Air Force Cyberspace Defense Weapon System

Mission

The Air Force Cyberspace Defense (ACD) weapon system is designed to prevent, detect, respond to, and provide forensics of intrusions into unclassified and classified networks. This weapon system supports the AF Computer Emergency Response Team in fulfilling their responsibilities. 
ACD is operated by the 33d Network Warfare Squadron (NWS) and 426 NWS (Air Force Reserve), located at Joint Base San Antonio Lackland TX, and the Air National Guard's 102d NWS located at Quonset ANGB RI. 


Background

The ACD weapon system evolved from the Air Force Computer Response Team (AFCERT). The AFCERT's primary responsibility was coordination of the former Air Force Information Warfare Center technical resources to assess, analyze, and mitigate computer security incidents and vulnerabilities. The ACD weapon system was officially designated by Air Force Chief of Staff in March 2013.

Features

The ACD weapon system provides continuous monitoring and defense of AF unclassified and classified networks. ACD operates in four sub-discipline areas:

Incident Prevention: services include the protection of Air Force networks against new and existing malicious logic. The system has the ability to assess/mitigate known software and hardware vulnerabilities.

Incident Detection: conducts monitoring of classified/unclassified Air Force networks, identifies and researches anomalous activity to determine problems and threats to networks, and monitors real-time alerts generated from network sensors. Also, the system can perform in-depth research of historical traffic reported through sensors.

Incident Response: determines the extent of intrusions, develops courses of action required to mitigate threat(s), and determines and executes response actions. The operational crew interfaces with law enforcement during malicious logic related incidents.

Computer Forensics: conducts in-depth analysis to determine threats from identified incidents and suspicious activities, then assesses damage. Supports incident response process capturing the full impact of various exploits and reverse engineers code to determine the impact to the network/system.

General Characteristics

Primary Function: Defensive Cyberspace Operations to prevent, detect, and respond to network intrusions. 

Crew Positions: One Cyberspace Crew Commander, one Deputy Crew Commander, one Cyberspace Operations Controller, and multiple Cyberspace Analysts. All mission crews are supported by mission support personnel.


Inventory: Two

Major Command: Headquarters Air Force Space Command (HQ AFSPC)

Numbered Air Force: 24 AF

(Current as of  Dec 2016)