AFRL opens new focus area on cyber BAA
On January 10, the Air Force Research Laboratory posted an update to its Capabilities for Cyber Resiliency broad agency announcement (BAA NUMBER: FA8750-18-S-7002). The deadline for FY 18 funding is January 26. Submissions for the new focus area are due by February 15.
This announcement is for an Open, 2 Step BAA which is open and effective until 30 Sep 2022. Only white papers will be accepted as initial submissions; formal proposals will be accepted by invitation only. While white papers will be considered if received prior to 6:00 PM Eastern Standard Time (EST) on 30 Sep 2022, the following submission dates are suggested to best align with projected funding:
The Air Force Research Laboratory’s (AFRL’s) strategic vision for cyber superiority is to ensure the success of cyberspace-dependent missions in air, space, and cyberspace. The purpose of this BAA is to develop the next-generation technologies necessary to achieve this vision, so that they can be integrated and transitioned into warfighting capabilities.
Providing mission assurance in an Air Force context means supporting the notions of Global Vigilance, Global Reach, and Global Power across the five enduring AF core missions: air and space superiority; intelligence, surveillance, and reconnaissance; rapid global mobility; global strike; and command and control.
In addition, AFRL/RI requires research and development of assured and resilient full spectrum cyber capabilities to include cyberspace infrastructure and effects to be used in pursuit of cyber engagement and freedom of operations in cyberspace. This includes defensive technologies to strengthen the security of US cyber assets and defend against adversarial cyber advancement and cyber exploitation technologies to provide the US with intelligence regarding the cyber landscape and adversary activities in the cyber domain.
FY19-FY22 SPECIFIC FOCUS AREA: SPECTRESCAN
Background: Cyber vulnerability assessments (CVAs) are often conducted late in the systems development lifecycle (SDLC) after a system is already implemented. Mitigating vulnerabilities earlier in the SDLC during requirements definition can reduce system development costs and enhance security. However, Air Force systems have become too complex for human experts to analyze in operationally relevant timeframes. As such, manual CVAs of system requirements specifications (SyRS) by cyber experts are insufficient, because they do not scale to meet the enormity of the cybersecurity challenge facing the Air Force.
Advancements in natural language understanding, natural language processing, and automatic reasoning have been made to support analysis of SyRS written in natural languages (e.g. “The system shall…”). However, technical challenges include assessing whether requirements written in natural languages are unambiguous, necessary, feasible, traceable, unique, atomic, independent, and testable as well as whether requirements adequately capture security concerns such as confidentiality, integrity, authentication, and attribution.
Potential offerors should demonstrate an understanding of the approaches of previous work in this area, such as grammars expressing functional and non-functional requirements, natural language understanding, natural language processing, automated reasoning, formal methods, and/or machine learning techniques.
Full information is available here.