PM DCO

Defensive Cyber Operations (DCO)

MISSION:

Rapidly deliver innovative and dominant cyberspace capability, and tailored information technology solutions and provide a decisive, warfighting information advantage.

VISION:

Be recognized as the leader within the cyberspace domain delivering innovative, integrated, and cost-effective solutions.

DESCRIPTION:

Defensive Cyber Operations (DCO) rapidly delivers innovative and dominant cyberspace capabilities, as well as tailored information technology solutions for our national, joint and allied partners. These capabilities provide a decisive warfighting information advantage through rapid prototyping, deployable and cloud-based defensive cyber solutions, cyber analytics and detection for cyber threats, and Command, Control, Communications, Computers & Intelligence (C5I) acquisition services. We are the leader within the cyberspace domain, delivering innovative, integrated and cost-effective solutions.

Mr. Robert Zoppa

Mr. Robert Zoppa

Mr. Robert Zoppa assumed the Project Manager with Defensive Cyber Operations role in July 2023. In that capacity, he leads the organization that rapidly delivers innovative and dominant cyberspace capabilities for Army global networks and tailored information technology solutions for national, joint, and allied partners. As the project manager, he is the milestone decision authority for acquisition category IV cyber programs. He is responsible for the execution of Army funding across the program objective memorandum.

Before assuming this role, Mr. Zoppa attended Senior Service College at the Eisenhower School for National Security and Resource Strategy at the National Defense University, where he earned a Master of Science in National Resource Strategy.

Previously, Mr. Zoppa served as the Deputy Project Manager for PEO EIS’s Defense Integrated Business Systems (DIBS) portfolio in Arlington, Virginia, from 2021 to 2022. His responsibilities included assisting the project manager with managing seven major enterprise business solutions across the financial, logistics, acquisition, and environmental domains, supervising the civilian workforce assigned to the project management office, and providing advice and guidance to the project manger on all aspects of portfolio management. DIBS is accountable or standardizing, streamlining, and sharing critical data across the Army, DOD, and industry partners.

Before that, Mr. Zoppa served as the Deputy Project Manager for the Global Combat Support System–Army (GCSS-Army) at Fort Gregg-Adams, Virginia, from 2010 to 2021. His responsibilities included assisting the product manager with the overall management of the GCSS-Army project, supervising the civilian workforce assigned to the product management office staff, and providing advice and guidance to the product manager on all aspects of the project’s management. GCSS-Army is an enterprise resource planning solution that comprises the tactical component of the Army’s logistics enterprise.

From October 2003 to June 2007, Mr. Zoppa served as Project Manager, GCSS-Army, while on active duty with the U.S. Army. Before that, the Army assigned him to the Strategic and Advanced Computer Center, G-6 at the Pentagon from August 2000 to September 2003, where he oversaw several web-based projects. From July 1998 to July 2000, he served as Assistant Product Manager, GCCS-Army, within the Program Executive Office, Command, Control and Communications – Tactical at Fort Belvoir, Virginia.

From 1987 to 1998, Mr. Zoppa served in various assignments in the Army, including deployments to Saudi Arabia in support of Operations Desert Shield/Storm. His awards and decorations include the Bronze Star Medal, Meritorious Service Medal, Army Commendation Medal (x2), Army Achievement Medal, National Defense Service Medal, Southwest Asia Service Medal, Army Service Ribbon, and the Kuwait Liberation Medal with Palm.

In addition to the Master of Science in National Resource Strategy, Mr. Zoppa holds a Master of Science in Systems Technology from the Naval Postgraduate School, Monterey, California, a Master of Business Administration from Golden State University, San Francisco, California, and a Bachelor of Science from the United States Military Academy, West Point, New York. He is a certified Project Manager Professional through the Project Management Institute. He is also a graduate of the Defense Acquisition University and holds an advanced Defense Acquisition Workforce Improvement Act certification in Program Management.

 

Download Bio (.pdf) Download Photo (.jpg)
Dr. Linda Jones

Dr. Linda Jones

 

Dr. Linda Jones was named as the Deputy Project Manager, Defensive Cyber Operations, in March 2024. Dr. Jones has a long history of key assignments throughout the Army’s Program Executive Office Enterprise Information Services (PEO EIS). Before becoming the acting Deputy Project Manager, she served as the Deputy Product Manager at Cyber Analytics Detection (CAD), she was acting Operations Chief at Product Manager, Army Data and Analytics Platform (ARDAP), where she was responsible for the overall planning, direction, execution, evaluation, and success of day-to-day operations. Before her work at ARDAP, Dr. Jones served as the Assistant Product Manager at CAD. In this role, she was responsible for satisfying the cost, schedule, and performance requirements for two major programs: Cyber Analytics, which manages the Army’s Big Data Platform, and User Activity Monitoring. She oversaw all aspects of the programs including acquisitions, development, testing, systems security, and integration, as well as fielding and sustainment.

In 2016, Dr. Jones was a Project Management Specialist at PEO EIS’s Installation Information Infrastructure Modernization Program (I3MP) where she designed, developed, implemented, and provided oversight and management of the Schedule Management Program. She also served as I3MP’s Integrated Master Schedule Team Lead and Risk Manager. In this role, she led the effort to build the MS Project Server and SharePoint interface capability that serves as an authoritative tool for collecting, storing, compiling, integrating, and reporting cost, schedule, and performance data. Additionally, she managed and refined the MS Project Server and SharePoint interface to support the program office’s oversight requirements.

Before coming to PEO, Dr. Jones was Deputy Program Manager at IPKeys, a critical partner for PEO EIS programs. In this role, Dr. Jones provided oversight of the Defense Logistics Agency support team and worked closely with Program Manager to ensure operational efficiency and success. Earlier in her career, Dr. Jones was a Master Scheduler/Team Lead/Acquisition/Program Analyst at Engility Corp and a Program Analyst at Jacobs Technologies.

Dr. Jones has a Bachelor of Arts in Political Science and a Bachelor of Arts in Business Management from Virginia Wesleyan College, a Master of Arts in Management from Regent University, and a Doctorate in Education from Walden University. She currently holds certifications in Security +, Information Technology Infrastructure Library, Certified Information Security Manager (CISM), and Defense Acquisition Workforce Improvement Act Level II Program Management. She is also a Certified Scrum Master and Project Management Professional.

 

Download Bio (.pdf) Download Photo (.jpg)

PM DCO SOCIAL MEDIA

Programs

Cyber Analytics and Detection (CAD)

Castle Keep (CK)
MISSION:

Develop new cybersecurity capabilities through development and integration of defensive cybersecurity solutions.

 

DESCRIPTION:

Castle Keep (CK) develops the Special Security component of the capabilities detailed in the Land War Net Intelligence Community Directive to support the Army’s intelligence warfighting function force generation and special security requirements. CK supports the Army Special Security Office oversight and management of the Army Sensitive Compartmented Information program through compliance reporting, standardization of processes, and collection and availability of program information.

 

SYSTEM INTERDEPENDENCIES:
  • N/A
PROGRAM STATUS:
  • Continuous Modernization
PROJECTED ACTIVITIES:
  • FY25: Full Operational Capability

 

 

Cyber Analytics (CA)
MISSION:

To broaden cyberspace analytic capability to allow for the comprehensive collection, analysis, and visualization of data stemming from all tiers of the Army’s network enterprise

 

DESCRIPTION:

Gabriel Nimbus (GN),  the Army’s Big Data Platform, is an integrated technology solution that enables data to be aggregated, accessed, and delivered to users via applications and analytics that drive decisions, enhance situational understanding and drive automation while enabling commanders to achieve objectives in and through multi-domain operations. GN provides a common computing solution capable of ingesting, storing, processing, sharing, and visualizing multiple petabytes of data from the DoD Information Network and publicly available commercial and open sources.

 

SYSTEM INTERDEPENDENCIES:
  • None (can deploy on bare metal or cloud)
PROGRAM STATUS:
  • Continuous Modernization
PROJECTED ACTIVITIES:
  • Lightweight Analytic Platform (LAP) Capability Drop (CD) approval (MG Stanton) – In Progress
  • Lightweight Analytic Platform-Tactical on Deployable DCO System

 

Threat Emulation (TE)
MISSION:

To identify threat trends, behavior patterns, and tactics, techniques, and procedures associated with relevant portions of the designated network

 

DESCRIPTION:

Threat Emulation (TE) improves the Army’s security posture by emulating the tactics of our adversaries in a passive manner without causing actual harm to identify gaps in our tools, process and safeguards, and to identify and address potential vulnerabilities.

 

SYSTEM INTERDEPENDENCIES:
  • N/A
PROGRAM STATUS:
  • Continuous Modernization
PROJECTED ACTIVITIES:
  • FY25: Perform market research to stay informed of new capabilities in this space

 

Threat Emulation (TE)

Threat Emulation (TE)

 

User Activity Monitoring
MISSION:

Enable the Army’s Insider Threat (InT) Program to assess, deter, deny, defend, defeat, and evolve against the insider threat.

 

DESCRIPTION:

The User Activity Monitoring system (UAM) is a software-based, scalable solution that identifies internal risks associated with the theft or misuse of critical, mission essential data. It facilitates the ability to identify insider threats based on evaluation of policy violations and the capture of certain risk behaviors that rate the likelihood of an incident caused by a trusted insider.

 

SYSTEM INTERDEPENDENCIES:
  • None for UAM on-premises; BDP for UAM Cloud & UAM SAP
PROGRAM STATUS:
  • Continuous modernization and maintenance of UAM solutions
PROJECTED ACTIVITIES:
  • FY25: User Activity Monitoring Cv1 initial Body of Evidence (BoE) review and submission to Cloud Software Composition Analysis (SCA)
  • FY25: Award Technical Direction Letter for User Activity Monitoring-Centric Operations and Development on ICON Follow Collect and Distribute (CODI)

 

User Activity Monitoring

User Activity Monitoring

 

Cyber Platforms and Systems (CPS)

Counter Infiltration (C-I)
MISSION:

Provide mission assurance in support of multi-domain operations against near-peer adversaries to support cyberspace operations at corps and below. This enables cyberspace defenders to continuously monitor, detect and respond to the deception tactics and techniques utilized by adversarial advanced persistent threat (APT) malicious cyberspace activity.

 

DESCRIPTION:

The Counter Infiltration (CI) capability provides decoy systems, files, credentials and other baits/lures in order to provide early warning and detection. Cyber defenders will use the capability to detect, identify, and respond to adversary interactions with deception countermeasures in defense of the Department of Defense Information Network (DODIN) and the Army (DODIN-A) network.

 

SYSTEM INTERDEPENDENCIES:
  • DODIN-A
PROGRAM STATUS:
  • Continuous Modernization

     

    Counter Infiltration (C-I)

     Counter Infiltration (C-I)

    Defensive Cyberspace Operations Tools Suite (DCO Tools)
    MISSION:

    The DCO Tools Suite will facilitate unified land and cyberspace operations across the full spectrum of conflict – from shaping and deterrence to redeployment. It will enable cyberspace defenders and others within the cyberspace workforce to deliver effects within a designated friendly network by executing DCO and cybersecurity tasks as defined in the DOD Cyber Force Concept of Employment and joint/army policies, directives, and instructions.

     

    DESCRIPTION:

    The DCO Tools Suite is comprised of prepositioned and tailorable software packages that are integrated and available at all echelons (strategic to tactical) based on mission and threat. Leveraging Commercial-off-the Shelf, Government-off-the-Shelf and Open-Source Software, this capability is essential to Cyber Protection Teams in effectively conducting missions on Cyber Platforms and Systems. The Tools Suite offers economy of force by arming regional and global cyberspace defenders with the ability to augment local cyberspace defense operations organic to supported units.

     

    SYSTEM INTERDEPENDENCIES:
    • N/A
    PROGRAM STATUS:
    • Continuous modernization and prototyping with enhanced technology, and improvements
    PROJECTED ACTIVITIES:
    • FY25: Leverage Garrison DCO Platform (GDP) v4 platform for the delivery Security, Orchestration, Automation and Response (SOAR) capability using playbooks and data stored in Gabriel Nimbus to inform HQDA Zero Trust initiatives

     

    Defensive Cyberspace Operations Tools Suite (DCO Tools)

    Defensive Cyberspace Operations Tools Suite (DCO Tools)

     

    Deployable Defensive Cyberspace Operations System (DDS)
    MISSION:

    Provide operational capability to the Army Cyber Command’s Cyber Protection Brigades allowing for rapid evaluation and response to unexpected and dynamic cyber threats

     

    DESCRIPTION:

    The Deployable Defensive Cyberspace Operations System (DDS) is a deployable kit with dedicated compute and storage resources designed to be transported in the overhead compartment of a commercial aircraft. The system has a modular build concept that allows customization by the cyber protection teams to meet mission requirements.

     

    SYSTEM INTERDEPENDENCIES:
    • COMPO 1 units connects to DCO-MN to allow remote operations. It also needs a network connection to upload data to Gabriel Nimbus (GN). Now depending on the mission, it will have either one-way ingest from the target network for traffic and network analysis or bidirectional communication to allow certain data to get forwarded to the kit
    PROGRAM STATUS:
    • Continuous Modernization
    PROJECTED ACTIVITIES:
    • FY25: DDS-Mv2 Fielding begins: DCO will procure 64 kits

     

    Deployable Defensive Cyberspace Operations System (DDS)

    Deployable Defensive Cyberspace Operations System (DDS)

     

    Forensics and Malware Analysis (F&MA)
    MISSION:

    Provide the ability to rapidly triage an incident and place the impacted system back in service. A portable capability enables cyberspace defenders to quickly review information stored on deployed computers in real-time – without altering, damaging, or corrupting the data to support forensic investigations.

     

    DESCRIPTION:

    Forensics and Malware Analysis (F&MA) provides the ability to perform forensics analysis locally and remotely in order to detect, identify, and respond to attacks. The capability pushes forensics analysis forward to the Regional Cyber Centers and below in order to perform live box forensics. Live box forensics allows the capture of volatile memory critically needed during an incident response.

     

    SYSTEM INTERDEPENDENCIES:
    • AESS, DODIN-A, DDS-M, GDP, GEF
    PROGRAM STATUS:
    • Continuous Modernization
    PROJECTED ACTIVITIES:
    • FY25: IDA Pro new contract award in support of FMA Cell using ACC-Belvoir
    • FY25: Limited deployment to Georgia Cyber Center to conduct baseline & verification testing of Enterprise Edition

     

    Forensics and Malware Analysis (F&MA)

    Forensics and Malware Analysis (F&MA)

     

    Garrison Defensive Cyberspace Operations Platform (GDP)
    MISSION:

    Provide operational capability to the Army Cyber Command’s Cyber Protection Brigades allowing for rapid evaluation and response to unexpected and dynamic cyber threats

     

    DESCRIPTION:

    The Garrison DCO Platform (GDP) provides the ability to collect, analyze, and store data at line speed (40Gbps+) for use in garrison environments to support remote DCO.  The platform also hosts DCO tools/software to allow for analysis to be completed by the Cyber Defender, such as Lower Echelon Analytic Platform (LEAP) and the Unified Security information and event management (USIEM).

     

    SYSTEM INTERDEPENDENCIES:
    • GDPv3 and GDPv4 interoperate with the NETCOM Global Enterprise Fabric system
    PROGRAM STATUS:
    • Continuous Modernization
    PROJECTED ACTIVITIES:
    • FY25: Field GDPv4/ Lower Echelon Analytic Platform Tactical (LTAC)

     

    Garrison Defensive Cyberspace Operations Platform (GDP)

    Garrison Defensive Cyberspace Operations Platform (GDP)