SITIS Archives - Topic Details
Program:  SBIR
Topic Num:  AF06-068 (AirForce)
Title:  Cyber Operations
Research & Technical Areas:  Information Systems

  Objective:  The objective of this effort is to develop a defensive “Cyber-Craft” for full-spectrum computer network defense and information assurance.
  Description:  Today’s philosophy of cyber defense is centered on strong boundary protection (e.g. firewalls) and network intrusion detection systems. While these technologies provide some sound defensive capabilities, if breached these types of systems provide the intruder with full-access to an enterprise network. In a Network-Centric Warfare environment today's defenses will not scale to provide the protection required. We envision a new capability we call the cyber-craft that operates solely within the cyber domain to extend the arm of existing cyber defense and computer network defense capabilities. A cyber-craft can be thought of as a lightweight software agent system that performs multiple computer network defense and information assurance functions. The characteristics of a cyber-craft include the ability to be launched from a network platform, the ability to embed control instructions within the craft, the ability to positively control the cyber-craft from a remote network location or management console, the capability for the craft to self-destruct if attacked and corrupted, the capability for the cyber-craft to operate with minimal or no signature/footprint, and the ability for the cyber-craft to rendezvous and cooperate with other friendly cyber-craft. Small, lightweight cyber-craft agents could monitor a large enterprise network with nearly no performance degradation and cooperate in such a way that collectively they become a smart cyber sensor grid. It is envisioned that a cyber-craft system would augment existing computer network defenses by helping to perform security management, network management, intrusion detection, malware detection and eradication, and digital evidence gathering.

  PHASE I: Perform the initial research necessary to assess potential approaches. Develop a solution approach comprised of the most promising approaches, and assess its feasibility. Develop the initial design for a prototype and demonstrate its application.
  
  PHASE II: Develop the required technologies leading to the demonstration of a limited prototype. The prototype will demonstrate the creation of software agents for comprehensive, enterprise-level computer network defense.

  DUAL USE COMMERCIALIZATION: Military application: Dual use applications of this technology include industries and critical infrastructures that have networks and enterprises requiring a high-level of assurance and security. In addition, from a military standpoint this technology could be transitioned into any networks requiring an enhanced level of information assurance.

  References:  Secrets and Lies: Digital Security in a Networked World by Bruce Schneier 2. OASIS: Foundations of Intrusion Tolerant Systems Edited by Jaynarayan H. Lala, IEEE Computer Society Press

Keywords:  Cyber Operations, Cyber Defense, Computer Network Defense, Information Assurance

Questions and Answers:
Q: As stated: “… cyber-craft that operates solely within the cyber domain …”
1. Do you mean it operates on Web (cyber space)?
“ … the capability for the cyber-craft to operate with minimal or no signature/footprint, …”
2. If the cyber-craft is sent from a Web site as an object in memory, do you classify it as a signature or not?
3. Do you consider a globally unique identifiers (GUID) for software component interface is a signature or footprint from the Website?
A: 1. Yes.
2. No.
3. No.

Record: of