AFRL seeks cybersecurity vendors

AFRL 112On February 27, the Air Force Research Laboratory Information Directorate posted the following broad agency announcement (BAA-RIK-14-07), entitled “Capabilities for Cyber Resiliency.”

This BAA is a contracting tool directly responsive to Air Force Research Laboratory (AFRL) cyber science & technology (S&T) strategic goals. To support these strategic goals, this BAA seeks to procure proactive cyberspace defense capabilities for avoiding threats through understanding the cyber situation, assessing potential impacts, and implementing deterrence and effects-based defensive methodologies. As such, it supports work in the areas of trusted hardware, trusted software, trusted data, secure systems/architectures, maneuverability, mission awareness, mission assurance, and survivability and recovery techniques.

Other applicable areas of technology include, but are not limited to, attack attribution/geolocation, novel protocols, cloud architectures/security, mobile device security, secure computer/processor architectures, virtualization security, cyber technology evaluation techniques, cyber modeling, simulation, metrics, and measurements, cyber data mining/understanding, next generation BIOS Security, and cyber visualization.


Background: Many cyber solutions currently focus on detecting attacks after they occur and then attempt to apply security mechanisms to existing hardware and software. This type of solution is inefficient and keeps systems and networks in a constant state of “react”. A more proactive approach is preventing and avoiding rather than detecting after the fact. This area seeks to develop mathematically rigorous tools and techniques that modify the cyber domain in favor of mission assurance.

Objective: To formally verify that hardware and software implementations meet mathematical specifications that prove correctness of secure designs and to lead research in technologies to mitigate new and emerging threats that could degrade capabilities by developing innovative solutions through science and engineering applications to national security problems. Results of this work would place missions orthogonal to threats. This focus area is not interested in concepts, approaches, and techniques that rely on detection and reaction. The Assured by Design area is divided into three main thrusts: Science of Mission Assurance, Engineering Assured Systems, and Domain Modification.

The goal of the Science of Mission Assurance thrust is to develop a security engineering culture that mathematically represents the specifications of critical mission essential functions and verifies their implementation in a contested cyber domain.

The Engineering Assured Systems thrust intends to research hardware assisted security, formal methods, and validation to provide prevention techniques to current and future systems through specialized hardware and software systems. Deliverables should include foundational research with demonstration of software and hardware prototypes. Research seeks to create and verify the “mission layer” and produce a design framework to create assured cyber systems.

Domain Modification capitalizes on novel, out-of-the-box approaches to provide successful execution of mission essential functions. Interest is in techniques that modify the domain in favor of mission assurance and increase the cost to the adversary to exploit systems. The focus is on preventing and avoiding vulnerabilities in missions.


Background: Despite many security enhancements, systems are not resilient and are unable to provide the continuation of Mission Essential Functions (MEFs) in the face of disruption by a sophisticated adversary or a non-malicious fault. Cyber resilience comprises the ability to withstand, minimize, survive, and recover from the negative effects of adversity, whether man-made or natural, under all circumstances of use. Resilient systems must not only mitigate vulnerabilities, they must also fight through successful attacks to assure MEFs continue without disruption. Resilient systems must also possess the ability of a computer system to regain or even exceed its initial operating capability. While continuing MEFs, damaged systems must recover any lost services, components, and data. These systems must discover their own vulnerabilities and regenerate themselves with immunity to improve their ability to deliver critical services.

Objective: To focus on technology solutions that increase the probability of assuring Mission Essential Functions (MEF) during successful cyber attacks.

AFRL seeks ideas and concepts in the following thrust areas:

1. Self-protecting software systems – Systems that use domain knowledge and mission needs to defend against malicious attacks or failures and have the ability to anticipate and mitigate future security threats.

2. Machine Generated Repair – Automatically generate repairs to code and automatically repair corrupted data and state to recover with immunity.

3. Cyber Defense Metrics – Identification of metrics as a method of quantifying resiliency, security, and mission readiness.

4. Infrastructure Virtualization – Enabling secure multiplexing of computing resources among multiple organizations and controlled information sharing among organizations with end-to-end trust in the infrastructure with data integrity.

Full information is available here.

Source: FedBizOpps