Naval Air Systems Command (NAVAIR) issued a Broad Agency Announcement (BAA) Monday seeking technical and cost proposals for research in technology that is applicable to resilient cyber warfare capabilities for NAVAIR weapons.
This BAA seeks “principally to orchestrate germane R&D to fill the gaps in cyber warfare capabilities for NAVAIR weapon systems” to achieve NAVAIR Cyber Warfare Detachment (CWD) strategy. This means to secure weapon systems able to survive and exploit cyber warfare.
NAVAIR CWD develops and assesses cyber warfare capabilities to defend NAVAIR weapons systems and corresponding support systems as well as for mission assurance. Weapon systems includes aircraft, weapons, and sensors.
The solicitation, posted to FedBizOpps, explains CWD’s strategy is to defend the access points to weapon systems, continue to operate during close quarters battle, and conduct cyber-smart acquisition to achieve this.
“The foundation of the CWD strategy for NAVAIR weapon systems is to develop the cyber workforce, invest in infrastructure and research and development (R&D) and establish standards and best practices,” the post said.
The solicitation said CWD finds “there is a paucity of cyber R&D and threat information for weapon systems and supporting systems” that directly or indirectly connect to weapon systems and most business systems information technology cybersecurity measures are also mis-applied or ill-designed for weapons systems.
Thus, the BAA is solicitating for research and development to address cyber issues for weapons systems in a system of systems warfare environment with intermittent or indirect connectivity to other systems.
While NAVAIR assumed R&D efforts solicited in the BAA would address the most critical access point and resiliency issues for legacy and future systems, “however, this should not cause presumptive focus on any specific cybersecurity controls, concepts or preconceptions.” The Navy referred to this as the “Maginot line” effect.
It also assumes all R&D efforts will be mission relatable with germane threat assumptions rather than standalone concepts/solutions, because it is critical to achieve integrated warfare and kill chain effects while also preventing that of the adversary.
“It is not desired to employ layer upon layer of costly defenses that only prevent cyber resiliency, dynamic re-configurability / response or, essentially, cyberspace maneuverability,” the solicitation said.
This has a two-phased submission process, with Phase I proposals due by July 7, 2020. Phase I is limited to proposal abstracts limited to five pages. Phase II will later be by invitation only for Phase I offerors whose abstract is considered capable of meeting existing or future program requirements. Phase II covers the technical and cost/funding proposals.
NAVAIR CWD is specifically interested in research in 36 areas including detection, protection, response, recovery from malware and/or effects on real time operating systems (RTOS); warning systems / situational awareness / cueing for weapon system operators of malware, cyber-attacks or impending cyber attacks; dynamic reconfiguration, (distributed /resilient) compilation and re-hosting for RTOS; system of system cyber architectures useable for analysis and employment on weapon systems; full spectrum cyber response and enablement capabilities for multiple weapon system kill chains; sacrificial infrastructure and reactive cyber “armor”; authentication constructs for weapon system environments; and deterrent cybersecurity methodologies that increase adversary Level of Effort / Cost to sufficient level.
The general types of technologies NAVAIR is seeking include RTOS malware/C2 detection, protection, response and recovery; non-destructive/disruptive inspection; and dynamic reconfiguration/re-host/compilation.