DON26BZ03-NV062 TITLE: Secure Tasking of Commercial Assets
OUSW (R&E) CRITICAL TECHNOLOGY AREA(S): Contested Logistics Technologies (LOG)
COMPONENT TECHNOLOGY PRIORITY AREA(S): Integrated Sensing and Cyber; Space Technology
PROJECTED CMMC LEVEL REQUIREMENT: Level 2 (Self)
The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws.
OBJECTIVE: Develop a capability for intercommunication between Government and commercial satellites.
DESCRIPTION: Maritime Targeting Cell-Afloat/Expeditionary (MTC-A/X)’s purpose is to provide weapons-quality tracks to support over-the-horizon targeting by using multi-intelligence capabilities across all domains and deliver direct sensor data downlink capability. To maintain a tactical advantage, the Navy requires the ability to task commercial satellites at Controlled Unclassified Information (CUI)/Information Level-5 (IL-5) and Secret Level (IL-6) to ensure tasking is not discoverable by adversaries.
The Navy could task commercial satellites for missions requiring secure handling of sensitive information, like targeting; however, commercial satellite providers typically do not offer the security levels required for classified Government operations [CUI impact levels (IL)-5 or Secret IL-6]. They could modify existing military systems for commercial use but that is prohibitively expensive and impractical for commercial vendors. Nothing that is commercially available can fulfill this communications need.
The Navy needs a capability to securely task commercial satellites at the required classification levels. This requires a solution leveraging both Government and commercial technologies, such as implementing end-to-end encryption within existing commercial tasking interfaces, secure data transfer protocols, and blockchain-based solutions for verifying the authenticity and integrity of tasking requests. The performer must evaluate the feasibility of integrating commercial security technologies like secure cloud platforms and Virtual Private Networks (VPNs) and explore emerging technologies such as quantum-resistant cryptography for enhanced long-term security.
The solution must establish a baseline for data security with an initial focus on establishing secure methods for tasking commercial satellites at the required CUI levels. Subsequent efforts will focus on solutions that demonstrate measurable reductions in tasking latency - measuring the speed and efficiency of the tasking process, verifying a targeted 90% reduction in tasking time compared to current methods, for which standard tasking can take up to 14 days from order to delivery. Seamless integration across different cybersecurity requirements will further contribute to more timely tasking, increased tasking opportunities, and a stronger overall cybersecurity posture.
The developed technology will be evaluated in a simulated environment against National Institute of Standards and Technology (NIST) standards for secure communications and data handling at the specified classification levels. This performer will also leverage existing Navy contracts, such as those managed by the Commercial Space Program Office (CSPO), to ensure rapid transition and widespread adoption across the DoW.
Work produced in Phase II may become classified. Note: The prospective contractor(s) must be U.S. owned and operated with no foreign influence as defined by 32 U.S.C. § 2004.20 et seq., National Industrial Security Program Executive Agent and Operating Manual, unless acceptable mitigating procedures can and have been implemented and approved by the Defense Counterintelligence and Security Agency (DCSA) formerly Defense Security Service (DSS). The selected contractor must be able to acquire and maintain a secret level facility and Personnel Security Clearances. This will allow contractor personnel to perform on advanced phases of this project as set forth by DCSA and NAVSEA in order to gain access to classified information pertaining to the national defense of the United States and its allies; this will be an inherent requirement. The selected company will be required to safeguard classified material during the advanced phases of this contract IAW the National Industrial Security Program Operating Manual (NISPOM), which can be found at Title 32, Part 2004.20 of the Code of Federal Regulations.
PHASE I: Develop a concept for a secure satellite tasking system that meets the parameters in the Description. Demonstrate the feasibility of this concept by providing a detailed concept design, including system architecture, security protocols, integration plans with existing commercial tasking interfaces, and modeling and simulation to show the system's potential to meet Navy performance goals in the Description. (Note: If modeling and simulation alone cannot sufficiently demonstrate feasibility for specific aspects of the concept, propose and justify the use of simulations or subscale demonstrations to illustrate key aspects of the concept, particularly related to security and integration. For example, a simulation demonstrating the secure transfer of encrypted tasking data between a mock commercial interface and a simulated secure government network would be beneficial.)
Specify the number and delivery schedule of any prototype articles provided to the Government for testing in the Phase II SOW based on the specific approach proposed by the performer.
The Phase I Option, if exercised, will include the initial design specifications and capabilities description to build a prototype solution in Phase II.
PHASE II: Develop a prototype secure satellite tasking system based on the results of Phase I. Demonstrate the core functionality of the secure tasking system, including secure communication channels, data encryption/decryption, authentication and authorization mechanisms, and integration with representative commercial tasking interfaces.
(Note: If full prototype development is deemed too costly within the Phase II budget, the contractor may propose alternative evaluation methods, such as detailed simulations or analytical modeling, to demonstrate the prototype meets Navy performance goals. These alternative methods must be clearly justified and provide sufficient evidence to support the claims.
It is probable that the work under this effort will be classified under Phase II (see Description section for details).
PHASE III DUAL USE APPLICATIONS: Support the Navy in transitioning the secure satellite tasking system to operational use within the Navy. The prototype will be developed and integrated within the Maritime Targeting Cell program and seamlessly integrated with commercial satellite providers.
Support the transition process by refining and hardening the system: addressing any remaining bugs or vulnerabilities identified during Phase II testing and optimizing performance for operational use; developing comprehensive documentation and training materials to provide Navy personnel with the necessary resources to operate and maintain the system effectively; providing ongoing technical support; and assisting the Navy with system integration, deployment, and troubleshooting.
While developed for military applications, this secure satellite tasking technology has significant potential for dual use in the commercial sector. Many industries rely on satellite imagery but face challenges protecting sensitive or proprietary information. This technology could be adapted to provide secure tasking and data transfer for secure commercial applications and safeguard proprietary information from unauthorized access. Other potential applications include precision agriculture to protect sensitive crop data from competitors; environmental monitoring to secure data related to pollution or resource exploration; and urban planning to protect sensitive infrastructure information.
REFERENCES:
KEYWORDS: Commercial Satellite Tasking; Blockchain-Based Authentication; End-to-End Encryption; satellite tasking classified information; Secure Data Transfer; Quantum-resistant cryptography
| 7/7/26 | Q. | We are already operating a global (and optimal) infrastructure that enables the kinds of capabilities described in this topic. Is there a “Direct to Phase II” path for this topic? |
| A. | This specific topic does not allow for Direct-to-Phase II; proposers must follow the standard Phase I to Phase II process. | |
| 7/1/26 | Q. | Does the authenticity/integrity-of-tasking requirement contemplate non-ledger cryptographic roots of trust (e.g., hardware-rooted device identity with ML-DSA signatures) integrated with DoD PKI, in lieu of a blockchain implementation? |
| A. | The authenticity and integrity of tasking can be achieved using non-ledger cryptographic roots of trust, such as hardware-rooted device identity with ML-DSA signatures integrated with DoD PKI, in lieu of a blockchain implementation. Blockchain is not a required element; any solution that meets DoD/Navy standards for integrity, non-repudiation, and auditability is acceptable. | |
| 6/25/26 | Q. | 1. Could you describe the current network architecture for tasking commercial satellites and what type of APIs/interfaces that are used today for tasking (and resulting sensor data)? In this context, where are the vulnerable points for the commercial systems when the Navy submits taskings and receives data?
2. Can we assume we can install/update new solution security communication endpoints into the commercial satellite equipment, including in orbit? If not, what’s the architecture in mind to protect the ground-to-satellite segment as part of the end-to-end security? 3. Is direct access the access model for the Navy to tasking/data on commercial satellites? That is, the ground stations are in the “Navy domain”. Or does the Navy access the tasking/data via commercial (cloud) interfaces? |
| A. | 1.Tasking is typically done through vendor APIs or web portals (e.g., REST, HTTPS, SFTP). Vulnerable points include data in transit, authentication endpoints, commercial cloud infrastructure, and integration points between Navy and commercial systems.
2. It is generally not possible to install or update security endpoints on satellites already in orbit. Security should focus on ground and cloud endpoints, using end-to-end encryption and secure gateways to protect the ground-to-satellite segment. 3. The Navy may use both direct ground station access and commercial/cloud interfaces for tasking and data. Solutions should be compatible with both models. |
|
| 6/23/26 | Q. | 1. For the CUI/IL-5 (and later Secret/IL-6) implementation, does the Government expect the architecture to target a specific accredited cloud or ATO boundary, and will an awardee be sponsored to obtain an ATO or be permitted to operate within an existing Navy IL-5/IL-6 environment? Who is the anticipated accrediting/authorizing authority?
2. The Description calls for exploring quantum-resistant cryptography. For Phase I/II, is the expectation to implement NIST post-quantum standards (e.g., FIPS 203/204/205) in the prototype, or to analyze and provide a migration roadmap? Should the solution align to CNSA 2.0 timelines? 3. The technology will be evaluated in a simulated environment against NIST standards. Could the Government specify the exact compliance baseline for evaluation e.g., NIST SP 800-171 for CUI, SP 800-53 / CNSSI 1253 for Secret, and FIPS 140-3 for cryptographic modules, and any threshold versus objective security parameters? 4. How many Phase I awards does the Government anticipate making under this topic, and is a single Phase II award expected, or could multiple performers carry into Phase II? 5. Phase III places the system within the MTC-A/X program. Is there an identified transition sponsor, program office, or funding line for MTC-A/X, and is engagement with that office expected during Phase I or Phase II? |
| A. | 1. The Government expects the architecture to align with accredited IL-5/IL-6 cloud or ATO boundaries. Awardees may be sponsored for an ATO or permitted to operate within an existing Navy IL-5/IL-6 environment. The accrediting authority is anticipated to be a Navy Authorizing Official.
2. For Phase I/II, the expectation is to analyze and provide a migration roadmap to NIST post-quantum standards (e.g., FIPS 203/204/205), with implementation as feasible. Alignment to CNSA 2.0 timelines is recommended. 3. The compliance baseline for evaluation should be NIST SP 800-171 for CUI, NIST SP 800-53 / CNSSI 1253 for Secret, and FIPS 140-3 for cryptographic modules. Threshold and objective security parameters should meet or exceed these standards. 4. Multiple Phase II awards are possible, but a single award is typical; this is subject to Government discretion. 5. The MTC-A/X program is the identified transition sponsor; engagement with the program office is expected during Phase I and II. |
|
| 6/23/26 | Q. | I have the following questions 1. The keywords and Description specifically cite "blockchain-based authentication." Is blockchain a required element of the solution, or one illustrative option among acceptable approaches? Relatedly, should the authentication and tasking-integrity mechanism integrate with existing DoD PKI/identity infrastructure, or is a standalone distributed ledger preferred? 2. The Description targets a 90% reduction against a baseline where standard tasking can take up to 14 days. Is the 90% measured against that 14-day worst case, and does the metric cover only the tasking/authorization handshake (the security and ordering overhead the broker controls), or the full order-to-delivery pipeline including satellite revisit and collection time? 3. A prior answer noted the ideal channel reaches the satellite directly, not just the operator's ground segment. Is direct-to-satellite tasking (beyond the commercial operator's existing command/ground interface) an objective for Phase I/II, or a stretch/Phase III goal? Direct uplink would imply operator cooperation or TT&C access that materially changes scope. 4. The Description references leveraging existing Navy contracts such as those managed by the Commercial Space Program Office (CSPO). Are there named or preferred commercial tasking providers the solution should integrate first, and will the Government furnish representative commercial tasking-interface specifications or API schemas for Phase I modeling? 5. For Phase II, will the Government facilitate access (accounts, sandboxes, or data-purchase agreements) to the "representative commercial tasking interfaces," or is the performer expected to establish and fund those commercial relationships independently? |
| A. | 1. Blockchain is not a required element; it is one illustrative option among acceptable approaches. Authentication and tasking-integrity mechanisms should integrate with existing DoD PKI/identity infrastructure unless a compelling case is made for a standalone distributed ledger.
2. The 90% reduction is measured against the 14-day worst-case baseline and should cover the full order-to-delivery pipeline, including security, authorization, and delivery, not just the tasking/authorization handshake. 3. Direct-to-satellite tasking is a stretch or Phase III goal, not an objective for Phase I/II. Phase I/II should focus on secure Navy-to-provider workflows. 4. There are no named or preferred commercial providers specified for initial integration. The Government does not commit to furnishing interface specifications or API schemas for Phase I; offerors should use representative examples. 5. For Phase II, the Government may facilitate access to representative commercial tasking interfaces, but performers should be prepared to establish and fund commercial relationships if needed. |
|
| 6/10/26 | Q. | What is the funding limit for Phase 1? |
| A. | All funding information can be found in the DON Phase I Submission Proposal instructions found here: https://www.dodsbirsttr.mil/submissions/api/public/download/solicitationDocuments?solicitation=DOD_SBIR_2026_P1_CBZ&documentType=INSTRUCTIONS&component=NAVY&release=3 | |
| 5/10/26 | Q. | Are there an technical constraints we should be aware of? For instance, OS, memory, CPU, bandwidth limitations? Is the E2E channel expected to return the resulting satellite data as well as transmit the tasking mission? Is the expected E2E channel fully ground based (between Navy and satellite operator) or is the channel expected to reach the satellite itself? |
| A. | Technical constraints must meet DoD/NIST security standards, which may limit OS and hardware choices; efficient CPU, memory, and bandwidth use is needed to reduce tasking latency. E2E channel ideally should securely transmit both tasking requests and return satellite data. The ideal solution allows for tasking between the Navy and satellite operator, and directly to the satellite. |
** TOPIC NOTICE ** |
The Navy Topic above is an "unofficial" copy from the Navy Topics in the DoW FY-26 Release 3 SBIR BAA. Please see the official DoW Topic website at www.dodsbirsttr.mil/submissions/solicitation-documents/active-solicitations for any updates. The DoW issued its Navy FY-26 Release 3 SBIR Topics pre-release on June 3, 2026 which opens to receive proposals on June 24, 2026, and closes July 22, 2026 (12:00pm ET). Direct Contact with Topic Authors: During the pre-release period (June 3, through June 23, 2026) proposing firms have an opportunity to directly contact the Technical Point of Contact (TPOC) to ask technical questions about the specific BAA topic. The TPOC contact information is listed in each topic description. Once DoW begins accepting proposals on June 24, 2026 no further direct contact between proposers and topic authors is allowed unless the Topic Author is responding to a question submitted during the Pre-release period. DoD On-line Q&A System: After the pre-release period, until July 8, 2026, at 12:00 PM ET, proposers may submit written questions through the DoW On-line Topic Q&A at https://www.dodsbirsttr.mil/submissions/login/ by logging in and following instructions. In the Topic Q&A system, the questioner and respondent remain anonymous but all questions and answers are posted for general viewing.
DoW Topics Search Tool: Visit the DoW Topic Search Tool at www.dodsbirsttr.mil/topics-app/ to find topics by keyword across all DoW Components participating in this BAA.
|