AFRL adds two new focus areas to Capabilities for Cyber Resilience BAA

On July 17, the Air Force Research Laboratory updated its Capabilities for Cyber Resiliency BAA (Solicitation Number: FA8750-18-S-7002) to include two new focus areas. For the two new focus areas, white papers should be received by August 31 in order to maximize the possibility of award.

This announcement is for an Open, 2 Step BAA which is open and effective until 30 Sep 2022. Only white papers will be accepted as initial submissions; formal proposals will be accepted by invitation only.
1) FY19-FY22 FOCUS AREA: NOVA

Background: Air Force systems and systems-of-systems are too complex for human experts to analyze and fully assess in operationally relevant timeframes. As such, vulnerability assessments (VA) are insufficient, even when conducted by cyber experts, because they do not scale to meet the enormity of the cybersecurity challenge facing the Air Force. State of the art automated tools have made great advances for software analysis, but support for hardware, embedded systems, and firmware still lag behind. VA of cyber physical systems and embedded systems have unique challenges due to the hardware and timing requirements.

Potential offerors should demonstrate an understanding of previous work in this area, such as the “MACE: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery” paper that was published in the 2011 USENIX Security Symposium.

Objective: The objective of the NOVA program is to develop an automated cyber VA prototype that targets embedded systems and can scale up to systems-of-systems.

The research has three main tasks:

  • Demonstrate the automated cyber VA proof of concept on a software AF representative system.
  • Further develop the Task 1 proof of concept and analyze it on a more complex AF system that may include embedded systems, firmware, and/or hardware.
  • Demonstrate operational feasibility of NOVA prototype on a real-time embedded system.

2) FY19-FY22 FOCUS AREA: PREDICTIVE CONSEQUENCE MODELING & ANALYSIS

Background: The process to conduct vulnerability assessments is highly manual and requires substantial amount of unique subject matter expertise.

Objective: The Air Force Research Laboratory, in partnership with Headquarters Air Force/A4CF and the Air Force Civil Engineering Center, is seeking innovative technology concepts and prototypes to enable thorough and scalable vulnerability assessments of Air Force critical infrastructure systems, as required by the 2017 NDAA, Section 1650.

Of particular interest to this solicitation are technologies and concepts that focus on:

  • Automated identification of disparate control systems and the relationships and dependencies between those control systems, cyber/network systems, physical infrastructure, and mission requirements

  • Application of machine learning, artificial intelligence, natural language processing, etc., to reduce manual human machine interface analysis requirements

  • Ability for non-experts to rapidly tailor prototypes for use in different types of networks and missions

Full information is available here.

Source: FedBizOpps