This week, the U.S. Navy’s NAVAIR Cyber Warfare Detachment (CWD), issued a solicitation for technical/cost proposals for research support for technologies that are applicable to its Resilient Cyber Warfare Capabilities. The Navy’s CWD develops cyber warfare capabilities to defend weapons and corresponding systems. From smart TVs to connected vehicles, today’s consumer goods fall into the category of “Internet-of-Things” (IoT) and are vulnerable to cyber attacks. Military hardware, such as aircrafts, unmanned vehicles, sensors, and other systems that provide logistics and mission planning have the same vulnerabilities. These systems could be hacked and compromised, which could transform expensive cutting-edge devices into little more than pricey, heavy bricks. The strategy of CWD is to defend the access to points to these weapons systems through detection and prevention and ensure that they can continue to operate during close quarters battles.
Goals of the BAA
“It is also a finding of the CWD that there has been little attention given to these intermittent connections, such as maintenance laptops, mission loaders, etc.” the July 17 broad agency announcement (BAA) stated. “As well, there has been little R&D concerning critical physical and industrial control system interfaces with air vehicles, such as aircraft launch and recovery equipment (ALRE), power and navigation umbilical’s. In fact, this BAA assumes that the cyber R&D problem space for weapons systems even reaches back to concept development, supply chain management and software (SW) development and assurance / configuration management and as far forward as battle damage assessment (BDA) and equipment sanitization and disposal which all could involve anti-tamper as well.”
The BAA addresses the most critical access point and resiliency (close quarters battle) issues for both legacy and future systems. It added that such efforts should not cause presumptive focus on any specific cybersecurity controls, concepts, or preconceptions, i.e., the “Maginot line” effect – in reference to the pre-World War II French Army fortifications that were bypassed in the early stages of the war.
8 Areas of Interest for Proposals
NAVAIR CWD added that it also isn’t seeking costly defense measures that would impair or disrupt cyber maneuverability. The BAA addressed eight areas that were of particular interest for proposals including:
- SWaP (Size, Weight and Power) sensitive cyber resiliency for RTOS and aviation warfare environment.
- Access point identification, prioritization, and defense
- Cyber-EW convergent capabilities
- Full acquisition cycle cybersecurity measures
- Cyber test, inspection, and incident response concepts
- Cyber warning system techniques
- Cyber fault, risk, and threat assessment methodologies
- Resilient Network concepts
Proposal Timeline and Technologies Sought
Examples of technologies sought include, but are not limited to (in no particular order):
- RTOS malware / C2 detection, protection, response and recovery
- Non-destructive/disruptive inspection
- Dynamic reconfiguration / re-host / compilation
NAVAIR added that it will accept proposals for Phase 1 of the submission process through July 7, 2021, and invite qualified proposers for the second phase of the solicitation.
