Cyberspace Defense Analysis


The Cyberspace Defense Analysis (CDA) weapon system provides operational effects designed to protect and defend critical Air Force data at the nexus of adversarial threats, Air Force priorities and key missions and user behavior on Air Force networks. CDA conducts operations in concert with Air Force Cyberspace Defense, Air Force Intranet Control, Cyberspace Vulnerability Assessment/Hunter, Cyberspace Command and Control Mission System, and Cyberspace Security Control System weapon systems. CDA conducts defensive cyberspace operations by monitoring, collecting, analyzing, and reporting on sensitive information released from friendly unclassified systems, such as computer networks, telephones, email and Air Force websites. CDA is vital to identifying operations security disclosures and is the primary system assigned to provide operations security, communications security and unintentional and intentional insider threat monitoring for all Air Force operations, missions and functions; focusing on data loss prevention and information damage assessments.


CDA is operated by the 68th Network Warfare Squadron (active duty) at Joint Base San Antonio-Lackland, Texas, as well as the 860th Network Warfare Flight and 960th NWF (Air Force Reserve) at Offutt Air Force Base, Nebraska.


This weapon system evolved from operational security (OPSEC) programs designed to identify vulnerabilities for commanders in the field. It was officially designated by Chief of Staff of the Air Force in March 2013. 


CDA has two variants, both designed to monitor, collect, analyze and report information transmitted via unsecure telecommunications systems to determine whether sensitive or classified information is being transmitted. Compromises are reported to field commanders, OPSEC monitors or others to determine potential impacts and operational adjustments. The second variant currently provides additional functionality for conducting information damage assessment based on network intrusions, and assessing of unclassified Air Force websites. The second variant is only operated by the 68th NWS.

The CDA weapon system provides monitoring and/or assessment in six sub-discipline areas:

1. Telephony: Monitoring and assessing unclassified Air Force voice networks.
2. Radio frequency: monitoring and assessing Air Force communications within the VHF, UHF, FM, HF and SHF frequency bands (mobile phones, land mobile radios, wireless local area networks).
3. Email: Monitoring and assessing unclassified Air Force email traffic traversing the Air Force network.
4. Internet-based capabilities: Monitoring and assessing information that originates within the Air Force network that is posted to publicly accessible websites not owned, operated or controlled by the Department of Defense or federal government.
5. Cyberspace operational risk assessment: Assessing data compromised through Air Force network intrusions with the objective of determining the associated impact to operations resulting from that data loss. This sub-discipline is in the second variant.
6. Web risk assessment: Assessing information posted on unclassified Air Force-owned, -leased, or -operated public and private web sites in order to minimize exploitation of Air Force information by potential adversaries that can negatively impact Air Force and joint operations. This sub-discipline is in the second variant.

General characteristics
Active indicator monitoring: Preventing unauthorized access to or attacks on Air Force-owned, -leased or -operated systems or networks. Air Forces Cyber commander, through the 624th Operations Center, will task CDA units to search for information vulnerabilities that, if intercepted by an adversary, would facilitate unauthorized access to the Air Force Information Network or increase the effectiveness of adversary cyberspace operations.   

Primary Function: Support OPSEC and conduct defensive cyberspace operations by assessing unsecure Air Force communications.
Crew Positions: One cyberspace operations controller and three cyberspace defense analysts. Multiple crews are on duty at any time. All mission crews are supported by mission support personnel.
Inventory: Three
Major Command: Air Combat Command, Joint Base Langley-Eustis, Virginia
Numbered Air Force: 24th Air Force/Air Forces Cyber, JBSA-Lackland, Texas