The Budget For Army Defensive Cyberspace Operations

An interesting bit of news caught my eye recently in an article produced by Mark Pomerleau of C4ISRNet. Titled “Army honing in on cyber defense,” Pomerleau noted in the piece that a recently created PEO EIS operational needs assessment for Army Defensive Cyberspace Operations (DCO) mentioned turning the Cyber Protection Team (CPT) Tools portion into a defense program of record. This is a development not previously mentioned in the Army’s budget request for fiscal year 2017. Turning CPT Tools into a program of record would provide more stable and predictable funding in the years to come, so making the conversion would be an important step toward solidifying the structure of Army defensive cyber investments.

For those unfamiliar with DCO, it is a program with four pieces. These are, as laid out by Pomerleau, DCO-Infrastructure (DCO-I), CPT Tools, web vulnerability tools, and a big data platform for ingesting and analyzing data coursing across Army networks. Requested funding for the DCO program in the Army’s FY 2017 budget request falls in both the Procurement and Research, Development, Test & Evaluation (RDT&E) categories summarized in the chart below.

The total requested Procurement dollars for DCO in FY 2017 is $17M. The total requested RDT&E dollars for DCO in FY 2017 is $12M. FY 2017 is the only year for which we have detailed numbers. For subsequent years, the total for the DCO program falls entirely under the Procurement budget. Those numbers shake out as follows.

As for the details surrounding the specific investments, here is how the Army describes the RDT&E pieces of the DCO program, including the components of Program Executive Office Enterprise Information Systems where the work is taking place.

DCO - Big Data Pilot (PEO EIS, PD ES-CYBER): FY 2017 initiates Big Data Pilot which provides an advanced analytics capability capable of ingesting structured, semi-structured, and unstructured data from multiple data sources (e.g., the JRSS, intrusion detection systems, intrusion prevention systems, network device log files, trouble tickets, firewalls, proxies, web and applications server log files, etc.) and proves situational awareness of cyberspace battlefield. It provides the computer network defense provider with a common analytic platform which informs and reduces risk associated with future material solutions and forms a blueprint for future Big Data Analytics. Big Data (analysis-of-all DoD Information Network sensor data) provides two optimized and accredited clusters deployed in support of JRSS and Defense Research and Engineering Network (DREN) with a tools suite accessible to Cyber Mission Forces via secure remote access. FY 2017 initiates Big Data Pilot cyber funding for design and development that is focused on getting the core platform to threshold capability and certified. Equipment would be purchased for the first 22 instances located at 11 of the JRSS locations with installation in FY 2018 after type certification is completed.

DCO - Infrastructure (PEO EIS, PM I3C2-DCO): DCO-I Engineering Design, Development, and Software maintenance of standardized cloud infrastructure software to include deployment and build platforms for three primary environmental configurations (garrison, deployable and tactical). Additionally, providing advanced hypervisor, cloud deployment, security and integration and development. FY 2017 provides advanced security of infrastructure software for government managed purposes, a government unique cloud environment and management for infrastructure software facilitating collaboration and enhanced security to protect the abstraction layer of the infrastructure. FY 2017 also begins Cyberspace Mission Command / Battle Management Platform (Plan X) efforts. The foundational mission command platform for the conduct of cyberspace operations based on the transition of advanced technologies from the DARPA Foundational Cyber Warfare Program (Plan X). The platform includes battlespace awareness (SA), mission planning, course of action development, war gaming and execution capabilities. The platform will be developed in a continuous delivery methodology utilizing DevOps-like paradigms to ensure continued integration of new technological advances. Lastly, DevOps development for a centralized collaboration environment and repository including test and continuous delivery components. Facilitating license management, compilation and hosting of new platforms, centralized deployment/integration/hosting of products, synchronization of software tools developed by cyber forces; including tool development chain with integrated test capability and deployment by cyber mission effectiveness (existing DCO systems to be managed within - Log Collector & Qtip).