Cyberspace Vulnerability Assessment / Hunter Weapon System


The Air Force Cyberspace Vulnerability Assessment/Hunter (CVA/Hunter) weapon system executes vulnerability, compliance, defense and non-technical assessments, best practice reviews, penetration testing and Hunter missions on AF and DoD networks & systems. Hunter operations characterize and then eliminate threats for the purpose of mission assurance. The weapon system can perform defensive sorties world-wide via remote or on-site access.

The CVA/Hunter weapon system is operated by six Active Duty units located at Joint Base San Antonio Lackland TX and Scott AFB, IL. Additionally, twelve Air National Guard units operate the weapon system at various locations across the US.  The AF Reserve operates a classic associate unit at Scott AFB, IL. 


The CVA/Hunter was developed by the former Air Force Information Operations Center, fielded to the 688th Information Operations Wing in 2009 and officially designated a weapon system by the Air Force Chief of Staff in March 2013.

Historically, vulnerability assessments were instrumental to mission assurance during Operations Enduring Freedom and Iraqi Freedom. As the complexity of threats to our information systems grew and their impact to operations expanded, CVA/Hunter was developed to increase our defensive capability.  CVA/Hunter continues to provide mission assurance to our most important systems. Additionally, CVA/Hunter now provides the ability to “hunt” adversaries in our networks/systems. 

The Hunter mission grew out of the change in defensive cyber strategy from "attempt to defend the whole network" to "mission assurance on the network", and provides an enabling capability to implement a robust defense-in-depth strategy. CVA/Hunter has been employed in real-world operations since November 2010. AFSPC declared CVA/Hunter Initially Operational Capable (IOC) in June 2013 and Fully Operational Capable in Feb 2016.


The CVA/Hunter weapon system is designed to identify vulnerabilities and provide commanders with a comprehensive assessment of the risk of existing vulnerabilities on critical mission networks. It is functionally divided into a mobile platform used by operators to conduct missions on-site or remotely, a deployable sensor platform to gather and analyze data, and a garrison platform which provides the connectivity needed for remote operations as well as advanced analysis, testing, training, and archiving capabilities. Additionally, the Hunter mission focuses on the capability to find, fix, track, target, engage, and assess (F2T2EA) the advanced persistent threat (APT).

During active engagements, the CVA/Hunter weapon system, in concert with other friendly network defense forces, provides Air Force Cyber Command (AFCYBER) and Combatant Commanders a mobile precision protection capability to identify, pursue, and mitigate cyberspace threats.

The CVA/Hunter weapon system can be armed with a variety of modular capability payloads optimized for specific defensive missions and designed to achieve specific effects in cyberspace. Each CVA/Hunter crew is capable of conducting a range of assessments, to include: vulnerability, compliance, and penetration testing, along with analysis and characterization of data derived from these assessments. The weapon system payloads consist of commercial-off-the-shelf (COTS) and government-off-the-shelf (GOTS) hardware and software, to include Linux and Windows operating systems loaded with customized vulnerability assessment tools.

General Characteristics

Primary Function: Conduct Defensive Cyber Operations (DCO) to identify and counter Advanced Persistent Threats to critical capabilities identified by Combatant Commanders and US Cyber Command (USCYBERCOM).

Crew Positions: One Cyberspace Crew Commander, one to four Cyberspace Operators, and one to four Cyberspace Analysts. All mission crews are supported by mission support personnel.

Inventory: 30

Major Command: Headquarters Air Force Space Command (HQ AFSPC)

Numbered Air Force: 24 AF

(Current as of Dec 2016)