Digital Theater-level System Model for Cyber Security Analysis
Navy SBIR 2020.1 - Topic N201-064
NAVSEA - Mr. Dean Putnam - dean.r.putnam@navy.mil
Opens: January 14, 2020 - Closes: February 12, 2020 (8:00 PM ET)

N201-064

TITLE: Digital Theater-level System Model for Cyber Security Analysis

 

TECHNOLOGY AREA(S): Information Systems

ACQUISITION PROGRAM: EO-IWS5: Surface ASW Combat System Integration, Surface ASW System Improvement

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 3.5 of the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws.

OBJECTIVE: Develop a digital model that can assess the communications-related cybersecurity posture of geographically distributed sensors, weapons, and combat systems supporting theater-level mission tasking.

DESCRIPTION: For the Theater Undersea Warfare (USW) mission, the Theater commander’s tool is the AN/UYQ-100 Undersea Warfare Decision Support System (USW-DSS) [Ref. 1]. USW-DSS produces plans that optimize USW capability across the entire theater. However, cybersecurity has not traditionally been a part of mission planning at the theater level. The theater-wide system of systems contains distributed networks of disparate systems at varying levels of cyber resiliency, which communicate through physical environments that vary as a function of time, season, commercial and military interference, and other factors [Refs. 2, 3].

Cybersecurity posture of individual systems are monitored in accordance with the Risk Management Framework (RMF) [Ref. 4]. However, RMF is not sufficient to support modeling of the cybersecurity of geographically distributed systems communicating through atmospheric and acoustic environments with variable properties. Commercial infrastructure with similar needs operate on networks specifically designed to be robust, but are not adequate for military needs. Military combat systems in conflict with a peer competitor cannot count on dedicated intra-system communication network infrastructure and must adapt to transmissions through the available environment (e.g., acoustic transmission, electronic transmission through the atmosphere).

The Navy needs a software architecture and digital system model capable of providing USW planners a comprehensive assessment of the cybersecurity posture of a geographically distributed network of disparate sensors communicating through paths fundamentally dependent on environmental factors. The successful technology will be used as a stand-alone product in support of new system design and will be incorporated into USW-DSS in support of theater ASW operations.

The needed digital system model will provide modeling of actual and planned theater assets and allow designers to assess the cybersecurity implications of distributed and unmanned systems as they communicate and operate in the physical environment. Incorporation of this model into USW-DSS will also allow theater commanders to include cybersecurity in mission planning, mission execution, and post-mission analysis.

The digital system model must be able to represent the cybersecurity posture of each category of USW sensor and platform, including surface combatants, unmanned vehicles, submarines, air vehicles, surveillance assets, and expendables associated with these platforms. The digital system model must also be capable of modeling the communication pathways between these geographically dispersed sensors and platforms, including modeling of environmental factors and their effect on the communication between the sensors and platforms. This technology will reduce engineering efforts to provide Objective Quality Evidence (OQE) for the system cybersecurity resiliency in operational environments.

The digital system model must have a useful instantiation that can run as an element of USW-DSS without increasing processing hardware requirements. USW-DSS is hosted on shipboard computational assets such as the Consolidated Afloat Networks and Enterprise Services (CANES). Mission execution monitoring must be able to support real-time execution. Post-mission analysis must be able to support 4X real-time analysis. The USW-DSS system-operating environment will be defined in greater detail by the Government, but will consist of RedHat Security-Enhanced Linux as the base operating system.

Work produced in Phase II may become classified. Note: The prospective contractor(s) must be U.S. Owned and Operated with no Foreign Influence as defined by DOD 5220.22-M, National Industrial Security Program Operating Manual, unless acceptable mitigating procedures can and have been be implemented and approved by the Defense Security Service (DSS). The selected contractor and/or subcontractor must be able to acquire and maintain a secret level facility and Personnel Security Clearances, in order to perform on advanced phases of this contract as set forth by DSS and NAVSEA in order to gain access to classified information pertaining to the national defense of the United States and its allies; this will be an inherent requirement. The selected company will be required to safeguard classified material IAW DoD 5220.22-M during the advance phases of this contract.

PHASE I: Define and develop a concept for a software architecture that would support assessment of the cybersecurity posture of a geographically distributed network of sensors and platforms. Demonstrate feasibility through analytical modeling and development that address the requirements discussed in the Description. The Phase I Option, if exercised, will include the initial system specifications and capabilities description to build a prototype solution in Phase II.

PHASE II: Develop and deliver a prototype of the software and its architecture for digitally modeling a theater-wide system of systems to assess cybersecurity posture. Demonstrate performance through the required range of parameters given in the Description, including the ability to conduct robust options analysis in varying locations in support of system design as well as an ability to support real-time assessments by human operators of ongoing operations in the theater. Demonstrate, at a Government- or company-provided facility, utilization of existing Navy-specified system or sub-system components to provide a fully functional operational capability within USW-DSS; and the capability to ingest real-time data representative of operational conditions.

It is probable that the work under this effort will be classified under Phase II (see Description section for details).

PHASE III DUAL USE APPLICATIONS: Assist the Navy in transitioning the technology for Navy use and complete further experimentation and refinement to ensure that the technology provides support for USW-DSS and other Navy specified systems and the associated system engineering activities of the Program.

The technology should have high potential for dual use for industries with geographically distributed systems, such as utilities related to power generation, water distribution, information networks, and border surveillance. This is particularly useful for industries where reliability of the communication networks impacts performance and cybersecurity.

REFERENCES:

1. “AN/UYQ-100 Undersea Warfare Decision Support System (USW-DSS).” United States Navy Fact File. https://www.navy.mil/navydata/fact_display.asp?cid=2100&tid=324&ct=2

2. Xie, Geoffrey, Gibson, John and Leopoldo Diaz-Gonzalez. “Incorporating Realistic Acoustic Propagation Models in Simulation of Underwater Acoustic Networks: A Statistical Approach.” Proceedings of MTS/IEEE Oceans Conference, Boston, September 2006. https://faculty.nps.edu/xie/papers/Model-Oceans06.pdf

3. Wihl, Lloyd, Varshney, Maneesh and Kong, Jiejun. “Introducing a Cyber Warfare Communications Effect Model to Synthetic Environments.” Interservice/Industry Training, Simulation, and Education Conference (I/ITSEC) 2010, accessed 19 December 2018, Cyber_Warfare_Communications_Effect_Model_to_Synthetic_Environments.

4. “Risk Management Framework (RMF), DoD Instruction 8510.01, Incorporating Change 2 of 28 July 2017.” https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/851001_2014.pdf

KEYWORDS: Theater Undersea Warfare; USW; Undersea Warfare Decision Support System; USW-DSS; Cybersecurity Implications of Distributed and Unmanned Systems; Combat Systems; Cybersecurity of Geographically Distributed Systems; Modeling of Environmental Factors