CACI's cyber security capabilities span the full spectrum of attack and defense, delivering IT network protection, continuous diagnostics & mitigation (CDM) and nontraditional platform exploitation and defense. We also provide forensics, cloud and mobile device security, network virtualization, modeling, simulation, and wargaming. Our expertise, technologies, and proven cyber experience provide solutions that help protect our customers’ vital information and our nation’s critical infrastructure. We support all aspects of offensive and defensive cyber operations for our Intelligence Community (IC), Department of Defense (DoD), Department of Homeland Security (DHS) and other Federal Civilian customers, while advancing innovative analytics and secure mobility solutions.
- RF Collection and Processing: CACI combines digital signals processing and radio frequency (RF) expertise with proven cyber and electronic warfare experience to deliver breakthrough solutions for platform protection and exploitation. We can both defend and attack:
- Aircraft and unmanned aerial vehicle (UAV) systems
- Vehicle and ship systems
- Space systems
- Weapons systems
- Supervisory control and data acquisition (SCADA) systems
- Other control interfaces
- Communications in the RF spectrum
- Software-Defined Radio Systems: We design, develop, deploy, operate, and integrate end-to-end RF collection and processing systems for customers across the IC and DoD. Our exploitation capabilities span offensive computer and network operations, and include covert wireless collection, access point attack and exploitation, non-cooperative human intelligence tracking, wireless cracking, social network analysis and data exploitation, autonomous wideband signal search, and exploitation of next-gen technologies, such as wireless broadband long-term evolution.
- For the IC, we develop and manufacture software-defined radio systems capable of employing a variety of signals intelligence collection and exploitation applications, which are hosted in terrestrial, airborne, and shipborne locations. We also provide antenna design and development and Multi-INT sensor integration and packaging.
Available commercial technologies provide our nation’s adversaries with significant command and control (C2) and intelligence, surveillance, and reconnaissance (ISR) capabilities. CACI’s cutting-edge RF solutions counter this escalating threat by providing soldiers with the unprecedented ability to fully control the electromagnetic spectrum.
CACI’s modular, cognitive, software-defined radio/electronic attack technology provides sophisticated offensive capabilities. This solution enables passive threat identification and executes autonomous, non-kinetic attacks against commercially available Wi-Fi and cellular communications, as well as closed proprietary protocols such as digital push-to-talk networks and unmanned platform applications. Since our techniques are RF-based, this technology is daylight- and nighttime-capable and operates in any weather condition.
To keep pace with fast-moving mobile technology, federal agencies must change the way they deliver information while safeguarding against cyber attack and exploitation in a myriad of mission spaces. CACI provides fast, cost-efficient, and fully secure mobile solutions that enable customers to intuitively access information using applications that reach back to the enterprise. We deliver device-agnostic solutions for use on a variety of platforms, including iPhone, iPad, Android, Blackberry, and Microsoft Windows tablets. Our secure, end-to-end solutions advance the development, secure delivery, and secure configuration of mobile devices, and provide secure cloud provisioning and support.
- Mobile App Development: Through our partnership with Appcelerator, CACI offers a comprehensive solution set to rapidly develop secure mobile apps for federal customers. We build native, cross-platform apps in a single language. By combining CACI's automated security testing, compliance testing, and vulnerability detection capabilities with Appcelerator’s unique platform for creating, delivering, and analyzing apps, we enable customers to quickly deploy cost-efficient mobile apps for a higher return on investment. The solution set also includes powerful mobile analytics, which provide real-time evaluative metrics on app performance, usage, and crashes to ensure enhanced app performance and user experience.
- Code Analysis: CACI is accelerating the time to deploy our secure mobile apps with the automated CACI Code Analysis Tool (CAT4), which identifies unsafe code that could lead to potential exploit by malware or other attack vectors. Furthermore, this tool reduces research and development downtime and improves return on investment.
- Secure Smartphone Solution: CACI’s Wireless Remote Authenticated Tactical Handheld (WRATH) solution provides the federal government with classified, secure communications over cellular and Wi-Fi platforms. WRATH delivers a Secret-level, Android-based mobile device for voice, video, and data connectivity using cellular and Wi-Fi networks. This solution is Commercial Solutions for Classified (CSfC) program-compliant and approved for use on classified networks by the National Information Assurance Partnership.
- WRATH utilizes near-field communication tokens for encryption key generation, cloud-based data storage and retrieval, and user authentication, while supporting Wi-Fi, 3G, and 4G long-term evolution cellular networks. These capabilities enable tactical cellular and Wi-Fi communications on mobile devices and tablets at the Secret-classified level.
Learn more about Communications and Mobility capabilities.
We support our government customers in all aspects of cyber operations. CACI performs reverse engineering on advanced persistent threats
and other malware to discern their intent and impact, and to mitigate attacks against customer networks and
platforms. We leverage tools that are developed internally, by customers, and by other trusted suppliers to advance
our customers’ national security requirements in the cyber domain. We develop tools, tactics, techniques, and
procedures to conduct operations related to networks, end points, and connected platforms and devices.
- IT Network Protection: The recent escalation of cyber security breaches into government and commercial industries has accelerated the necessity for proven solutions backed by technological innovation to safeguard IT networks. CACI employs proven, cutting-edge solutions to enable our customers to manage, monitor, and immediately respond to cyber threats.
- Our active end-to-end defense capabilities include:
- Developing systems and tools for network intrusion detection and monitoring
- Automated diagnostic tools
- Dashboard and reporting
- Access control and denial
- Warning and notifications
- Anomaly detection
- Situational awareness
- Our Multi-INT fusion, analysis, reporting, and collaboration platform enforces strict data protection requirements while enabling mission execution.
- Information Assurance: Delivering the solutions to secure our customers’ information resources, CACI’s cyber security information assurance (IA) capabilities provide integrated, state-of-the-practice solutions and cost-effective defense against the escalating information security threats to our nation’s critical classified and unclassified networks and systems. Our experienced security engineers and analysts possess the required Department of Defense Directive 8570 certifications for information assurance, and more than 70 percent of our employees hold national security clearances.
- We develop certification and accreditation documentation for tactical and business operations systems, assuring our DoD customers that their systems are fully accredited to run in operational environments. These solutions adhere to the most up-to-date IC, DoD, and government standards. We galvanize information integrity by employing planning and reporting capabilities, assure that our customers’ systems comply with cyber security requirements, and use cutting-edge analytics to provide a full picture of the state of our customers’ operational readiness and cyber security risk. CACI assesses capabilities, identifies vulnerabilities, evaluates risks, and prioritizes guidance to help our customers limit exposure, reduce exploitation, and respond to cyber attacks. Our network engineering capabilities include systems integration testing, cross-domain solution analysis, and interconnection architecture analysis.
- Cyber Security Operations Center Support: Our engineers and analysts establish and staff cyber security operations centers for around-the-clock event monitoring and incident response. We accelerate early intrusion detection, which enables deployment of preventative measures to isolate and mitigate cyber attacks. We have transitioned many cyber tools in support of security operations centers across DoD. We have delivered a variety of tools to operations centers for service component commands, which function as operational organizations supporting combatant commands. These tools enable situational awareness of network operations, anomaly detection, and malicious data exfiltration alerting. We also provide security information support and event management tools, which provide real-time analysis of security alerts.
- Many of our solutions are successful due to the application of non-traditional approaches to standard problems, such as the use of side channel analysis, non-standard network bus interrogation, and data fusion analysis.
- Throughout our operational support contracts in both cyber and Intelligence Community operations centers, CACI uses an effective methodology in our tool and application development. We have subject matter experts (SMEs) working in DoD facilities using CACI-provided tools and applications. Our SMEs provide feedback to our developers in order to ensure that our solutions are operationally focused and effectively support the mission.
- Situational Awareness: CACI develops tools that provide real-time situational awareness of cyber activities and visualization of events. As part of our continuous monitoring solutions, we combine situational awareness and collaboration capabilities to deliver real-time interdiction and response to emerging threats against networks, systems, and platforms.
- Computer and Network Forensics: We provide a variety of forensic services for our customers, including digital network and mobile device forensics. Using state-of-the-art tools and techniques, our engineers perform forensic activities such as network streams and captures, binary reverse engineering, and static and dynamic analysis to determine malware behavior and open source data on existing attacks. Our analysts extract, preserve chain of custody, and secure forensic evidence from computers and other devices for use in investigations and legal proceedings. CACI’s Digital Forensics Laboratory provides cutting-edge digital forensics and is one of only a handful of private labs accredited by the American Society of Crime Laboratory Directors/Laboratory Accreditation Board International, the only accrediting body that focuses completely on laboratories performing testing for criminal justice purposes.
- Insider Threat Mitigation: CACI is an industry-leading provider of insider threat detection and prevention technologies for IC, DoD, and DHS customers. Our innovative methodologies for identifying insider threats utilize sophisticated analytics that enable rapid detection of unusual activities. When abnormal activities are identified, our systems employ automated protective measures to reduce and defeat the opportunity and capability of insider threats.
- Supply Chain Assurance: Our supply chain security framework provides effective, streamlined, and non-intrusive security controls at both the physical and information assurance technology levels. This framework provides a thorough risk assessment for our customers. We analyze the supply chain to determine its vulnerabilities, and employ techniques to support avoiding threats and minimizing risk associated with these vulnerabilities. Our solution enables customers to minimize disruption of the supply chain and rapidly restore it in the event of a catastrophic failure.
- Intelligence and Operational Support to Cyber Mission Forces: As the government’s Cyber Mission Forces (CMFs) are established to respond to cyber attacks against the nation, CACI is developing tools, techniques, and tradecraft to support their vital mission requirements. We deliver support to the Cyber Protection, National Mission, and Combat Mission CMF teams through our work with research laboratories and service component commands. CACI delivers operational capabilities to support the force protection missions of DoD employees and facilities in and outside of the United States. Many of our cyber solutions supporting CMFs are designed to be dual-use in nature, supporting both defensive and offensive missions.
- Our long history of supporting the Intelligence Community has provided us with unique capabilities to blend traditional cyber techniques with national technical means resources, which are used to verify adherence to international treaties. CACI also delivers cutting-edge cyber network operations tools to support U.S. troops.
CACI's Cyber Lab provides rapidly deployable cyber training and testing in customizable and isolated networking environments.
Students connect through secure, encrypted sessions to access a variety of virtual computers and routers and
dedicated physical hardware.
Using Secure Shell protocol (SSH), remote users are granted initial connection and console-based access. Lab access is
tightly controlled and CACI's Cyber Infrastructure Information Assurance Team provides 24/7 monitoring of the entire
infrastructure and validates the daily access list for remote connections.
Once connected either remotely or in person, the Cyber Lab protects the integrity of each enclave by restricting all
communication outside the individual lab environments, both to other lab environments within the Cyber Lab and to the
Internet. For a more advanced version of the Cyber Lab, CACI offers access to our advanced Cyber Range.
The CACI Cyber Range brings advanced network environment simulation to customers that need to perform real-world
cyber testing and practice in a safe and controlled environment. The CACI Cyber Range has three primary capabilities
that may be used independently or concurrently, including a client simulator, a server simulator, and a device interface.
The client simulator provides sophisticated virtual client environments that contain any number or variety of
operating systems at various patch levels with multiple brands of antivirus. We follow DISA Best Practices with a client
simulator that features both hardened and unhardened systems and follows both Secure Technical Implementation Guides
(STIGS) and Risk Management Framework (NIST 800-53 controls) compliance models.
The server simulator provides multi-tiered server applications with complex virtual routing and firewalls. These
environments use template models for rapid deployment of complete datacenters of any size and near-instantaneous
rollback of the virtual machines to a pristine state.
The device interface supports GOTS and COTS hardware in all lab simulations. We can inject/connect physical hardware
at any point in our data path, allowing agencies to perform tests that involve physical hardware and appliances.
CACI develops and deploys sophisticated, cross-domain, multi-level guard (MLG) systems, accredited at the highest protection level (PL-5), which ensure the secure transfer of sensitive information. These systems enhance security with their capability to transfer files to and from unclassified and Top Secret/Sensitive Compartmented Information networks. We have provided sophisticated, cross-domain MLG and IT solutions accredited at PL-4 and PL-5, including ISR, database, and geo-reporting systems. Our approved and deployed MLG solutions provide a bidirectional PL-5 accredited environment for ISR file transfers and real-time protocol (RTP) data streaming. We have proven experience designing, integrating, and accrediting PL-5 MLG for the Intelligence Community.
CACI engineers and operates systems capable of withstanding cyber attacks while meeting mission objectives. During periods when systems and networks are under attack, organizations still require a critical level of functionality. Our systems ensure the functionality of mission-critical components, even in a degraded state.
- Multi-INT Analysis and Visualization: CACI is trailblazing advanced techniques for Multi-INT fusion analysis and visualization, algorithm development, and the innovative application of site infrastructure, providing unique capabilities to our customers. We rapidly manipulate large data sets temporally and geospatially to detect deviations from normal patterns of life, and employ high-end fusion and correlation capabilities which enhance cyber situational awareness. We are industry-forward developers of analytics and enrichments to enable response to an array of cyber threats. Our unique visualization capabilities are used by the military, special operations, homeland defense, and during environmental disasters.
- Social Media: CACI analyzes social media content to bring hidden correlations to light. We utilize multi-source information to create semantic knowledge modeling tools that allow for interpretation of meaning from raw data. We apply spatial and temporal visualization and analysis techniques to social media, open source data, geolocation information, and other sources. These techniques may reveal links between individuals or groups that otherwise would have slipped through the cracks.
- All-Source Intelligence: We leverage specialized expertise in collection, processing, and analysis systems and tools development for all-source intelligence, foreign instrumentation signals intelligence (FISINT), communications intelligence (COMINT), electronic intelligence (ELINT), measurement and signatures intelligence (MASINT), signals intelligence (SIGINT), and video. These solutions provide our customers with signals collection, processing, and exploitation capabilities that span the electromagnetic spectrum. Our solutions enable one of our country’s national intelligence agencies to analyze 80 billion network events a day for threats. These solutions are being applied to the detection and mitigation of cyber threats against platforms.
- Software Design: We have proven experience designing software capabilities to deliver massively scalable analytics, data processing, and global storage for the IC.
For more information on our analytics solutions, please visit our Intelligence Services page on caci.com.
CACI’s cyber training focuses on cyberspace tactics, techniques, and procedures using a virtual Internet capability consisting of both malicious and benign websites, true domain name system (DNS) architecture, and scripted threats. As part of our training services, we also provide live Red Team attacks, launched from the virtual Internet into the ranges of the .mil environment, the top-level domain in the DNS of the DoD Internet.
Our cyber instructors have helped develop advanced counterintelligence (CI) activities for implementation in a CI organization’s cyberspace training curriculum, and helped align this curriculum to the CI functions, which include investigations, operations, and collection. These CI instructors were also instrumental in expanding our CI cyber training for a DoD customer.
Our rapid R&D, prototyping, and integration programs have led to the development of new cyber capabilities and processes. Our approach leverages non-standard, cutting-edge organizations and individuals throughout the cyber community to strengthen our customers’ cyber security capabilities and their understanding of the tradecraft. Our innovations in software and hardware have been transitioned and deployed throughout the IC and DoD. CACI has successfully coordinated and managed more than 135 cyber-related projects for quick reaction R&D prototypes that are directly enhancing cyber community capabilities, processes, and best practices.
CACI supports R&D-focused customers by conducting cyber research projects that can be performed at an asymmetric advantage in time, cost, and contribution to mission compared to traditional applied research areas. Areas of research include:
- Forensics automation/triage/deployable support
- Software reverse engineering and application analysis
- Advanced exploitation support
- Mobile engineering support and decryption engineering
- Homomorphic encryption techniques
- Side channel analysis of encryption methodologies
- Controller area network simulation
- Firmware reverse engineering and analysis