MISSION:
Rapidly deliver innovative and dominant cyberspace capability, and tailored information technology solutions and provide a decisive, warfighting information advantage.
VISION:
Be recognized as the leader within the cyberspace domain delivering innovative, integrated, and cost-effective solutions.
DESCRIPTION:
Defensive Cyber Operations (DCO) rapidly delivers innovative and dominant cyberspace capabilities, as well as tailored information technology solutions for our national, joint and allied partners. These capabilities provide a decisive warfighting information advantage through rapid prototyping, deployable and cloud-based defensive cyber solutions, cyber analytics and detection for cyber threats, and Command, Control, Communications, Computers & Intelligence (C5I) acquisition services. We are the leader within the cyberspace domain, delivering innovative, integrated and cost-effective solutions.
Dr. Linda Jones
Dr. Linda Jones was named Acting Project Manager, Defensive Cyber Operations, in May 2026. Previously, she was the Deputy Project Manager, Defensive Cyber Operations. Dr. Jones has a long history of key assignments throughout the Army’s Capability Program Executive Intelligence and Spectrum Warfare (ISW). Before becoming the Acting Project Manager and Deputy Project Manager, she served as the Deputy Product Manager at Cyber Analytics Detection (CAD).
She was acting Operations Chief at Product Manager, Army Data and Analytics Platform (ARDAP), where she was responsible for the overall planning, direction, execution, evaluation, and success of day-to-day operations.
Before her work at ARDAP, Dr. Jones served as the Assistant Product Manager at CAD. In this role, she was responsible for satisfying the cost, schedule, and performance requirements for two major programs: Cyber Analytics, which manages the Army’s Big Data Platform, and User Activity Monitoring. She oversaw all aspects of the programs including acquisitions, development, testing, systems security, and integration, as well as fielding and sustainment.
In 2016, Dr. Jones was a Project Management Specialist at PEO EIS’s Installation Information Infrastructure Modernization Program (I3MP) where she designed, developed, implemented, and provided oversight and management of the Schedule Management Program. She also served as I3MP’s Integrated Master Schedule Team Lead and Risk Manager. In this role, she led the effort to build the MS Project Server and SharePoint interface capability that serves as an authoritative tool for collecting, storing, compiling, integrating, and reporting cost, schedule, and performance data. Additionally, she managed and refined the MS Project Server and SharePoint interface to support the program office’s oversight requirements. Before coming to PEO, Dr. Jones was Deputy Program Manager at IP Keys, a critical partner for the Defense Logistics Agency (DLA). In this role, Dr. Jones provided oversight of the DLA support team and worked closely with the Program Manager to ensure operational efficiency and success. Earlier in her career, Dr. Jones was a Master Scheduler/Team Lead Acquisition/Program Analyst at Engility Corp and a Program Analyst at Jacobs Technologies. Dr. Jones has a Bachelor of Arts in Political Science and a Bachelor of Arts in Business Management from Virginia Wesleyan College, a Master of Arts in Management from Regent University, and a Doctorate in Education from Walden University. She currently holds certifications in Security +, Information Technology Infrastructure Library, Certified Information Security Manager (CISM), and Defense Acquisition Workforce Improvement Act Level II Program Management. She is also a Certified Scrum Master and Project Management Professional.
 |
|
Update forthcoming
LATEST PM DCO NEWS
DEPLOYABLE DCO SYSTEM – MODULAR VIDEO
MEDIA
Cyber Analytics and Detection (CAD)
Cyber Platforms and Systems (CPS)
Programs
Cyber Analytics and Detection (CAD)
Castle Keep (CK)
MISSION:
Develop new cybersecurity capabilities through development and integration of defensive cybersecurity solutions.
DESCRIPTION:
Castle Keep (CK) develops the Special Security component of the capabilities detailed in the Land War Net Intelligence Community Directive to support the Army’s intelligence warfighting function force generation and special security requirements. CK supports the Army Special Security Office oversight and management of the Army Sensitive Compartmented Information program through compliance reporting, standardization of processes, and collection and availability of program information.
SYSTEM INTERDEPENDENCIES:
- N/A
PROGRAM STATUS:
- Continuous Modernization
PROJECTED ACTIVITIES:
- FY26: Full Operational Capability
-
Add NSA SCIFs into Castle Keep
-
Organization based workflow changes
-
Upgrade SCIF to ICD
-
Query Performance Enhancements
-
Create Analyst/Read only Roles
Cyber Analytics (CA)
MISSION:
To broaden cyberspace analytic capability to allow for the comprehensive collection, analysis, and visualization of data stemming from all tiers of the Army’s network enterprise
DESCRIPTION:
Gabriel Nimbus (GN), the Army’s Big Data Platform, is an integrated technology solution that enables data to be aggregated, accessed, and delivered to users via applications and analytics that drive decisions, enhance situational understanding and drive automation while enabling commanders to achieve objectives in and through multi-domain operations. GN provides a common computing solution capable of ingesting, storing, processing, sharing, and visualizing multiple petabytes of data from the DoD Information Network and publicly available commercial and open sources.
SYSTEM INTERDEPENDENCIES:
- None (can deploy on bare metal or cloud)
PROGRAM STATUS:
- Continuous Modernization
PROJECTED ACTIVITIES:
- FY26: Complete the upgrade to Joint Cyber Warfighting Architecture (JCWA) Common Runtime Stack – Data (JCRS-D)
- Putting the power of AI in the hands of cyber defenders to create a faster, smarter, and more effective cyber force
Threat Emulation (TE)
MISSION:
To identify threat trends, behavior patterns, and tactics, techniques, and procedures associated with relevant portions of the designated network
DESCRIPTION:
Threat Emulation (TE) improves the Army’s security posture by emulating the tactics of our adversaries in a passive manner without causing actual harm to identify gaps in our tools, process and safeguards, and to identify and address potential vulnerabilities.
SYSTEM INTERDEPENDENCIES:
- N/A
PROGRAM STATUS:
- Continuous Modernization
PROJECTED ACTIVITIES:
- N/A
User Activity Monitoring
MISSION:
Enable the Army’s Insider Threat (InT) Program to assess, deter, deny, defend, defeat, and evolve against the insider threat.
DESCRIPTION:
The User Activity Monitoring system (UAM) is a software-based, scalable solution that identifies internal risks associated with the theft or misuse of critical, mission essential data. It facilitates the ability to identify insider threats based on evaluation of policy violations and the capture of certain risk behaviors that rate the likelihood of an incident caused by a trusted insider.
SYSTEM INTERDEPENDENCIES:
- None for UAM on-premises; BDP for UAM Cloud & UAM SAP
PROGRAM STATUS:
- Continuous modernization and maintenance of UAM solutions
PROJECTED ACTIVITIES:
- FY26: Deploy User Activity Monitoring software on Joint Worldwide Intelligence Communications System and Secret Internet Protocol Router Network
- FY26: Develop artificial intelligence and machine learning capabilities on User Activity Monitoring system
User Activity Monitoring
Cyber Platforms and Systems (CPS)
Counter Infiltration (C-I)
MISSION:
Provide mission assurance in support of multi-domain operations against near-peer adversaries to support cyberspace operations at corps and below. This enables cyberspace defenders to continuously monitor, detect and respond to the deception tactics and techniques utilized by adversarial advanced persistent threat (APT) malicious cyberspace activity
DESCRIPTION:
The Counter Infiltration (CI) capability provides decoy systems, files, credentials and other baits/lures in order to provide early warning and detection. Cyber defenders will use the capability to detect, identify, and respond to adversary interactions with deception countermeasures in defense of the Department of Defense Information Network (DODIN) and the Army (DODIN-A) network.
SYSTEM INTERDEPENDENCIES:
- DODIN-A
PROGRAM STATUS:
- Continuous Modernization
Counter Infiltration (C-I)
Defensive Cyberspace Operations Tools Suite (DCO Tools)
MISSION:
The DCO Tools Suite will facilitate unified land and cyberspace operations across the full spectrum of conflict – from shaping and deterrence to redeployment. It will enable cyberspace defenders and others within the cyberspace workforce to deliver effects within a designated friendly network by executing DCO and cybersecurity tasks as defined in the DOD Cyber Force Concept of Employment and joint/army policies, directives, and instructions.
DESCRIPTION:
The DCO Tools Suite is comprised of prepositioned and tailorable software packages that are integrated and available at all echelons (strategic to tactical) based on mission and threat. Leveraging Commercial-off-the Shelf, Government-off-the-Shelf and Open-Source Software, this capability is essential to Cyber Protection Teams in effectively conducting missions on Cyber Platforms and Systems. The Tools Suite offers economy of force by arming regional and global cyberspace defenders with the ability to augment local cyberspace defense operations organic to supported units.
SYSTEM INTERDEPENDENCIES:
- N/A
PROGRAM STATUS:
- Continuous modernization and prototyping with enhanced technology, and improvements
PROJECTED ACTIVITIES:
- FY26: Continue to conduct market research on best of breed solutions that Cyber Warriors can leverage for their missions. Replace terrain mapping with more cost effective solution that aligns with broader Army directives within Army Global Unified Network (AGUN), reducing the number of platforms with which soldiers need to familiarize themselves.
Defensive Cyberspace Operations Tools Suite (DCO Tools)
Deployable Defensive Cyberspace Operations System (DDS)
MISSION:
Provide operational capability to the Army Cyber Command’s Cyber Protection Brigades allowing for rapid evaluation and response to unexpected and dynamic cyber threats
DESCRIPTION:
The Deployable Defensive Cyberspace Operations System (DDS) is a deployable kit with dedicated compute and storage resources designed to be transported in the overhead compartment of a commercial aircraft. The system has a modular build concept that allows customization by the cyber protection teams to meet mission requirements.
SYSTEM INTERDEPENDENCIES:
- COMPO 1 units connects to DCO-MN to allow remote operations. It also needs a network connection to upload data to Gabriel Nimbus (GN). Now depending on the mission, it will have either one-way ingest from the target network for traffic and network analysis or bidirectional communication to allow certain data to get forwarded to the kit
PROGRAM STATUS:
- Continuous Modernization
PROJECTED ACTIVITIES:
- FY26: Continue DDS-Mv2 Fielding : Field 25 kits to COMPO 1
Deployable Defensive Cyberspace Operations System (DDS)
Forensics and Malware Analysis (F&MA)
MISSION:
Provide the ability to rapidly triage an incident and place the impacted system back in service. A portable capability enables cyberspace defenders to quickly review information stored on deployed computers in real-time – without altering, damaging, or corrupting the data to support forensic investigations.
DESCRIPTION:
Forensics and Malware Analysis (F&MA) provides the ability to perform forensics analysis locally and remotely in order to detect, identify, and respond to attacks. The capability pushes forensics analysis forward to the Regional Cyber Centers and below in order to perform live box forensics. Live box forensics allows the capture of volatile memory critically needed during an incident response.
SYSTEM INTERDEPENDENCIES:
- AESS, DODIN-A, DDS-M, GDP, GEF, NETCOM
PROGRAM STATUS:
- Continuous Modernization
PROJECTED ACTIVITIES:
- FY26: Award and field Forensics & Malware Analysis Lab to ARCYBER G3X
- FY26: Deliver Live Box capability to ARCYBER G3X, GCC and RCCs
Garrison Defensive Cyberspace Operations Platform (GDP)
MISSION:
Provide operational capability to the Army Cyber Command’s Cyber Protection Brigades allowing for rapid evaluation and response to unexpected and dynamic cyber threats
DESCRIPTION:
The Garrison DCO Platform (GDP) provides the ability to collect, analyze, and store data at line speed (40Gbps+) for use in garrison environments to support remote DCO. The platform also hosts DCO tools/software to allow for analysis to be completed by the Cyber Defender as well as the Unified Security information and event management (USIEM).
SYSTEM INTERDEPENDENCIES:
- GDPv3 and GDPv4 interoperate with the NETCOM Global Enterprise Fabric system
PROGRAM STATUS:
- Continuous Modernization
PROJECTED ACTIVITIES:
- FY26: Continue to update the GDP software baseline as well as incorporate additional sources of ingest into the system
Garrison Defensive Cyberspace Operations Platform (GDP)
