AFRL issues BAA for “right of the threat” cyber resiliency solutions
On June 16, the Air Force Research Laboratory issued the following broad agency announcement (BAA) (FUNDING OPPORTUNITY NUMBER: BAA-AFRL-RIK-2015-0016) for cyber resiliency capabilities. Interested vendors should submit white papers by July 31, 2015 for FY16 consideration.
This Broad Agency Announcement (BAA) is a contracting tool directly responsive to Air Force Research Laboratory (AFRL) cyber science & technology (S&T) strategic goals and will address needs that are “right-of-the-threat”. AFRL is looking to procure solutions for to allow the AF mission to continue during or after an attack.
To support these strategic goals, this BAA seeks to procure capabilities for survivability, cloud architectures/security, secure computer/processor architectures, virtualization security, next generation BIOS Security, and cyber visualization. These capabilities may include but are not limited to novel protocols, cyber technology evaluation techniques, cyber data mining/understanding, and cyber modeling, simulation, and measurement.
Other applicable areas of technology include, but are not limited to, advancing the state of the art in mobile security and privacy. Proposed work should support current and/or anticipated Air Force application of these devices in critical core mission areas, as well as less demanding environments such as office automation and bring-your-own-device (BYOD) scenarios. White papers should address security and privacy in the context of Cyber Resiliency in order to have the most favorable consideration under this BAA.
FY16 – FY18 SPECIFIC FOCUS AREA: AUTONOMOUS DEFENSIVE CYBER OPERATIONS
Background: The Air Force executes cyber defensive operations that happen in real time at computer speeds. Many defensive operations can be automated; for a given input a prescribed output can be generated and many current technologies address automation of cyber defensive operations. There are still many areas where complex thought, decision-making, and understanding are required to effectively perform cyber defensive operations. Currently these decisions are made primarily by human operators. Precluding areas where human-in-the-loop decision-making is required by statute or policy, this area will seek to identify these decisions points, implement machine-learning and other artificial intelligence technologies, and deliver capabilities for semi-autonomous cyber defensive operations.
Objective: Maximize the use of autonomous systems in full spectrum, integrated cyber defensive operations. Identify decision points within current cyber defensive operations that could potentially be guided by autonomous systems. Develop machine learning algorithms or other artificial intelligence technologies that can assist in decisions to support cyber defensive operations. Develop integrated, proofs-of-concept for semi-autonomous cyber defensive operations.
FY17-19 SPECIFIC FOCUS AREA: EMBEDDED SYSTEM RESILIENCE AND AGILITY
Background: Technology trends and growth indicate a highly interconnected environment with an increasing reliance on system autonomy and embedded systems. Embedded systems may be viewed as an electronic device that contains a microprocessor (one or more), along with purpose-built software to perform specific functions within a larger community. Embedded system software, data, and memory often contain high-value information and control key assets. With this level of criticality, security provisions are crucial across the full-spectrum of embedded systems. Embedded systems require dedicated effort to infuse strong security and time-critical performance with limited resources and storage constraints. Within many applications, embedded systems are employed within platforms which are vulnerable to intentional or unintentional hazards or attacks. Any event, intentional or not, may compromise the reliability of a system and become a mission critical security threat.
Objective: To research and demonstrate preemptive and proactive defense approaches, along with reactive techniques protecting assets, key functions, and data through recovery and adaptation. The focus of this research is protection of resources vice networking. The embedded system solution may include hardware, software, and advanced techniques to protect critical assets against cyber threat vectors either onboard or from external vectors. One specific use case for this focus area is the command and control of Unmanned Aerial Systems.
Full information is available here.