reports on Network Vulnerabilities and PII breaches.
2. RFMS: Radio Frequency Monitoring System is a specialized collection of hardware and software that collectively provide the capability to detect, monitor, and record signals in the RF spectrum for 9kHz up to 27 GHz. RFMS utilizes stand-alone equipment to monitor, record, and analyze communications over Very High Frequency (VHF)/Ultra High Frequency (UHF)/Super High Frequency (SHF) radio frequencies, as well as Wi-Fi bands such as 802.11 b/a/g/h.
3. CORA: Cyber Operational Risk Assessments purpose is to analyze compromised data to determine the associated impact. CORA is focused on data loss. The CORA mission utilizes EnCase Forensic software for processing of compromised data.