N211-058 TITLE: Automated Unmanned Systems (UxS) Boundary Protection Capability
RT&L FOCUS AREA(S): Cybersecurity
TECHNOLOGY AREA(S): Ground / Sea Vehicles
OBJECTIVE: Develop solutions that maximize use of automated network configuration management, machine learning (ML), advanced data analytics, Security Incident and Event Monitoring (SIEM), and decision analysis to execute unmanned systems UxS missions in a cyber-contested environment.
DESCRIPTION: The Navy seeks development of software, or a combination of software and hardware, to provide advanced cybersecurity capabilities in accordance with Navy Cybersecurity Technical Authority Standards Naval Systems Command Enclave Process v1.0 (dated 19 Sep 2017) and Defense-in-Depth Functional Implementation Architecture (DFIA) Standard (STD-DFIA-004R0), and the National Institute Standards for Technology Special Publication 800-53 rev 4 to UxS vehicles (e.g., Medium Displacement Unmanned Surface Vehicle [MDUSV], Medium Unmanned Surface Vehicle [MUSV], Large Unmanned Surface Vehicle [LUSV]), as well as support the needs of ships and vessels with reduced crew complements (e.g., FFG(X), Littoral Combat Ship [LCS], Military Sealift Command [MSC] ships). The solution provides an effective platform boundary that enables UxS vehicles to operate in a cyber-contested environment. The contested environment includes denial of services (DOS), man-in-the-middle [MITM], and unauthorized data exfiltration from both internal and external actors. The hardware and software may include technologies such as intrusion protection systems (IPSs), intrusion detection systems (IDSs), and SIEM.
To ensure interoperability with PMS 406 portfolio, the solution must comply with the Unmanned Maritime Autonomy Architecture (UMAA), which establishes a standard for common interfaces and software reuse among the mission autonomy and the various vehicle controllers, payloads, and Command and Control (C2) services in the PMS 406 portfolio of UxS vehicles. The UMAA common standard for Interface Control Documents (ICDs) mitigates the risk of vendor lock from proprietary autonomy solutions; effects cross-domain interoperability of UxS vehicles; and allows for open architecture (OA) modularity of autonomy solutions, control systems, C2, and payloads. The Navy will provide the open standards for UMAA upon award of Phase I.
The Navy is seeking a broad range of emerging technologies that take advantage of commercial advances in network monitoring and management, SIEM data analytics, and ML to detect cybersecurity anomalies and automatically reconfigure network control points to isolate cyber events and preserve mission critical functions. No current commercial technologies exist that have the military applications that the Navy seeks, without significant tailoring to meet mission specific requirements.
Commercial solutions for network management, SIEM analysis, and system configuration often presume highly skilled humans in the loop or on the loop to evaluate the overall health of a network and execute (or at minimum, approve) changes to network configurations prior to execution. The Navy is interested in solutions that execute these functions without human intervention or supervision to perform tactical UxS missions.
In execution, these solutions would monitor traffic flow across multiple network enclaves within a UxS vehicle, make automated decisions regarding how to reconfigure the network to isolate anomalous behavior, and provide supervisory control of network traffic to enable/prioritize flow of mission-critical data flow while protecting the vehicle from horizontal escalation of anomalous traffic patterns.
The small business solution could take advantage of ML to integrate with commercially available SIEM and network configuration technologies. The solution should demonstrate the ability to identify anomalies and automate the process for identifying the appropriate responses needed to isolate the anomalies and implementing the appropriate network changes. Solutions must be effective without human intervention, given a number of pre-approved parameters.
Work produced in Phase II may become classified. Note: The prospective contractor(s) must be U.S. Owned and Operated with no Foreign Influence as defined by DOD 5220.22-M, National Industrial Security Program Operating Manual, unless acceptable mitigating procedures can and have been implemented and approved by the Defense Counterintelligence Security Agency (DCSA). The selected contractor and/or subcontractor must be able to acquire and maintain a secret level facility and Personnel Security Clearances, in order to perform on advanced phases of this contract as set forth by DCSA and NAVSEA in order to gain access to classified information pertaining to the national defense of the United States and its allies; this will be an inherent requirement. The selected company will be required to safeguard classified material IAW DoD 5220.22-M during the advance phases of this contract.
PHASE I: Provide a concept to solve the Navyís problem and demonstrate the feasibility of that concept. Assess the feasibility by including at least one cyber table top (CTT). Identify the product(s) that comprise the overall solution, which may be either software or a combination of hardware and software based on Commercial off the Shelf (COTS) technology solutions and in accordance with the UMAA standards for physical and logical interfaces for ports, protocols, and services. Demonstrate feasibility using techniques such as modeling and simulation or demonstration testing in a commercial laboratory. As an example, propose a demonstration of a ML algorithm that analyzes SIEM data and issues a control to a network management device that changes the configuration of a network host. The Phase I demonstration could include human-in-the-loop supervisory control, provided the company explains how follow-on phases would fully automate the control function. Companies are expected to propose a specific plan for testing concept feasibility as part of their proposals.
The Phase I Option, if exercised, will include the initial design specifications and capabilities description to build a prototype solution in Phase II.
PHASE II: Develop and deliver two prototype systems for testing and evaluation based on the statement of work (SOW) and Phase I results. The solution must demonstrate full automation (i.e., no human intervention required) of the process to detect an anomaly, determine the appropriate response, and execute the network configuration changes necessary to isolate the anomaly while still enabling mission-critical traffic flow.
The prototype system will vary based on the companyís proposed approach, but it may include hardware and software. The hardware may be a commercial system, a Navy-provided system, or a combination of commercial and Navy-provided systems. The prototype will be evaluated in a Navy lab or at-sea environment. If the prototype is evaluated at sea, it may be evaluated on a manned or unmanned platform as appropriate for the solution. The Navy may opt to choose a surrogate platform for at sea testing based on availability of assets. Additional laboratory testing, modeling, or analytical methods may also be appropriate depending on the companyís proposed approach. The test location will be at the USS Secure.
The system will be evaluated on its ability to with stand cyber-attacks (e.g. DOS, MITM) and the exfiltration of information from both internal and external threat actors. The testing and evaluation process will be accomplished through penetration testing. The personnel overseeing the tests will include representation from PMS 406. In general, two prototype articles should be provided to the government for testing, at least three months prior to the end of Phase II. A Phase III development plan will be required at the end of Phase II.
It is probable that the work under this effort will be classified under Phase II (see Description section for details).
PHASE III DUAL USE APPLICATIONS: Support the Navy in transitioning the technology (i.e., software integrated with Navy-provided hardware, or software integrated with company-provided hardware) to Navy use through system integration, testing support, software and hardware documentation, and limited hardware production if applicable.
Possible platforms where the technology will be used include the Medium Unmanned Surface Vehicle (MUSV), the Large Unmanned Surface Vessel (LUSV), and the Mine Countermeasures Unmanned Surface Vehicle (MCM USV).
In Phase III, the product will be validated, tested, qualified, and certified for Navy use in at-sea trials across a wide range of conditions as applicable for the relevant class of problem. Additional software testing will likely also be required to ensure that all applicable conditions can be tested even if they do not occur during at-sea test periods.
These solutions have potential for dual use in unmanned or minimally manned commercial ships or unmanned vehicles that would benefit from the automation of rapid response techniques to isolate.
KEYWORDS: Cybersecurity; Boundary Protection Capability; Unmanned Systems; Perimeter defense; Automated network security management; Machine Learning; ML; UxS
** TOPIC NOTICE **
The Navy Topic above is an "unofficial" copy from the overall DoD 21.1 SBIR BAA. Please see the official DoD Topic website at rt.cto.mil/rtl-small-business-resources/sbir-sttr/ for any updates.
The DoD issued its 21.1 SBIR BAA pre-release on December 8, 2020, which opens to receive proposals on January 14, 2021, and closes February 18, 2021 at 12:00 p.m. ET.
Direct Contact with Topic Authors: During the pre-release period (Dec 8, 2020 to January 13, 2021) proposing firms have an opportunity to directly contact the Technical Point of Contact (TPOC) to ask technical questions about the specific BAA topic. Once DoD begins accepting proposals on January 14, 2021 no further direct contact between proposers and topic authors is allowed unless the Topic Author is responding to a question submitted during the Pre-release period.
SITIS Q&A System: After the pre-release period, proposers may submit written questions through SITIS (SBIR/STTR Interactive Topic Information System) at www.dodsbirsttr.mil/topics-app/, login and follow instructions. In SITIS, the questioner and respondent remain anonymous but all questions and answers are posted for general viewing. Topic Q&A will close to new questions on February 4, 2021 at 12:00 p.m. ET
Note: Questions should be limited to specific information related to improving the understanding of a particular topicís requirements. Proposing firms may not ask for advice or guidance on solution approach and you may not submit additional material to the topic author. If information provided during an exchange with the topic author is deemed necessary for proposal preparation, that information will be made available to all parties through SITIS. After the pre-release period, questions must be asked through the SITIS on-line system.
Topics Search Engine: Visit the DoD Topic Search Tool at www.dodsbirsttr.mil/topics-app/ to find topics by keyword across all DoD Components participating in this BAA.