Cyber operations to the edge

Army Cyber

BAE Systems enables the U.S. Army to transform data into actionable intelligence, as well as engineering, integrating, and sustaining critical military platforms and systems.
BAE Systems delivers a broad range of solutions and services including intelligence analysis, cyber operations, IT, systems development, systems integration, and operations and maintenance to enable the Army to identify, process, manage, and defeat kinetic, non-kinetic, and cyber threats.
Mission First —Support Focus:
  • Deployed more than 750 analysts working with U.S. Army in Afghanistan and Iraq
  • Developed Bradley and MRAP combat vehicles
  • Created numerous ISR products
  • Thought leader in PED processes and implementation
Developing Integrated “To The Edge” Solutions:
  • Integrated approach to DCGS re-use solutioning
  • Evolution of next-gen software into DCGS-Developed and integrated cyber offensive tools
Proven Support Services:
  • Network operation/defense
  • JWICS site support
  • IC ITE services provider
  • Threat Intelligence

Insider Threat

Capability Highlights:
  • Holistic threat detection using cyber, network, physical, and security sensors
  • Model-based approach to behavior forecasting and predictive risk assessment
  • Integration of data feeds from DoD components and commercial sources
  • Experience and processes to address legal, security, privacy, and civil liberty (PII) challenges
  • Supports Army Directive 2013-18 and enhances HQDA G-34 activities
  • Easy transition to operate within U.S. Army Protection Program Framework Army Directive 2011-14 and AR 525-2
Program Successes:
  • Four years in operation in one of the most complex federal environments
  • Identified hundreds of “persons of interests”
  • Enterprise audit capability collected more than 10 million records of user audit data from shared sensitive platforms with zero downtime
  • Best Practices from across Intelligence Community and DNI standards ICS500-27 and ICS700-2

Offensive Cyber Operations

Decide, Detect, Deliver, and Assess (D3A) decision pattern is the leading approach to offensive cyberspace operations. We build CyberML executable system of systems models that abstract complex cyberspace constraints, technologies, or actions and then apply machine-based reasoning to augment human decisions and provide real-time response.
Capability Highlights:
  • Policy enforcement via robust governance with auditable action logs
  • Multiple levels of reasoning to augment decisions and actions with telemetry to improve model decision accuracy
  • Modular open architecture (MOSA), compatible with the LandWarNet enterprise
  • Knowledge sharing: Structured Threat Information eXpression (STIX) and Cyber Observable eXpression (CybOX)
  • Long-term trend analysis and granular historical damage assessments after a compromise or mission failure
  • Multi-level security with cross-domain guards

BAE Systems Cyber Solutions By the Numbers


  • Percentage of cyber reporting provided by BAE Systems that was judged to be of “high intelligence value” by Defense Security Service (DSS)


  • Percentage of DSS total cyber reporting provided by BAE Systems, making us by far the most prolific reporter


  • Cyber security offices globally


  • The availability of our Cyber Incident Response Team


  • BAE Systems users protected by our own cyber security products and services


  • Dedicated cyber security experts

Computer Network Defense

Capability Highlights:
  • Cyber context domain-specific models for LandWar Net
  • Software-defined network actuation to deliver programmable course of action, reduce response time, and maintain network performance
  • Adaptive network defense for proactive management of COCOM and enterprise domains
  • Global data analytics for detection of zero-day and advanced persistent attacks
  • Full support to RMF (DoDI 8510.01) for Information Assurance
Program Successes:
  • Future Intercontinental Ballistic Missile Sustainment and Acquisition Construct (FISAC) Integration Support Contract (ISC) (Minuteman III sustainment) program
  • USAF Ground-Based Strategic Deterrent (GBSD) program
  • U.S. CCMDs, DoD, HQ DIA classified users in 69 locations, 59 international networks, and 5,285 servers
  • Defend our own global corporate network of nearly 86,000 users against highly capable adversaries

Cyber Threat Intelligence

Capability Highlights:
  • Highly automated model-based approach to agile Cyber Threat Intelligence (CTI) analysis and response process aimed to reduce cognitive load on cyber defenders which can improve response time up to 25%
    • Develops alternative COA to mitigate threats
    • Produces sharable threat indicator patterns for enhanced collaborative defense
  • Data analytics, sensor fusion, natural language processing, and visual domain-specific models aggregate, correlate, and contextualize low-level data from multiple sources into higher level CTI
  • STIX and CybOX standards to represent cyber campaigns, threat actors, tools, techniques, and procedures (TTPs)
  • Trust Automated Exchange of Indicator Information (TAXII) standard for near real-time sharing of CTI
  • BAE Systems is the #1 contributor to DoD’s Defense Industrial Base (DIB) – a cyber threat information sharing database
Program Successes:
  • Successfully completed a CTI sharing pilot program with Fujitsu of Japan
  • Created innovative graph-based tools to correlate CTI and further enhance threat situational awareness
  • Validated BAE Systems leadership in international CTI sharing – per Yahoo Finance


BAE Systems applies disciplined systems engineering practices to plan, manage, and complete Risk Management Framework accreditations.

Capability Highlights:
  • Deconfliction of multiple regulations and policies up front
  • RMF tasks and milestones overlayed on the program lifecycle to identify and manage critical dependencies
  • Planning models forecast the level of effort and schedule
  • Automated document templates accelerate development of consistent and complete drafts to quickly focus on task-specific tailoring
  • Avoid expiration by tracking approvals in progress against critical dates
Program Successes:
  • Cyber and Special Access Programs
  • ICOMSEC and SCI programs
  • Multinational coalition networks
  • Cross-Domain Solutions
  • Accreditation experience on 50 different programs, across more than 100 enclaves and 60 diverse operating systems