Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
FBO DAILY ISSUE OF MARCH 22, 2009 FBO #2673
SOLICITATION NOTICE

A -- Information Institute Research Program

Notice Date
3/20/2009
 
Notice Type
Modification/Amendment
 
NAICS
541712 — Research and Development in the Physical, Engineering, and Life Sciences (except Biotechnology)
 
Contracting Office
Department of the Air Force, Air Force Materiel Command, AFRL - Rome Research Site, AFRL/Information Directorate, 26 Electronic Parkway, Rome, New York, 13441-4514
 
ZIP Code
13441-4514
 
Solicitation Number
BAA-09-07-RIKA
 
Point of Contact
Lynn G. White,, Phone: (315) 330-4996
 
E-Mail Address
Lynn.White@rl.af.mil
 
Small Business Set-Aside
N/A
 
Description
The purpose of this modification is to: (1) Incorporate additional information for the Cyber Operations Core Technical Competency Area: Cyber Threat Avoidance ; (2) Changing the FY09 recommended dates for white papers for this topic only; (3) Delete paragraphs found in Section I and Section II that refer specifically to Historically Black Colleges and Universities and Minority Institutions. (1) Challenge Problem Title: Cyber Threat Avoidance Background: Cyberspace is a warfighting domain that is customarily viewed as favoring the offense. Most of the time, cyber defenders are relegated to a tactical, reactive engagement with threats. This mode of operation is not only unsustainable as these activities increase, but brings into question the viability of all cyber-dependent missions. Among the most challenging domains of cyberspace is that of the Airborne Network (AN). Airborne Networks (ANs) are three dimensional mobile ad hoc networks formed in the sky. The nodes in ANs may have communication links to ground based control stations, other ANs, as well as satellites. The nodes may move extremely rapidly causing dynamic topological changes to the network. ANs have stringent and very low latency requirements for entering the network as well as for transmitting data packets. In order to gain control of our cyberspace, we must develop strategic, game changing technologies that tip the balance of favor toward the defense. One set of such technologies can be described as those that enable threat avoidance. Threat avoidance contrasts with traditional approaches to network defense such as perimeter defense, intrusion detection, etc., because in its ideal embodiment, it makes these unnecessary. Avoidance reduces or eliminates the need to fight. In reality, we will require a robust means to detect intrusions, block attacks, and recover from damage, simply due to the fact that we cannot avoid every threat. However, if we adopt the mindset and begin developing technology to avoid threats through various technological means, we can begin to modify the domain to favor the defenders. The information assurance (IA) framework for ANs, like any terrestrial network, includes authentication, authorization, access control, confidentiality, trust management, intrusion detection, and information forensics. The most critical parameter that distinguishes the IA framework for ANs from a terrestrial network is timeliness. The IA designer for ANs almost always has to balance security with the latency that comes with it. Challenge Problem: Develop means to modify the Cyberspace domain of the Airborne Network to eliminate vulnerabilities beforehand or make them inaccessible to the adversary. Utilize established anti-tamper and software protection tenets to mitigate vulnerabilities by 1) moving them "out of band," in the sense that they are made technically or physically inaccessible to the adversary; or 2) designing them out completely through systematic design practices. Since the Cyberspace infrastructure, specifically the Airborne Network is a technological domain devised and built by humans, the "laws" that define its behavior can be re-written, and therefore this medium can be modified at any level to favor protective or defensive purposes. Vulnerable protocols, architectures, instruction sets, etc. must be modified, extended, or replaced as necessary to secure critical warfighting systems. In the airborne domain a trust model protocol is required to provide a method to prove the identity of a node without giving away any information regarding a pre-shared secret. The trust model protocol must use less bandwidth, less computational power, and less memory as compared to existing authentication methods. These characteristics make them appealing for devices with resource constrained applications. The most noteworthy benefit of using a trust model protocol is that no hints about the secret are given during the entire authentication process. Develop "polymorphic" techniques for a dynamic approach for continual and rapid multi-dimensional modification of the cyber domain. These modifications will take place many times per second if necessary, through various protocols such as that described above, and at multiple computer and network layers providing agility in defense so that the attacker loses the advantage of time and attack preparation. Agility in defense includes establishment of early indications & warnings (I&W) mechanisms that detect anomalous activities or entities, rapid analysis of the activity to include attribution and geolocation, anticipation of future behaviors and effects, and real-time provisioning of defensive systems in the most effective way. One approach for avoiding threats in real-time is to present adversaries with an agile "moving target" through the use of evasion tactics to prevent detection and identification in the first place, and escape tactics if evasion fails and a viable threat is confronted. Another approach is to utilize methods to better guarantee the authenticity of each node in the network and continuously verify their credentials through all transactions. Situation Awareness will serve as an input to enable defensive agility in an accurate threat and environmental context. Relevant Areas of Needed Research: Mission assurance architectures, agile network architectures, agile computer architectures, threat identification and mitigation, polymorphic systems and networks, cyber indications & warnings. What is the appropriate trust model technical implementation for this type of application? Can a trust model protocol be developed to gain acceptable trust utilizing very little bandwidth, memory and computational power to gain a high level of confidence? (2) The submission date for this challenge problem only will be 10 April 2009. (3) The following sentences have been deleted from Sections I and II respectively: "Additionally, AFRL/RI has an active Historically Black Colleges and Universities and Minority Institutions Program. Hence, research proposals from HBCU/MI maybe funded from special funds that maybe set aside by the II Director.", as well as the following: "There is also the potential to make awards up to any dollar value. Awards for Historically Black Colleges and Universities and Minority Institutions Program set-aside research efforts are constrained by the funding allocated. Individual awards normally will not exceed twelve (12) months and will range from $50K - $100K; with a portion of the research being performed at the Rome Research Site." All other information remains the same.
 
Web Link
FedBizOpps Complete View
(https://www.fbo.gov/?s=opportunity&mode=form&id=9f6d5a73b7d0bb43b2ac93774d0a619c&tab=core&_cview=1)
 
Record
SN01774418-W 20090322/090320220912-9f6d5a73b7d0bb43b2ac93774d0a619c (fbodaily.com)
 
Source
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  © 1994-2020, Loren Data Corp.