Skip to content
Fiscal Receipts

Cyber Operations Technology Support

CYBERCOMRDT&EPartial Reconciliation0306250JCY
What it is
Cyber Operations Technology Support — a research & development program run by CYBERCOM.
What changed
+$397.6M FY25→26
Who gets it
No award linkage at high confidence.

Budget Figures

FY24 Actuals
$412.7M
FY25 Total
$505.4M
FY26 Request
$903.0M
FY25→26 Change
$397.6M
Budget Trajectory
FY24: $412.7MFY25: $505.4MFY26: $903.0MFY24FY25FY26
FY24
$412.7M
FY25
$505.4M
FY26
$903.0M

FY2026 award data is a partial year — USASpending awards are reported on a rolling basis and the fiscal year does not close until September 30. why →

Program dossier

Every sentence below carries its citation — warehouse figures open the citation panel, news claims link the cached source.

Research dossiers exist for 50 of 326 programs — the top-50 programs by FY2026 request, ranked by dollar value. why →

What it is

  • Cyber Operations Technology Support (program element 0306250JCY) is a U.S. Cyber Command (USCYBERCOM) program funded through the Research, Development, Test and Evaluation, Defense-Wide account.
  • USCYBERCOM's mission is to deter or defeat strategic threats to U.S. interests and infrastructure, provide mission assurance for the operations and defense of the Department of Defense information environment, and support the achievement of the Joint Force Commander's objectives.
  • The program falls in Budget Activity 7, Operational System Development, which covers development efforts to upgrade systems that have already been fielded or approved for full-rate production.
  • The program is categorized as a cyber program because it is a USCYBERCOM program element whose mission is technology support for cyberspace operations and defense of DoD networks.
  • The Cyber Weapons and Tools portfolio funds the development of tailored software and hardware solutions that enable USCYBERCOM personnel to gain access to and affect key foreign adversary cyberspace systems at enterprise scale under a strategy of persistent engagement.
  • The Sensors portfolio includes Hunt Forward, Enhanced Sensing and Mitigation, and Deployable Mission Support Systems (DMSS) kits — self-contained, flyaway equipment operated by Cyber Protection Teams to survey, secure and protect military networks and conduct vulnerability analysis and incident response on classified and unclassified networks.
  • The Joint Cyber Warfighting Architecture (JCWA) was created by USCYBERCOM as a guiding concept to integrate cyber warfighting systems and to inform cyber warfighting acquisition and investment decisions.
  • MDDE funding provides advanced non-kinetic capabilities that support USCYBERCOM operational directives, the FY 2025 Interim National Defense Strategy, and the Department of Defense Cyber Strategy.

Why it matters

  • The FY 2026 request for Cyber Operations Technology Support totals $903.020 million, made up of $473.399 million of discretionary funding and $429.620 million of mandatory (reconciliation) funding, with the mandatory portion specific to Cyber Weapons & Tools, IT and low-equity cyber infrastructure.
  • The program's FY 2026 total of $903,020 thousand is a sharp increase over the FY 2025 total of $505,434 thousand.
  • FY 2024 actual spending was $412,718 thousand, meaning the program has more than doubled from FY 2024 actuals to the FY 2026 total request.
  • The FY 2025-to-FY 2026 change amounts to $397,586 thousand, a roughly 79% increase year over year.
  • The Data & Sensors portfolio supports U.S. Indo-Pacific Command's regional strategy, including enhanced sensing efforts under the Pacific Deterrence Initiative to expand low-level network sensing and defense of key networks such as Defense Critical Infrastructure in Guam.
  • Data & Sensors investments produced measurable results, including an inventory of over 3,000 operational-technology assets that yielded a 52% reduction in malicious and anomalous behavior, a 32% reduction in known vulnerabilities to key assets, and support for Cyber Protection Teams conducting 31 threat-hunt missions.
  • The Hard Targets effort aims to deliver cohesive non-kinetic cyber capability chains for non-traditional targets, with several capabilities developed by U.S. government partners planned for transition to USCYBERCOM starting in FY 2026.

Key players

  • The program is managed by USCYBERCOM, U.S. Cyber Command.
  • The Department of Defense Cyber Defense Command (DCDC), formerly Joint Force Headquarters–DoD Information Network (JFHQ-DODIN), exercises command and control of DODIN operations and defensive cyberspace operations to protect DoD networks globally.
  • Innovation funding supports USCYBERCOM's partnership with DARPA/Constellation to transition emerging strategic and tactical cyber capabilities into the JCWA.
  • DARPA and USCYBERCOM, in response to the FY 2022 NDAA Section 1509, established the Constellation partnership to transition emergent capabilities from DARPA's Information Innovation Office to USCYBERCOM programs of record.
  • Air Force Payloads provide offensive cyber capabilities to the 16th Air Force / Joint Force Headquarters Cyber – Air Force in direct support of USCYBERCOM and other commands.
  • Army Payloads support the 780th Military Intelligence Brigade / Joint Force Headquarters Cyber – Army, and MARFORCYBER provides advanced cyber warfare capabilities for the Marine Corps, both in support of USCYBERCOM.
  • In April 2024, USCYBERCOM officially established the Hard Targets Portfolio Management Office (HTPMO) within its Cyber Acquisition & Technology Directorate (J9).

Budget Line Items(workbook-cited)

Exhibit R-1

AccountOrgTypeAmount
Research, Development, Test and Evaluation, Defense-WideCYBERFY24 Actuals$412.7M
Research, Development, Test and Evaluation, Defense-WideCYBERFY25 Enacted$505.4M
Research, Development, Test and Evaluation, Defense-WideCYBERFY25 Total$505.4M
Research, Development, Test and Evaluation, Defense-WideCYBERFY26 Disc. Request$473.4M
Research, Development, Test and Evaluation, Defense-WideCYBERFY26 Reconciliation$429.6M
Research, Development, Test and Evaluation, Defense-WideCYBERFY26 Total$903.0M

Budget Details(R-2/P-40 facts)

ProjectAll Prior YearsFY24 ActualsFY25 TotalFY26 BaseFY26 Request
CY50D2: Data and Analytics$0$0$0$4.98M$4.98M
CY50J1: Joint Cyber Warfighting Integration/Innovation$0$0$103.7M$86.6M$86.6M
CY50H1: Artificial Intelligence$0$5.00M$5.00M
CY09: Sensors$0$29.8M$0$0$0
CY08: MDDE$0$37.5M$0$0$0
CY07: Joint Cyber Warfighting Integration$0$64.7M$0$0$0
CY50M1: MDDE$0$0$36.8M$36.8M$36.8M
Program Element$0$412.7M$505.4M$473.4M$473.4M
CY06: Cyber Weapons/Tools$0$280.8M$0$0$0
CY50W2: Cyber Weapons Tools/Hard Targets$0$0$0$31.5M$31.5M
CY50W1: Cyber Weapons/Tools$0$0$343.9M$191.4M$191.4M
CY50S1: Data and Sensors$0$0$21.0M$117.2M$117.2M

Program Narratives

MissionSensors

The Sensors portfolio includes Hunt Forward, Enhanced Sensing and Mitigation, DMSS kits plus investment in other sensors used to support the CMF. DMSS kits are a self-contained, flyaway equipment. The software and hardware are operated by CPT to survey, secure and protect military networks, data centers and to conduct Vulnerability Analysis (VA), Incident Response (IR) with little or no notice concurrently on classified and unclassified networks. The CPTs maintain the ability to locate, contain, and defeat malicious activity in response to an adversary breaching or attempting to breach DoD information systems.

MissionMDDE

This program element includes non-USCYBERCOM civilian pay expenses required to manage, execute, and deliver existing or emergent support weapon system capability in accordance with USCYBERCOM Memorandum of Agreement (MOA).

MissionJoint Cyber Warfighting Integration

USCYBERCOM created the JCWA as a concept to integrate cyber warfighting systems. JCWA serves as a guiding concept for cyber warfighting acquisitions and investment decisions which address functions, relationships, and dependencies of constituent systems.

MissionCyber Weapons/Tools

USCYBERCOM conducts full-spectrum cyberspace operations to assist Combatant Commanders and the Joint Force in accomplishing their mission objectives in and through cyberspace. Cyber operations: • Deter adversaries from conducting escalating activities by causing a lack of confidence in their system and capabilities; • Enhance kinetic operations though the gathering of intel before conflict, tipping during conflict, and assessment afterward; • Create strategic surprise through the projection of power in cyberspace into adversary systems, thus providing non-kinetic alternatives to Combatant Commanders; and • Disrupt, degrade, and destroy the capabilities of malicious cyber actors. The Cyber Weapons and Tools portfolio funds and directs the development of tailored software and hardware solutions that enable USCYBERCOM personnel to gain access and affect key foreign adversary cyberspace systems at an enterprise scale while operating under the strategy of persistent engagement. The portfolio provides the means to: • Acquire or build new payloads (i.e., implants and exploits); • Architect and implement the Joint Common Services required to automate and scale the process of intelligence-driven cyber operations; • Continuously test and adapt payloads and Joint Common Services in response to the constantly changing cyberspace environment/threats; • Maintain and advance a Joint Development Environment (JDE) for cyber weapons and tools at multiple security levels at multiple locations; and • Provide program support. All of the above items require integration with each other and have overlapping dependencies.

MissionJoint Cyber Warfighting Integration/Innovation

This Joint Cyber Warfighting Architecture (JCWA) funding integrates four Service acquisition programs: Unified Platform (UP), Joint Command and Control (JCC2), Joint Common Access Platform (JCAP), and Persistent Cyber Training Environment (PCTE)) and two USCYBERCOM efforts: Joint Cyber Weapons (JCW), including Joint Development Environment (JDE) and Sensors. The resulting key mission outcomes for the Cyber Operations Force are enhanced situational awareness across the enterprise, an increased ability to tailor cyber operations for specific threats, reduced mission lifecycle time, and automated workflows. These outcomes translate to increased speed, scalability, and accuracy of cyber operations. To achieve these outcomes, integration funding develops interoperability among systems to provide a comprehensive, integrated, cyberspace architecture. Deliverables include alignment of JCWA Service solution architectures with the designated JCWA system-of-systems mission architecture, ability to exercise central technical authority across all JCWA component programs, development and deployment of enterprise-wide services that span across functional boundaries or are foundational in nature such as increased security posture, acceleration of fielding of Science & Technology (S&T) capabilities, and integrated JCWA Test and Evaluation. Research, Development and Innovation (RDI) funding supports state-of-the-art, next generation pilot/prototype initiatives, driving enhanced partnership engagements and collaboration opportunities with operational partners, such as the Defense Advanced Research Projects Agency (DARPA)/Constellation. DARPA and USCYBERCOM, in response to NDAA for FY 2022, Section 1509, established a collaborative partnership to manage and oversee the transition of emergent and strategic capabilities from DARPA’s Information Innovation Office to USCYBERCOM programs of record through the Constellation collaborative partnership. To provide the greatest operational and strategic impact, these emergent capabilities must reach operators continuously in short timescales, much shorter than legacy acquisition processes. Continuous delivery of robust S&T cyber capabilities requires a pipeline model that mitigates research risk and creates necessary connections between end-users and research teams to tailor promising research and development (R&D) prototypes into operational workflows and mission platforms. Research, Development, and Innovation (RDI) funding will support DARPA/Constellation prototypes’ transition into Joint Cyber Warfighting Architecture (JCWA) programs of record, allowing for integration of emergent technologies into operational workflows and mission platforms, eliminating the S&T “valley of death.” The Cyber Immersion Lab (CIL) supports a smooth integration by allowing piloting/prototyping of emergent technology on unfettered networks; this technology includes advancements in AI/ML.

MissionArtificial Intelligence

USCYBERCOM pursues emerging artificial (AI) capabilities for the cyberspace forces, to include the application of commercial transition of other government developed research initiatives and developing specialized AI and machine learning (AI/ML) and limited support aspects. USCYBERCOM will develop core data standards with the means to curate and tag collected data which meet those standards to effectively integrate data into AI/ML solutions and more efficiently develop AI/ML solutions to meet operational needs. USCYBERCOM is actively developing emerging AI capability for its cyberspace forces, including the use of commercial AI solutions. The transition of government -developed research initiatives and the creations of specialized AI and Machine Learning (AI/ML) capabilities. In response to the National Defense Authorization Act (NDAA) for FY 2023, Section 1554, USCYBERCOM, in collaborations with the DoD Chief Information Office (CIO), has developed a five-year AI Roadmap and Implementation Plan for the Department ‘s cyberspace forces, coordinating with key stakeholder across the Department. The following list identifies categories of various AI applications across USCYBERCOM and other organizations, grouped into the following categories: 1. Vulnerabilities and Exploits, 2. Network Security, Monitoring, and Visualization, 3. Modeling and Predictive Analytics, 4. Persona and Identity 5. Infrastructure and Transport

MissionData and Analytics

Department of Defense Cyber Defense Command (DCDC) - (formerly JOINT FORCE HEADQUARTERS (JFHQ)/DOD INFORMATION NETWORK (DODIN)) - DCDC's mission is to exercise command and control (C2) of DODIN Operations and Defensive Cyberspace Operations Internal Defensive Measures (DCO-IDM) globally to synchronize protection of DoD components' capabilities to enable power projection and freedom of action across all DoD network enclaves and warfighting domains. The full mission scope of DCDC includes: protect the DODIN, a mature Joint Headquarters, management of global engagement requirements, and the capability to assess DODIN readiness against mission critical Combatant Command Requirements. DCDC provides unity of command between USCYBERCOM and subordinate headquarters and unity of effort with all other DoD Components. Ensures the DODIN is available and secure for Joint Missions, including effects delivered in and though cyberspace, guaranteeing the readiness posture of DoDIN is maintained. Data and Analytics resources aligned to the Cyber National Mission Force (CNMF) provide tools and services to support CNMF cyber researchers and data specialists.

MissionCyber Operations Technology Support

US Cyber Command's (USCYBERCOM) mission is to deter or defeat strategic threats to US interests and infrastructure, provide mission assurance for the operations and defense of the Department of Defense information environment, and support the achievement of the Joint Force Commander's objectives. USCYBERCOM in conjunction with the Services and Cyber Stakeholders develops and expands infrastructure architectures and capabilities/tools to support Cyber Mission Forces (CMF). This program is in Budget Activity 7, Operational System Development because this budget activity includes development efforts to upgrade systems that have been fielded or have received approval for full rate production and anticipate production funding in the current or subsequent fiscal year. The FY 2026 Request for Cyber Operations Technology Support includes $473.399 million of discretionary and $429.620 million of mandatory (reconciliation) for a total of $903.020 million. Mandatory funding is specific to Cyber Weapons & Tools, IT and Low equity cyber infrastructure. Further information for this reconciliation request is provided in Chapters 3 and 4 of the Reconciliation Exhibit.

MissionMDDE

USCYBERCOM MDDE funding provides advanced non-kinetic capabilities agnostic of domain that directly support the operational directives of USCYBERCOM, the FY 2025 Interim National Defense Strategy, Department of Defense Cyber Strategy, and other formal requirements documents outlining needed capabilities against identified threats.

MissionData and Sensors

Starting in FY 2024, the Department of Defense added funds within project CY09 the Data & Sensors Portfolio for United States Indo-Pacific Command (INDOPACOM)'s regional National Defense Strategy to maintain/restore the comparative U.S. military advantage and to reduce risk regarding DoD contingency plan execution. Investments included USCYBERCOM resources for specialized INDOPACOM Low-Level Network Sensing and Defense capability, data feed, and analytic resources.

MissionCyber Weapons Tools/Hard Targets

US Cyber Command (USCYBERCOM) conducts full-spectrum cyberspace operations to assist Combatant Commanders and the Joint Force in accomplishing their mission objectives in and through cyberspace.

MissionCyber Weapons/Tools

USCYBERCOM mission is to deter or defeat strategic threats to US interests and infrastructure, provide mission assurance for the operations and defense of the Department of Defense information environment, and support the achievement of the Joint Force Commander's objectives.

Accomplishments & Planned Programs (20)

Data Management (CY50D2 within CY50W1)

Department of Defense Cyber Defense Command (DCDC) - (formerly JFHQ-DODIN) architects and orchestrates tools leveraging the latest advancements in data and information sciences. As the cyber landscape and malicious cyber actors (MCAs) continue to evolve and advance, the command is enabled to move at tempo and scale to address the range of vulnerabilities across the DODIN terrain. CNMF Data and Analytics resources provided a commercial data tool license, and partnered in the launch of a pilot evaluation exploring relevance and usability of an unclassified artificial intelligence-based service against CNMF requirements.

Sensors

The Sensors portfolio includes Hunt Forward, Enhanced Sensing and Mitigation, Deployable Mission Support Systems (DMSS) kits plus investment in other sensors used to support the Cyber mission Force (CMF). DMSS kits are a self-contained, flyaway equipment. The software and hardware are operated by Cyber Protection Teams (CPTs) to survey, secure and protect military networks, data centers and to conduct Vulnerability Analysis (VA), Incident Response (IR) with little or no notice concurrently on classified and unclassified networks. The CPTs maintain the ability to locate, contain, and defeat malicious activity in response to an adversary breaching or attempting to breach DoD information systems.

MDDE

US Cyber Command (USCYBERCOM) conducts full-spectrum cyberspace operations to assist Combatant Commanders and the Joint Force in accomplishing their mission objectives in and through cyberspace.

Joint Cyber Warfighting Architecture (JCWA)

USCYBERCOM created the JCWA as a concept to integrate cyber warfighting systems. JCWA serves as a guiding concept for cyber warfighting acquisitions and investment decisions which address functions, relationships, and dependencies of constituent systems.

Air Force Payloads

Air Force Payloads provide advanced offensive cyber warfare capabilities to the 16th Air Force / Joint Force Headquarters Cyber – Air Force (JFHQ-C (AF)) in direct support of USCYBERCOM, CCMDs, unified commands, and national agency cyber warfighting requirements. Air Force Payloads directly support the Joint Network Attack Initial Capabilities Document (ICD), the National Military Strategy for Cyberspace Operations (NMS-CO), DoD, USCYBERCOM operational directives, and other formal requirements documents in the delivery of offensive cyber effects.

Navy Cyber Weapons/Tools

: Navy Cyber Weapons and Tools develop Navy foundational and specialized cyber tools in support of the CMF in accordance with requirements, guidance, and previous work completed, focusing on the following activities: Cyberspace additional support facilities and infrastructure; Program office, program management, engineering, administrative, and security support; Specialized Cyberspace technical, engineering, and management capabilities; Expand Cyberspace Activities development network and network support; Cyberspace hardware and software reverse engineering development; Research and Development (R&D) activities leading to cyber tool opportunities and vulnerabilities; Cyberspace tool development of Foundational and Reserve Tool Kits; and Cyberspace activity logistics support.

Joint Development Environment (JDE) (e.g., build, manage, and test both payload and common services) (JDE)

The Joint Development Environment (JDE) provides the unique information technology (IT) platform and services required for the continuous development, integration, and testing of both Cyber Weapon Payloads and Joint Cyber Weapons Common Services. It needs to operate at multiple security levels to both maximize developer access while supporting required security constraints. The services required on this network include, but are not limited to, source code repositories, diverse virtual and hardware environments, and a functional testing pipeline for diverse operational environments, payload signature/OPSEC measurement, and payload security product testing. It will provide is the necessary testing processes needed for the USCYBERCOM (e.g., Development Evaluation (DE), Operational Evaluation (OE)). It will ensure stringent controls to prevent the inadvertent or intentional unauthorized release of any payload or common service.

Joint Cyber Weapons Common Services (JCWCS)

Joint Cyber Weapons Common Services designs and implements the software required to automate and scale the process of intelligence-driven cyber operations. These services are used across missions to facilitate the secure delivery of the optimal payloads to the right authorized targets at the right time. It further manages long term and extended accesses, ensuring an adaptive posture in response to the changing cyberspace environment and mission needs. This process involves interfacing with various intelligence sources, higher-level command and control systems, and delivery platforms (e.g., Joint Common Access Platform (JCAP)). Additionally, JCW-CS provides Program Management Office support to direct and maintain technical oversight, contract management, strategic plans, and financial planning and execution. Without the Joint Cyber Weapons Common Services, every cyber operation is a manually intensive undertaking requiring high degrees of expertise and increasing the risk of error.

Cyber Weapon Payloads (CWP) (e.g., implants, exploits, and associated modules)

Cyber Weapon Payloads provide advanced offensive cyber warfare payloads in direct support of USCYBERCOM and other Combatant Commands (CCMDs). Payloads include exploits to subvert the security of cyberspace systems, implants to command and control cyberspace systems modules, to facilitate collection and effects of cyberspace systems, and any unique hardware or software required for the deployment and management of a specific payload. Cyber Weapon Payloads can be targeting system specific or applicable to a broad class of cyberspace systems. Payloads must be continuously be refreshed to manage the high risk and frequent loss of these capabilities, both due to usage and changes in the cyberspace environment. Funding provides for acquisition of target systems, execution of reverse engineering of target systems, development of the software payloads, production of documentation and training on the payload, and development of automated payload-specific tests. Accomplishments: • In FY 2024 Q2, work began to establish the JDE Unclassified (JDE-U) platform based on the JDE Classified technical baseline to create a collaborative unclassified development environment. • The Joint Cyber Weapons (JCW) program achieved Initial Authority to Test (IATT) for JDE-U in Q3 FY 2024, and Initial Authority to Operate (ATO) is projected no later than Q1 FY 2025. • JCW delivered a mission planning tool into the classified cloud production environment Q1 FY 2024 and within two weeks, the Joint Force Headquarters – Cyber (JFHQ-C) Army began using it operationally to support a crisis overseas.

Data & Sensors

USCYBERCOM added resources and manpower to support maturation and fielding of monitoring capabilities to hunt and trap adversaries across the DODIN's priority edge devices and to procure and field hardware security capabilities. The Data & Sensors portfolio supports INDOPACOM's regional National Defense Strategy to maintain/restore the comparative U.S. military advantage with respect to regional adversaries and to reduce risk regarding DoD contingency plan execution. These Enhanced Sensing investments provide: specialized INDOPACOM Low-Level Network Sensing and Defense capability, data feed, and analytic resources; and increased efforts to discover and characterize adversary networks. These activities and resources are necessary to maintain or restore U.S. comparative military advantage and reduce risk of executing Department of Defense contingency plans in support of U.S. national security interests per FY 2022 NDAA, Section 1242. These enhanced sensing efforts are components of the larger USINDOPACOM Pacific Deterrence Initiative (PDI) to expand low- level network sensing and defense for key networks in the INDOPACOM AOR. Investments to date support both the transition of existing DoD projects to USCYBERCOM and expansion of new sensing and data analytic tools and services to strengthen the cyberspace defensive posture of INDOPACOM networks, with a specific focus on Defense Critical Infrastructure (DCI) in Guam. Examples include the inventory of over 3,000 Operational Technology (OT) assets resulting in a 52% reduction in malicious and anomalous behavior observed in this environment. Efforts reduced 32% of known vulnerabilities to key assets (firewalls, switches, routers), achieved 76% adherence to MOSAICS frameworks in industrial control systems, and supported the identification of 20 instances of suspicious DNS traffic. These initiatives directly informed the employment of Cyber Protection Teams (CPT) performing 31 threat hunt missions and investigating 58 additional artifacts across multiple networks as well as the bolstering INDOPACOM cyber defenders with TTPs to mitigate risk. Additionally, this work has established real-time insight into the submarine cable landing in Guam to effectively monitor network traffic transiting to/from the island and automated alert and visual interface tools for operators. Finally, sensors were placed both in Guam and Hawaii to evaluate physical layer activity for unapproved modifications DoD critical infrastructure on terrestrial and submarine communications.

Joint Cyber Warfighting Architecture (JCWA) Research, Development and Innovation

Innovation funding will support USCYBERCOM's partnership, engagement, and integration initiatives with DARPA/Constellation to mitigate impediments into the JCWA. This will allow for emerging strategic and tactical cyber capabilities into the JCWA to overcome the unique challenges associated with maturing S&T software prototypes into robust capabilities requiring Total Package Approach (TPA) mechanisms. TPAs allow for the identification and integration of emergent cyber capabilities through collaboration with operational partners and the acquisition community. It provides standardized and modern development, enhanced network monitoring, and test and evaluation. The result is a modernized cyber enterprise with state-of-the-art, AI-driven tools to enable data driven, rapid, reliable, and maintainable kill chains for cyber operations supporting the Cyber Mission Force (CMF). RDI supports key collaboration between government, academia, and industry to provide rapid delivery of cyberspace capabilities to the warfighter. As a federal laboratory, the CIL will develop, test, and evaluate cyber capabilities, perform operational assessments on cyber capabilities by third parties, and develop analytics to support defensive and offensive cyber operations. These efforts will further develop the Innovation Community of Interest and facilitate innovative collaborative activities with USCYBERCOM and its partners.

Joint Cyber Warfighting Architecture (JCWA) - Integration

USCYBERCOM uses integration funding to assure cross-program architecture alignment and interoperability, and to develop enterprise elements of the JCWA, the primary operational environment for Cyber Operations Forces. Integration funding supports efforts to develop standards, exercise central technical authority across all JCWA component programs, prototype, develop, and deploy foundational enterprise services and inform requirements and investment decisions. JCWA integration funding also supports collaboration with innovation partners, ensuring JCWA operates an effective framework and pipeline system for maturing cyber operations-relevant technologies, and transitioning the technologies into operational use at USCYBERCOM to stay ahead of adversary developments. Accomplishments: • Delivered JCWA-wide mission engineering and architecture standards and prototype efforts to align disparate PMO-centric efforts and increase cross-JCWA alignment to a validated set of USCYBERCOM technical standards. • Initiated prototypes for early integration of mission-specific capabilities from external development activities including DARPA JANUS and Constellation. • Initiated prototype efforts to reduce unnecessary cross-JCWA development platform duplication by 40% and increase efficiency and speed-to-deployment for JCWA-developed capabilities. • Exercised central technical authority for the JCWA through increased government and best-of-breed Federally Funded Research and Development Center (FFRDC)/ University Affiliated Research Center (UARC)/ Systems Engineering and Technical Assistance (SETA) engineering and architecture contract support. Provide oversight to the JCWA Requirements Management, and JCWA Testing and Evaluation processes. • Established an effective framework and pipeline system within the Constellation program for maturing cyber operations-relevant technologies, integrating the technologies into JCWA capabilities, and transitioning the technologies into operational use for USCYBERCOM. This framework and pipeline system includes efforts in various stages such as Target Acquisition and Continuous Monitoring System-(TACMS), Cyber Analytics for Network Defense Operations and Response (CANDOR), the Productive Reliable Operational Technology Origination Network (PROTON), Federated Large-Scale Access Generation Orchestration Nexus (FLAGON), Topology Informed Network Defense for Adversary Hunting (TINDAH), Attributable Cyber Weapons Factory, Evaluator, and Repository (ACWFER). • Delivered initial documentation of the cross-JCWA deployed mission architecture and established processes to provide continuous updates. • Executed plans in alignment to ensure deliberate acquisition and empowerment of technical talent resident in the federal government, defense industrial base, commercial technology industry, federally funded research and development centers, and university affiliated research centers.

Artificial Intelligence for Cyberspace Operations

USCYBERCOM has accelerated the adoption and integration of AI to enhance the speed, scale, and precision across USCYBERCOM missions. In FY 2026 USCYBERCOM will develop and conduct pilots and invest in infrastructure necessary to effectively leverage commercial AI capabilities. The Cyber Immersion Laboratory will develop, test, and evaluate cyber capabilities, and perform operational assessments by third party solutions. The laboratory will also develop the Innovation Community of interest and facilitating collaborative innovation activities with USCYBERCOM and its partners.

Data Management

DCDC designs and plans tools leveraging the latest advancements in data and information sciences. As the cyber landscape and malicious cyber actors (MCAs) continue to evolve and advance, the command moves at tempo and scale to address the range of vulnerabilities across the DODIN terrain. CNMF Data and Analytics resources provided a commercial data tool license and partnered in a pilot evaluation exploring relevance and usability of an unclassified artificial intelligence-based service against CNMF requirements.

Army Cyber Weapons/Tools

Army Payloads provide advanced offensive cyber warfare capabilities to the 780th MIB / Joint Force Headquarters Cyber – Army (JFHQ-C (A)) in direct support of USCYBERCOM, other Combatant Commands (CCMDs), unified commands, and national agency cyber warfighting requirements. Cyber weapons disrupt rising advanced peer and near-peer threats, as well as violent extremist organizations seeking to do harm to the United States. The software constructed cyber weapons require high quality, rapid adjustments to achieve desired effects at an acceptable level of risk.

Marine Corps Cyber Weapons/Tools

MARFORCYBER provides advanced cyber warfare capabilities in direct support of USCYBERCOM, Marine Corps Commanders, and national agencies to enable and accomplish global operations. Cyber weapons disrupt rising advanced peer and near-peer threats, as well as violent extremist organizations seeking to do harm to the United States. The software constructed cyber weapons are target specific and require high quality, rapid adjustments to achieve desired effects at an acceptable level of risk.

MDDE

USCYBERCOM MDDE funding provides advanced non-kinetic capabilities that directly support USCYBERCOM operational directives, the FY 2025 Interim National Defense Strategy, the Department of Defense Cyber Strategy, and other formal requirements documents outlining needed capabilities against identified threats. Key recent accomplishments: In 3rd quarter FY 2024, MDDE successfully completed developmental tests for MDDE-3 and MDDE-5, which demonstrated very promising technological maturity of both capabilities. Also, MDDE has scheduled a fielding of MDDE-1 to the operational user in 4th quarter FY 2024, and the capability is planned for first operational use by 1st quarter FY 2025.

Cyber Weapons Tools/Hard Targets (CY50W2 within CY50W1)

The Department of Defense Cyber Strategy highlights the prioritized need for U.S. Cyber Command (USCYBERCOM) to defend forward with military capabilities that are developed, integrated, scaled and provisioned in concert with other instruments of national power, creating a deterrent greater than the sum of its parts. Incorporating non-kinetic effects—such as cyber, electronic warfare (EW), and space-based operations—is central to this strategy. The Hard Target effort aims to deliver cohesive non-kinetic, cyber capability chains for non-traditional targets to augment kinetic defeat. This effort will enable USCYBERCOM to address expanded operational requirements, mitigate gaps, conduct increased coordination while rapidly developing integrated software/hardware, and achieve the establishment of highly sensitive development, test, and production infrastructure across multiple security enclaves. USCYBERCOM’s Hard Targets Portfolio Management Office’s (HTPMO) activities are critical to increasing U.S. military advantage in the execution of national security interests. The Hard Target effort enables USCYBERCOM’s full-spectrum offensive operations that assist Combatant Commanders and the Joint Force in accomplishing their mission objectives in and through cyberspace. Several critical Hard Targets efforts are currently under development by US government partners and are planned for transition starting in FY 2026 to USCYBERCOM. These capabilities have necessitated the creation of a new transition processes, test and evaluation strategy, and platforms and infrastructures to achieve the scale that is required to meet the DoD’s strategic objectives. The game-changing aspect of USCYBERCOM’s Hard Targets approach is the vast reduction in the time between intelligence inputs through the development cycle to operational implementation. HTPMO uses the Intelligence, Development, and Operations (IntelDevOps) approach to accelerate the delivery and maintainability of entire capability chains rather than individual cyber capabilities, resulting in increased effectiveness against Hard Targets. USCYBERCOM’s Hard Targets effort will integrate multiple capabilities to deliver, expand, and continually develop complete capability chains. Accomplishments to date: • In April of 2024, USCYBERCOM officially established the HTPMO within the Cyber Acquisition & Technology Directorate (J9). • The Command identified and put in place an acquisition program manager and a technical director to lead the new HTPMO. • J9 chartered the HTPMO to enable the acceptance, transition, integration and continuous improvement of exquisite cyber capabilities being developed by internal and external agencies. • The Command identified temporary space for the HTPMO to conduct business. • The HTPMO successfully transitioned a capability for the INDOPACOM Commander to leverage, fulfilling a critical operational requirement. • The HTPMO began the test and evaluation (T&E) of applications developed within the OpenCPI (OCPI) Framework. • The HTPMO established close relationships with key external provisioning partners to smooth transition, integration, and maturation of capabilities to and for USCYBERCOM.

Hard Targets – Portfolio Management Office provisioning of Critical Cyberspace Capabilities.

The Department of Defense Cyber Strategy highlights the prioritized need for U.S. Cyber Command (USCYBERCOM) to defend forward with military capabilities that are developed, integrated, scaled and provisioned in concert with other instruments of national power, creating a deterrent greater than the sum of its parts. Incorporating non-kinetic effects—such as cyber, electronic warfare (EW), and space-based operations—is central to this strategy. The Hard Target effort aims to deliver cohesive non-kinetic, cyber capability chains for non-traditional targets to augment kinetic defeat. This effort will enable USCYBERCOM to address expanded operational requirements, mitigate gaps, conduct increased coordination while rapidly developing integrated software/hardware, and achieve the establishment of highly sensitive development, test, and production infrastructure across multiple security enclaves. USCYBERCOM’s Hard Targets Portfolio Management Office’s (HTPMO) activities are critical to increasing U.S. military advantage in the execution of national security interests. The Hard Target effort enables USCYBERCOM’s full-spectrum offensive operations that assist Combatant Commanders and the Joint Force in accomplishing their mission objectives in and through cyberspace. Several critical Hard Targets efforts are currently under development by US government partners and are planned for transition starting in FY 2026 to USCYBERCOM. These capabilities have necessitated the creation of a new transition processes, test and evaluation strategy, and platforms and infrastructures to achieve the scale that is required to meet the DoD’s strategic objectives. The game-changing aspect of USCYBERCOM’s Hard Targets approach is the vast reduction in the time between intelligence inputs through the development cycle to operational implementation. HTPMO uses the Intelligence, Development, and Operations (IntelDevOps) approach to accelerate the delivery and maintainability of entire capability chains rather than individual cyber capabilities, resulting in increased effectiveness against Hard Targets. USCYBERCOM’s Hard Targets effort will integrate multiple capabilities to deliver, expand, and continually develop complete capability chains. Accomplishments to date: • In April of 2024, USCYBERCOM officially established the HTPMO within the Cyber Acquisition & Technology Directorate (J9). • The Command identified and put in place an acquisition program manager and a technical director to lead the new HTPMO. • J9 chartered the HTPMO to enable the acceptance, transition, integration and continuous improvement of exquisite cyber capabilities being developed by internal and external agencies. • The Command identified temporary space for the HTPMO to conduct business. • The HTPMO successfully transitioned a capability for the INDOPACOM Commander to leverage, fulfilling a critical operational requirement. • The HTPMO began the test and evaluation (T&E) of applications developed within the OpenCPI (OCPI) Framework. • The HTPMO established close relationships with key external provisioning partners to smooth transition, integration, and maturation of capabilities to and for USCYBERCOM.

Cyber Weapons/Tools

Cyber Weapons and Tools support dual/mutli-use tools (i.e. software/hardware) use by the Cyber Mission Force on Joint Assess Platforms to conduct cyberspace operations. Invest in delivery platforms and access points that enable full spectrum operations and integrate offensive cyber into combat operations. Building Lethality requires multiyear investment in cyber capabilities by supporting, platforms, access points and cyber tools to enable full-spectrum offensive and defensive cyberspace operations.

No follow-the-dollar view — this program's awards haven't been crosswalked at high confidence (flows cover 17 of 326 programs). why →

Primary Sources