Navy looking to shore up weapons-systems cybersecurity
NAVAIR issues a solicitation addressing the networked nature of weapons and the vulnerabilities can exist.
“We are incredibly susceptible – everyone is – to manipulation of the electromagnetic spectrum. Cyber and cybersecurity and our operations within the current spectrum are at risk continually,” Rear Adm. Mark Darrah, program executive officer for Unmanned Aviation and Strike Weapons at the Naval Air Systems Command, said at the recent Sea-Air-Space Exposition. “We’ve got to find a way to move beyond that.”
NAVAIR, in fact, as made a call to industry for help in this space. The command last week released a broad agency announcement as a means of orchestrating germane research and development to fill gaps in cyber warfare capabilities for weapons systems.
The BAA is “solicit[ing] R&D, not to simply apply IT solutions, concepts and underlying business environment assumptions … [but] to address cyber issues for weapon systems in a system of systems warfare environment with often intermittent or indirect ‘connectivity’ to other systems,” given that systems and their supporting infrastructure are interconnected through some type of network.
“[T]here has been little attention given to these intermittent connections, such as maintenance laptops, mission loaders, etc. As well, there has been little R&D concerning critical physical and industrial control system interfaces with air vehicles, such as aircraft launch and recovery equipment (ALRE), power and navigation umbilicals,” the notice states. “In fact, this BAA assumes that the cyber R&D problem space for weapons systems even reaches back to concept development, supply chain management and software development and assurance / configuration management and as far forward as battle damage assessment and equipment sanitization and disposal which all could involve anti-tamper as well.”
In total, the notice lists 34 research areas of interest, including detection, protection, response and recovery from malware, weapon system cybersecurity and threat assessment models, threat attribution, identification and geo-location, redundant, back-up, mechanical and voting cyber system constructs for resiliency, authentication for weapons systems, coordinated cyber and electronic warfare convergent capabilities and risk/benefit assessment methodologies within mission kill chain and techniques for encryption during weapon system development.
NAVIAR is interested in technology solutions varying from real-time operating system malware and command-and-control detection, protection, response and recovery; non-destructive/disruptive inspection; and, dynamic reconfiguration/re-host/compilation.
One of the three things Derrah said keeps him up at night are operations relying on precision, navigation and timing. “Everything we do right now is driven by GPS timing and I talked about the susceptibility that we have in our environments for electronic attack and so on. We are heavily reliant on precision, navigation and timing,” he said.
Phase two of this effort will be by invitation only. NAVAIR will invite offerors whose phase I proposal abstract is considered to be capable of meeting existing or future program requirements. Offerors have until May 15, 2017 to submit proposals.