The Cyber Situational Awareness Analytical Capabilities (CSAAC) program develops big data solutions like the Rapid Deployment Kit (RDK) to collect, analyze, visualize, and share DOD network information. The RDK provides an infrastructure for ingesting and correlating large datasets to support situational awareness and decision making. CSAAC-RDK has been adopted by several DOD organizations and helps aggregate data to operate, assure and defend networks in a collaborative manner across the DOD.

1. UNCLASSIFIED
UNCLASSIFIED 1
Cyber Situational Awareness - Big
Data Solution
Dan Bart & Bob Landreth
17 Jun 2015
DISA ID61

2. UNCLASSIFIED
UNCLASSIFIED
Cyber Situational Awareness Analytical Capabilities (CSAAC) is a set of NIPRNet and
SIPRNet solutions that will provide the ability to collect, analyze, visualize, and share
DODIN & Mission Partner information for collaborative DODIN Operations and Defensive
Cyberspace Operations. CSAAC enables greater visibility into the enterprise allowing
critical decisions to be made based on a richer and broader set of information. The Rapid
Deployment Kit (RDK) is the big data solution that supports the data ingest, correlation,
and visualization infrastructure.
2
CSAAC / RDK Overview
Supporting the operation and defense of the Cyber mission
space
Supporting the operation and defense of the Cyber mission
space

3. UNCLASSIFIED
UNCLASSIFIED
Collect Information
Analyze
Visualize
Share
3
Functional Components
Mission
Planning
Continuous
Risk
Management
Network
Management
Enterprise
Service
Management
Cyber Defense
Near Real and
Real Time
*Cyber
Information
Sharing
*Intel
ANALYTIC PLATFORM
DATA INGEST SERVICE
DISN
OSS
JRSS *Commercial
Cloud *Federal CDCs/DECC Gateways
Enclaves &
End Points
*Cyber
Intel
*DIB
*Future Integration
DATA SOURCES

4. UNCLASSIFIED
UNCLASSIFIED 4
Supports Multiple Mission Sets
to Enhance Decision Support
DISA Command Center, OPS,
CONUS, EUR, PAC, EIS,
STRATCOM, JSSC, EE, Ent Ops
NORTHCOM, SOUTCHCOM
DECCs: OKC, MECH, ESD‐NA
CYBERCOM
ACOIC, 561st NOS DOK
Joint Staff, NSA, IAD, OSD,
NTOC, HQDA/ITA,
HQ Air Force
NETCOM, ARCYBER,
TRANSCOM, Army CIO/G6
USTRANSCOM, AFCYBER
USSOUTHCOM, JFHQ DoDIN
DES Community
Analytics User Base
15 ingested data sources
102 deployed widgets
747+ users
Metrics
Insider Threat Detection Service
Audit Management
Fight By Indicator (FBI)
Defensive Cyber Ops
Defense Enterprise Email Monitoring
DODIN Ops / Situational Awareness
Roadmap Capability
Mission Mapping /
Continuous Monitoring

5. UNCLASSIFIED
UNCLASSIFIED 5
CSAAC-RDK Operational Overview
What is CSAAC‐RDK?
CSAAC‐RDK within DISA CSAAC‐RDK Mission Partners
• CSAAC‐RDK is a DISA developed capability for ingesting and
storing large data sets, building analytics, and visualizing the
results.
• Allows critical decisions to be made based on a richer and
broader set of information.
• Developed around open source and unclassified components
while leveraging community tech transfer from other DoD
entities.
• CSAAC‐RDK is a DISA developed capability for ingesting and
storing large data sets, building analytics, and visualizing the
results.
• Allows critical decisions to be made based on a richer and
broader set of information.
• Developed around open source and unclassified components
while leveraging community tech transfer from other DoD
entities.
Production environments
deployed on NIPR, SIPR, and
a Private Secret enclave.
Environments available in
JITC lab for mission partner
development.
• CSAAC‐RDK has been embraced by multiple mission partners
including USCYBERCOM, NSA, Army, Navy, Air Force, and the
Marines.
• CSAAC‐RDK allows mission partners to rapidly meet the
demands of their mission (e.g. ARL’s mission to operate and
defend the DREN).
• CSAAC‐RDK has been embraced by multiple mission partners
including USCYBERCOM, NSA, Army, Navy, Air Force, and the
Marines.
• CSAAC‐RDK allows mission partners to rapidly meet the
demands of their mission (e.g. ARL’s mission to operate and
defend the DREN).
• Aggregate DoD data to operate, assure, and defend the DODIN
• Support JIE & JRSS initiatives of data collection and analysis
• Enable collaborative analytic development across the DoD
• Establish governance aligned with operational requirements
• Aggregate DoD data to operate, assure, and defend the DODIN
• Support JIE & JRSS initiatives of data collection and analysis
• Enable collaborative analytic development across the DoD
• Establish governance aligned with operational requirements
CSAAC‐RDK Key Objectives

6. UNCLASSIFIED
UNCLASSIFIED 6
Integrated Architecture
RDK provides the
potential to consolidate
CSAAC capabilities.
This is only an example.

7. UNCLASSIFIED
UNCLASSIFIED 7
CSAAC-RDK Strategic Linkages
• Standards
• Governance
• Consolidate IT
• Joint Operations
• Data Collection
• Analytics
• Visualization
• Info Sharing
• Information Sharing Architecture
Enhance Shared Situational Awareness (ESSA)

8. UNCLASSIFIED
UNCLASSIFIED 8
Path Toward Convergence
DISACSAAC-
RDK
Unified
Architecture
Future Efforts
Integrate CSAAC-RDK
with the Intelligence
Community and Navy
Tactical Clouds
Present Efforts
Developing a unified
architecture with
common APIs, data
schemas, and data
standards

9. UNCLASSIFIED
UNCLASSIFIED
Vision: Cross domain capabilities
Real‐Time
Distributed Architecture
AFCYBER
(24th AF)
Coast Guard Cyber
NSA & CYBERCOM
ARCYBER
NIPR
SIPR
JWICS/NSAnet
“Query one, query all”
FLTCYBERCOM
(10th Flt)
9
AFIT
(Center for Cyberspace Research)
Service / National Research Labs

10. UNCLASSIFIED
UNCLASSIFIED
There are three predominant opportunities for Industry big data participation:
1. Create solutions that can seamlessly integrate into the existing big data infrastructure
and augment / enhance currently deployed capabilities
2. Develop solutions that support big data analytics which can be shared amongst all
agencies and enhance collaboration
3. Bring your COTS solution:
– Attributes of a COTS tool to be considered as an enterprise solution should provide capabilities
that:
• Satisfy validated DOD operational requirements
• Are not redundant with currently deployed capabilities
• Offer a more cost effective solution which would be too time consuming or expensive to build ourselves
on CAAC-RDK
• Integrate with existing CSAAC-RDK infrastructure
10
Industry’s Role with CSAAC-RDK

11. UNCLASSIFIED
UNCLASSIFIED
Information
www.disa.mil
Website or Program External Link
https://east1.deps.mil/disa/cop/mae/netops/CSAAC/SitePages/Home.aspx
EMAIL
Robert Landreth – Program Manager
Robert.Landreth2.civ@mail.mil
11
Contact/POC Information

12. UNCLASSIFIED
UNCLASSIFIED
United in Service to Our Nation
12