WASHINGTON — Details surrounding a major cyber capability being built for U.S. Cyber Command have been closely held since the program’s inception years ago. To date, what has been disclosed about the innocuously named system is that it will consolidate and standardize the variety of big-data tools used by Cyber Command and its subordinate units so forces can more easily share information, build common tools, and conduct mission planning and analysis.

Unified Platform is maturing alongside its eventual user, Cyber Command and its forces, and its role and capabilities are coming into clearer view. The platform is slated to serve as the connective tissue for the Joint Cyber Warfighting Architecture, or JCWA, a critical step in the evolution of Cyber Command as a stand-alone entity with its own personnel, tools and infrastructure. As Cyber Command was building out, it was heavily reliant on tools, personnel and infrastructure from the NSA, for which the two are still co-located.

The JCWA was created by Cyber Command to guide its capabilities. Cyber operations are unique within the Department of Defense in that nearly all aspects are a joint effort. In the traditional war-fighting realm, the armed services are responsible for manning, training and equipping for a certain function, such as infantry or fighter pilots. While those forces are part of a joint combatant command plan, they are still deployed under their own services.

The JCWA is broken into five elements:

  • Common firing platforms for a comprehensive suite of cyber tools.
  • Unified Platform.
  • Joint command-and-control mechanisms for situational awareness and battle management.
  • Sensors that support defense of the network and drive operational decisions.
  • The Persistent Cyber Training Environment, which will provide individual and collective training as well as mission rehearsal.

While Unified Platform is a subset of the larger architecture, it is considered the centerpiece where data is ingested, analyzed and shared.

“UP is the single unifying cloud-based infrastructure connecting disparate cyber capabilities within the JCWA to enable full-spectrum cyberspace operations,” an Air Force spokesman told C4ISRNET in an email. The service is running the program on behalf of Cyber Command and the cyber mission force.

He also said a new JCWA integration office has opened.

“Through UP, operators are able to access, search, and exploit data across all Services. This connectivity enables and supports the various capabilities delivered by the other JCWA elements. Programmatically, UP works closely with the other JCWA element program offices under the guidance of USCYBERCOM’s newly formed JCWA Integration Office (JIO). The programs synchronize development activities, mitigate interoperability risks, and ensure delivery of integrated solutions to best meet warfighter needs.”

The Government Accountability Office is currently conducting an audit of the JCWA, a spokesman with the watchdog confirmed to C4SIRNET. The audit was mandated in last year’s National Defense Authorization Act.

What can Unified Platform do?

So far, Unified Platform’s role has mostly included consolidating various systems. It has also been delivered to some cyber protection teams that conduct defensive cyber operations and is being used in operations. The Air Force said it has delivered six program increments, and fielded elements of the seventh.

By consolidating systems, infrastructure and data analytics, the platform “exponentially increases Cyber Mission Force (CMF) operators' ability to conduct integrated cyber processing, analysis, exploitation, and dissemination in support of full spectrum cyber operation,” the Air Force said.

“UP data services now enable CMF operators to access, query, and analyze data across all the Services and multiple security domains through a single user interface from any approved location/device. This greatly improves cross-service collaboration during mission execution. Furthermore, it provides more efficient data analytics, increases post-mission data retention, facilitates distributed analytics, automates business processes, reduces training time, and enables commanders to better allocate limited resources,” the service explained.

Initial work on the program began by building a software factory to help consolidate applications and develop new tools. With Unified Platform, data and information is more readily available, enabling teams to more effectively perform their missions.

Prior to its creation, questions during operations were addressed in an ad hoc manner, according to Emmet Eckman, a Unified Platform system coordinator at Northrop Grumman, who spoke to C4ISRNET in a September interview.

In a hypothetical example, he said when a team leader encounters something unexpected, that individual may seek out someone with knowledge of the anomaly. The team leader might do this by emailing a former co-worker, for example. But with Unified Platform, “that situational awareness is captured and promulgated so that I can pose questions to the broader workspace and say, ‘Hey, if anybody has seen this,’ or search through data myself to see if anybody has seen this particular behavior before anywhere else,” Eckman said.

Big Data Platforms

Work on Unified Platform has also included the integration of disparate parts of Big Data Platforms.

The Big Data Platform — of which there are several among U.S. Cyber Command, the Defense Information Systems Agency, Army Cyber Command and the Marine Corps — is essentially a hybrid cloud environment that allows for storage, computation and analytics across networked sensors. When forces conduct missions, they collect data and use high-powered analytics to make sense of it. Big Data Platform does just that, but it also shares that analysis in an easy-to-access repository for other forces.

Big Data Platform began as a prototype effort before Unified Platform. Details remain somewhat murky regarding the exact demarcation between the two systems, as they both conduct the complementary roles of consolidating data feeds and acting as the centerpiece for data and operations.

“Rather than replacing these capabilities, UP enhances them by increasing their collective interoperability,” the Air Force said, adding that the service’s Big Data Platforms have been developed to address specific service requirements. “This approach enables each service to best address their operational requirements for cyber, while simultaneously enabling CMF operators to work across service boundaries. While specific nuances remain between services to address the unique challenges providing cyber capabilities associated with air, space, maritime, and ground force capabilities, UP improves these capabilities by synchronizing common data across these missions.”

Cyber Flag 19-1

But Congress wants to know more. In the fiscal 2020 National Defense Authorization Act, the Senate required a reorientation of the system requiring a variety of technical parameters be met. These include, among others, a command baseline for collection, storage, processing querying and analysis of metadata from sensors across the network, a determination if separate Big Data Platforms should be jointly organized or terminated and ensuring that all Big Data Platform instances are engineered and approved to enable standard access and query capabilities by the Unified Platform.


Unified Platform is being held up as a DoD program that is taking full advantage of modern DevSecOps practices that are standard for commercial software programs. (DevSecOps is an approach meant to improve the lead time and frequency of product delivery.)

Ever since Northrop Grumman was hired in 2018 as the prime contractor for Unified Platform in 2018, it has worked with the Air Force and hundreds of other entities — including the service cyber components and subcontractors — to build the continuous integration/continuous deployment pipeline. This pipeline is described by Eckman as “the heart of what UP is going to be.”

“In the last year, we really have the CI/CD pipeline up and running. That’s been a goal because that CI/CD pipeline is the enabler to get the speed of change for matching our adversaries' rate of change,” he said, adding that the cyber mission force has already received operational tools through the pipeline.

“Now that we have that and we’re putting applications through that, one of the first applications that we put through that does enable cyber mission teams to exchange data rapidly and to meet that operational need," he noted. "We’re now working on that data layer next. That’s in the current program increment plans.”

The Air Force maintains the Unified Platform team was key to building a LevelUP software factory in San Antonio, Texas. LevelUP is being used for several Air Force-specific efforts, to include PlatformOne, a software development platform with a host of components.

Given the software’s nature and the delivery model, the Air Force said it is eschewing traditional acquisition markers, such as initial operational capability and full operational capability. Rather, the service’s program office wants to deliver minimum viable product capabilities as soon as they’re ready, and work closely with Cyber Command and sister services on requirements.

Moreover, Unified Platform is one of the first programs in the DoD to use the new software acquisition pathway for agile development. There had been no clear boundaries for software spending in what the national security community refers to as “colors of money.” These colors include procurement, research and development, and operations and maintenance. Using funds set aside for one area for a different silo is strictly prohibited by law, leaving software in a gray area.

“This enables the UP program office to field capabilities much quicker than traditional programs. Rather than spending years in development, capability can be fielded as quickly as hours. This provides a unique ability to quickly adapt to emerging operational needs,” the Air Force told C4ISRNET regarding the use of the new pathway.

To remain flexible in a dynamic environment that is enabled mostly by software, the program implements a three-month planning and execution battle rhythm to adapt to operational priorities. In two-week sprints, teams then develop and field smaller releases of usable capabilities.

What’s next?

Under the terms of the 2018 contract, Northrop’s role as system coordinator is to last for three years, meaning it will expire next year.

It remains to be seen whether the Air Force will extend the contract. The service would only say: “We continue to look at contract options.”

Cyber defense sources agreed there must be some type of contract for a system integrator for work to continue. Some noted that the government lacks the system integration skills on its own.

“Not a system integrator [program of record], but I think UP is going to be something else,” Eckman told C4ISRNET. “We’re 23 months into a 36-month journey in partnership with the Air Force. What’s next? It looks like it’s going to be a UP program of record … a more traditionally DoD approach.”

Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.

More In Daily Brief