N251-062 TITLE: Asymmetric Large Language Model Aided Cyber Effects (ALL ACES)

OUSD (R&E) CRITICAL TECHNOLOGY AREA(S): Advanced Computing and Software;Integrated Sensing and Cyber;Trusted AI and Autonomy

OBJECTIVE: Develop a comprehensive Cyber/Electromagnetic Spectrum Operations (EMSO) platform to support timely effects-based targeting, mission planning, as well as access and employment by utilizing Artificial Intelligence/Machine Learning (AI/ML) for "Human-AI Partnered" automated technical workflows to improve efficiency, capability, breadth and deployment of effects, and decision support.

DESCRIPTION: The latest evolution in Generative AI/Large-Language Model (LLM) technology presents a strategic opportunity to address challenges in cost, processing-latency, and talent shortages in Offensive Cyber Operations (OCO) and/or Defensive Cyber Operations (DCO). Solutions should demonstrate secure, efficient processing of real-time Cyber Threat Intelligence to inform agile (e.g., same-day) response to new threats, vulnerabilities, and exploits, thereby speeding and simplifying cyber risk mitigation through aligned security operations and threat-specific response.

Technology areas of interest are below. Proposals should focus on or incorporate one or more of the following areas technology areas of interest. Please indicate the technology areas of interest within the Abstract section of the Cover Sheet, Volume 1.

1. Artificial Intelligence: This area encompasses the integration of computing solutions to use learning and intelligence to take actions that maximize their chances of achieving defined goals. This includes the use of LLMs to understand and provide reactive capabilities for mission-defined tasking and workflow automation. The AI component would perform the heavy lifting that operators can fine-tune to quickly yield the best and most desired results.
2. Cyberinfrastructure and Advanced Computing: This area focuses on ensuring solutions push the boundaries of current hardware and software technologies to ensure efficient and scalable solutions while still focusing on security. Focusing on a wholistic approach to solutions ensures effectiveness and increases the reach for operational use.
3. Cybersecurity: This area explores the use of both offensive and defensive cyber strategies for exploitation utilization and vulnerability mitigation. The offensive side would seek to collect existing and novel mission-specific exploitation solutions and facilitate delivery when necessary. The defensive side would gather information from various up-to-date sources and guard against the latest cyber vulnerabilities. Both pieces would use the same collage of vulnerability knowledge for performing their respective tasks.

Work produced in Phase II may become classified. Note: The prospective contractor(s) must be U.S. owned and operated with no foreign influence as defined by 32 U.S.C. § 2004.20 et seq., National Industrial Security Program Executive Agent and Operating Manual, unless acceptable mitigating procedures can and have been implemented and approved by the Defense Counterintelligence and Security Agency (DCSA) formerly Defense Security Service (DSS). The selected contractor must be able to acquire and maintain a secret level facility and Personnel Security Clearances. This will allow contractor personnel to perform on advanced phases of this project as set forth by DCSA and ONR in order to gain access to classified information pertaining to the national defense of the United States and its allies; this will be an inherent requirement. The selected company will be required to safeguard classified material during the advanced phases of this contract IAW the National Industrial Security Program Operating Manual (NISPOM), which can be found at Title 32, Part 2004.20 of the Code of Federal Regulations.

PHASE I: Provide architecture definition, AI Model selection, and concept refinement to support OCO and DCO operations. In addition, prototyping should be used as for validation for technology selection. Provide a Phase II development plan with performance goals and key technical milestones, and that will address technical risk reduction.

PHASE II: Create a demonstrable system prototype for evaluation by USN/USMC personnel to support OCO and DCO operations. Ensure the prototype’s capability for showing ingestion of specified data and ability to interface with it with a chat-style interface in natural language, as well as demonstration of automated analysis of the ingested threat intelligence, overlaid on the real or simulated environment for relevance and actionability. The technology should reach TRL 6 at the conclusion of this phase. Successful completion of Phase II is expected to result in Phase III funding.

It is probable that the work under this effort will be classified under Phase II (see Description section for details).

PHASE III DUAL USE APPLICATIONS: Support transition for Navy use. Further develop and productize the prototype(s) for the intended mission in an operational environment and then test to ensure requirements are satisfied. The prototypes shall be TRL 7 at the conclusion of testing. The concept also will allow potential product opportunities in the Information Security vendor market. The Information Security vertical has a systemic and historical need for skilled practitioners. The technology developed by this SBIR opens an opportunity for product development in this vertical that helps create more productive Information Security practitioners faster. This productivity increase has the potential to reduce the skills gap that currently exists.

REFERENCES:

1. "DoD Digital Modernization Strategy - DoD Information Resource Management Strategic Plan Fy19-23. Goal 3: Evolve Cybersecurity for an Agile and Resilient Defense Posture." https://media.defense.gov/2019/Jul/12/2002156622/-1/-1/1/DOD-DIGITAL-MODERNIZATION-STRATEGY-2019.PDF

2. U.S. Department of Defense. "Summary 2023 Cyber Strategy of the Department of Defense." https://media.defense.gov/2023/Sep/12/2003299076/-1/-1/1/2023_DOD_Cyber_Strategy_Summary.PDF

3. "National Industrial Security Program Executive Agent and Operating Manual (NISP), 32 U.S.C. § 2004.20 et seq. (1993)." https://www.ecfr.gov/current/title-32/subtitle-B/chapter-XX/part-2004

KEYWORDS: Artificial Intelligence, AI, Machine Learning, ML, Offensive Cyber Operations, OCO, Defensive Cyber Operations, DCO, Large Language Models, LLM, Electromagnetic Spectrum Operations, EMSO

TPOC 1: Waleed Barnawi
Email: [email protected]

TPOC 2: Nathaniel Husted
Email: [email protected]

---