Automated Unmanned Systems (UxS) Boundary Protection Capability

Navy SBIR 21.1 - Topic N211-058
NAVSEA - Naval Sea Systems Command
Opens: January 14, 2021 - Closes: February 24, 2021 March 4, 2021 (12:00pm est)

N211-058 TITLE: Automated Unmanned Systems (UxS) Boundary Protection Capability

RT&L FOCUS AREA(S): Cybersecurity

TECHNOLOGY AREA(S): Ground / Sea Vehicles

OBJECTIVE: Develop solutions that maximize use of automated network configuration management, machine learning (ML), advanced data analytics, Security Incident and Event Monitoring (SIEM), and decision analysis to execute unmanned systems UxS missions in a cyber-contested environment.

DESCRIPTION: The Navy seeks development of software, or a combination of software and hardware, to provide advanced cybersecurity capabilities in accordance with Navy Cybersecurity Technical Authority Standards Naval Systems Command Enclave Process v1.0 (dated 19 Sep 2017) and Defense-in-Depth Functional Implementation Architecture (DFIA) Standard (STD-DFIA-004R0), and the National Institute Standards for Technology Special Publication 800-53 rev 4 to UxS vehicles (e.g., Medium Displacement Unmanned Surface Vehicle [MDUSV], Medium Unmanned Surface Vehicle [MUSV], Large Unmanned Surface Vehicle [LUSV]), as well as support the needs of ships and vessels with reduced crew complements (e.g., FFG(X), Littoral Combat Ship [LCS], Military Sealift Command [MSC] ships). The solution provides an effective platform boundary that enables UxS vehicles to operate in a cyber-contested environment. The contested environment includes denial of services (DOS), man-in-the-middle [MITM], and unauthorized data exfiltration from both internal and external actors. The hardware and software may include technologies such as intrusion protection systems (IPSs), intrusion detection systems (IDSs), and SIEM.

To ensure interoperability with PMS 406 portfolio, the solution must comply with the Unmanned Maritime Autonomy Architecture (UMAA), which establishes a standard for common interfaces and software reuse among the mission autonomy and the various vehicle controllers, payloads, and Command and Control (C2) services in the PMS 406 portfolio of UxS vehicles. The UMAA common standard for Interface Control Documents (ICDs) mitigates the risk of vendor lock from proprietary autonomy solutions; effects cross-domain interoperability of UxS vehicles; and allows for open architecture (OA) modularity of autonomy solutions, control systems, C2, and payloads. The Navy will provide the open standards for UMAA upon award of Phase I.

The Navy is seeking a broad range of emerging technologies that take advantage of commercial advances in network monitoring and management, SIEM data analytics, and ML to detect cybersecurity anomalies and automatically reconfigure network control points to isolate cyber events and preserve mission critical functions. No current commercial technologies exist that have the military applications that the Navy seeks, without significant tailoring to meet mission specific requirements.

Commercial solutions for network management, SIEM analysis, and system configuration often presume highly skilled humans in the loop or on the loop to evaluate the overall health of a network and execute (or at minimum, approve) changes to network configurations prior to execution. The Navy is interested in solutions that execute these functions without human intervention or supervision to perform tactical UxS missions.

In execution, these solutions would monitor traffic flow across multiple network enclaves within a UxS vehicle, make automated decisions regarding how to reconfigure the network to isolate anomalous behavior, and provide supervisory control of network traffic to enable/prioritize flow of mission-critical data flow while protecting the vehicle from horizontal escalation of anomalous traffic patterns.

The small business solution could take advantage of ML to integrate with commercially available SIEM and network configuration technologies. The solution should demonstrate the ability to identify anomalies and automate the process for identifying the appropriate responses needed to isolate the anomalies and implementing the appropriate network changes. Solutions must be effective without human intervention, given a number of pre-approved parameters.

Work produced in Phase II may become classified. Note: The prospective contractor(s) must be U.S. Owned and Operated with no Foreign Influence as defined by DOD 5220.22-M, National Industrial Security Program Operating Manual, unless acceptable mitigating procedures can and have been implemented and approved by the Defense Counterintelligence Security Agency (DCSA). The selected contractor and/or subcontractor must be able to acquire and maintain a secret level facility and Personnel Security Clearances, in order to perform on advanced phases of this contract as set forth by DCSA and NAVSEA in order to gain access to classified information pertaining to the national defense of the United States and its allies; this will be an inherent requirement. The selected company will be required to safeguard classified material IAW DoD 5220.22-M during the advance phases of this contract.

PHASE I: Provide a concept to solve the Navy�s problem and demonstrate the feasibility of that concept. Assess the feasibility by including at least one cyber table top (CTT). Identify the product(s) that comprise the overall solution, which may be either software or a combination of hardware and software based on Commercial off the Shelf (COTS) technology solutions and in accordance with the UMAA standards for physical and logical interfaces for ports, protocols, and services. Demonstrate feasibility using techniques such as modeling and simulation or demonstration testing in a commercial laboratory. As an example, propose a demonstration of a ML algorithm that analyzes SIEM data and issues a control to a network management device that changes the configuration of a network host. The Phase I demonstration could include human-in-the-loop supervisory control, provided the company explains how follow-on phases would fully automate the control function. Companies are expected to propose a specific plan for testing concept feasibility as part of their proposals.

The Phase I Option, if exercised, will include the initial design specifications and capabilities description to build a prototype solution in Phase II.

PHASE II: Develop and deliver two prototype systems for testing and evaluation based on the statement of work (SOW) and Phase I results. The solution must demonstrate full automation (i.e., no human intervention required) of the process to detect an anomaly, determine the appropriate response, and execute the network configuration changes necessary to isolate the anomaly while still enabling mission-critical traffic flow.

The prototype system will vary based on the company�s proposed approach, but it may include hardware and software. The hardware may be a commercial system, a Navy-provided system, or a combination of commercial and Navy-provided systems. The prototype will be evaluated in a Navy lab or at-sea environment. If the prototype is evaluated at sea, it may be evaluated on a manned or unmanned platform as appropriate for the solution. The Navy may opt to choose a surrogate platform for at sea testing based on availability of assets. Additional laboratory testing, modeling, or analytical methods may also be appropriate depending on the company�s proposed approach. The test location will be at the USS Secure.

The system will be evaluated on its ability to with stand cyber-attacks (e.g. DOS, MITM) and the exfiltration of information from both internal and external threat actors. The testing and evaluation process will be accomplished through penetration testing. The personnel overseeing the tests will include representation from PMS 406. In general, two prototype articles should be provided to the government for testing, at least three months prior to the end of Phase II. A Phase III development plan will be required at the end of Phase II.

It is probable that the work under this effort will be classified under Phase II (see Description section for details).

PHASE III DUAL USE APPLICATIONS: Support the Navy in transitioning the technology (i.e., software integrated with Navy-provided hardware, or software integrated with company-provided hardware) to Navy use through system integration, testing support, software and hardware documentation, and limited hardware production if applicable.

Possible platforms where the technology will be used include the Medium Unmanned Surface Vehicle (MUSV), the Large Unmanned Surface Vessel (LUSV), and the Mine Countermeasures Unmanned Surface Vehicle (MCM USV).

In Phase III, the product will be validated, tested, qualified, and certified for Navy use in at-sea trials across a wide range of conditions as applicable for the relevant class of problem. Additional software testing will likely also be required to ensure that all applicable conditions can be tested even if they do not occur during at-sea test periods.

These solutions have potential for dual use in unmanned or minimally manned commercial ships or unmanned vehicles that would benefit from the automation of rapid response techniques to isolate.

REFERENCES:

  1. Tidjon, Lionel N.; Frappier, Marc and Mammar, Amel. "Intrusion Detection Systems: A Cross-Domain Overview." IEEE Communications Surveys & Tutorials 21(4), 2019, pp. 3639-3681. https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8735821
  2. Bringhenti, Daniele; Marchetto, Guido; Sisto, Riccardo; Valenza, Fluvio and Yusupov, Jalplliddin. "Towards a fully automated and optimized network security functions orchestration." 2019 4th International Conference on Computing, Communications and Security (ICCCS). Rome, Italy, 2019, pp. 1-7. https://ieeexplore.ieee.org/document/8888130/
  3. Aminato, Muhamad E.; Zhu, Lei; Ban, Tao; Isawa, Ryoichi; Takahashi, Takeshi and Inoue, Daisuke. "Automated Threat-Alert Screening for Battling Alert Fatigue with Temporal Isolation Forest." 2019 7th International Conference on Privacy, Security and Trust (PST), Fredericton, NB, Canada, 2019, pp. 1-3. https://www.springerprofessional.de/en/combating-threat-alert-fatigue-with-online-anomaly-detection-usi/17500622
  4. Silverajan, Bilhanan; Ocak, Mert and Nagel, Benjamin. "Cybersecurity Attacks and Defences for Unmanned Smart Ships." 2018 IEEE Conferences on Internet of Things, Green Computing, and Communications, Cyber, Physical and Social Computing, Smart Data, Blockchain, Computer and Information Technology, Congress on Cybermatics. Halifax, NS, Canada, 2018, pp. 15-20. https://ieeexplore.ieee.org/document/8726823
  5. Mancini, Federico, et al. "Securing Autonomous and Unmanned Vehicles for Mission Assurance." 2019 International Conference on Military Communications and Information Systems (ICMCIS), Budva, Montenegro, 2019, pp. 1-8. https://ieeexplore.ieee.org/document/8842676

KEYWORDS: Cybersecurity; Boundary Protection Capability; Unmanned Systems; Perimeter defense; Automated network security management; Machine Learning; ML; UxS

[ Return ]