SITIS Topic Details |
||||||
| Proposals Accepted: | |
| Program: | SBIR |
| Topic Number: | AF103-047 (AirForce) |
| Title: | Mission Assurance and Information Security | Research & Technical Areas: | Information Systems |
| The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), which controls the export and import of defense-related material and services. Offerors must disclose any proposed use of foreign nationals, their country of origin, and what tasks each would accomplish in the statement of work in accordance with section 3.5.b.(7) of the solicitation. | Objective: | Provide improved survivability in IP networks via technologies enhancing likelihood of mission continuity and completion, able to persist under conditions of extreme attack and/or degraded performance.
| Description: | DoD information systems, as well as civilian and commercial information systems that are connected to networks are likely targets for attack and possible compromise. Often, without these systems, an organization’s ability to perform its function may be severely limited. DoDI 8500.2 describes Mission Assurance Categories (MAC I – III) for DoD information systems. These mission assurance categories reflect the importance of the information system and its information relative to the achievement of DoD goals and objectives, particularly the warfighters' combat mission. This research will investigate the adaptation of mission-critical assets and/or the addition of capabilities to minimize the consequences of attacks on MAC I, II and III systems. Because we cannot protect fully against the advanced cyber threat or often even detect that we are under attack, it is risky to base defenses purely on a monitor, detect, and react approach. Instead, emphasis should be placed on architectural and operational strategies to ensure survivability, resiliency, and adaptability to “fight through” severe cyber degradation and compromise, and to make the adversary’s job harder and more costly. This effort aims to strengthen cyber readiness in a contested and degraded cyber operational environment, providing a set of automated capabilities to respond dynamically to escalating threats. Proposed techniques may include but are not limited to: • employment of application execution/database transaction sandboxes to check results before actual execution • business-unit failover to change entire suites of critical processes when compromise/failure occurs.
| PHASE I: Identify and design techniques that could be employed to adjust, reconfigure or restore the network or its components to minimize the consequences and impact of attacks.
| PHASE II: Prototype the designed adjustment/reconfiguration hardware and/or software and demonstrate its effectiveness in minimizing the consequences and impact of attacks.
| PHASE III Dual Use Applications: Military application: Military operations through cyber attacks and the ability to quickly and efficiently reconstitute information systems after an attack.
Commercial application: The monitoring, continued operation and rapid reconstitution of critical infrastructure information systems during and after an attack.
| References: | 1. C. J. Alberts, A. J. Dorofee, “Mission Assurance Analysis Protocol (MAAP): Assessing Risk in Complex Environments”, CMU/SEI-2005-TN-032 http://www.sei.cmu.edu/reports/05tn032.pdf 2.A. Bargar, “DoD Global Information Grid Mission Assurance”, CrossTalk: The Journal of Defense Software Engineering, July 2008, http://www.stsc.hill.af.mil/crossTalk/2008/07/0807Bargar.html 3. “Information Assurance (IA) Implementation”, DoDI 8500.2, February 6, 2003, http://www.dtic.mil/whs/directives/corres/pdf/850002p.pdf |
| Keywords: | mission assurance, critical infrastructure protection, operation through cyber attack |
Questions and Answers: |
Q: Would a proposal that directly addresses survivability of network connectivity and cloud storage, but only indirectly survivability of computational services, be considered responsive? |
A: Yes. |
As of midnight September 1, questions for solicitations SBIR 10.3 and STTR 10.B will no longer be accepted.
To read the solicitation for full proposal preparation and submission details click here. |