Secure Navy Systems: Funding for Cyber Resilience

The Office of Naval Research (ONR) is interested in receiving proposals for real-time full spectrum cybersecurity Science and Technology (S&T) Projects which offer potential for advancement and improvement of Navy and Marine Corps operations. Readers should note that this is an announcement to declare ONR’s broad role in competitive funding of meritorious research across a spectrum of science and engineering disciplines. A brief description of the ONR Program science and technology thrusts that ONR is pursuing is provided below. The Office of Naval Research (ONR) is interested in receiving proposals addressing Full-Spectrum Cyber (FSC) science and technology for real-time cyber-resilient systems including current and legacy Industrial Control & Combat Systems (ICCS) with complex and evolving software.

This BAA originates from the ever-growing need for comprehensive and novel methods for cybersecurity and resiliency of legacy and currently deployed information systems including real-time ICCS. The critical nature, real-time requirements, and physical effects of such systems impact the health and safety of human lives and the critical systems. The availability of real-time security solutions is limited because such systems have not been the traditional focus of cybersecurity research and development. The objective of this BAA is to solicit solutions to enhance the cybersecurity, resiliency, integrity, and availability of real-time systems.

This solicitation is broken up into three separate S&T cyber thrust areas of interest: - Cyber-attack resilient and fault-tolerant communications - Cyber-attack resilient and fault-tolerant systems - Proactive-cyber shaping Cyber-attack resilient and fault-tolerant communications The ONR is interested in proposals for developing new approaches for implementing real-time cyber resiliency. This section of the BAA is concerned with communication channels which must be robust against cyber disruptions affecting the communication’s integrity and availability. ICCS are designed for survivability and availability of operations over a long lifecycle that may span multiple decades. Completely redesigning or replacing them is not a viable solution.

Therefore, we are interested in cyber resiliency solutions for communication channels that can be retrofitted into legacy systems. Additionally, current control systems communicate across numerous interfaces, protocols, and physical channels that span from traditional IP networks to low-level system backplanes. Unlike traditional computer systems, allowing faults and exploitation of weaknesses with control systems is not acceptable, as it will pose a significant risk to the health and safety of human lives or result in serious damage to its environment. Traditional IP network cybersecurity proposals will be reviewed but are not the primary focus of this BAA.

Proposed research should enhance the cybersecurity/robustness of a low-level communication channel or system backplane. A successful proposal at this level may require an understanding of non-standard or legacy backplane architecture and protocols. Proposals should concentrate on the detection and mitigation of malicious cyber events for assured operations and communication robustness in tactical and real-time communication channels that exist on manned and unmanned Naval platforms. Cyber-attack resilient and fault-tolerant systems The ONR is interested in proposals for developing new approaches for implementing real-time cyber resiliency.

This section of the BAA is concerned with real-time systems which must be resilient against naturally occurring faults and cyber disruptions affecting the operations of an individual controller. Computing components that comprise real-time control systems are expected to operate over a long lifecycle that may span multiple decades. As such, it is not practical to completely redesign or replace them. Therefore, we are interested in technologies to enhance real-time control system resiliency that can be retrofitted into legacy systems.

Traditionally, the components of real-time control systems have generally been designed to be tolerant of physical and random faults. In contrast, faults and other adverse behavior due to cyber exploits result in total system failure or corruption even under the protection of typical fault-tolerant mechanisms. This BAA solicits novel approaches to enhance fault-tolerance in real-time control systems so that a system is resilient to a cyber attack, allowing it to operate continuously while maintaining the integrity of its operations. Due to their real-time nature, controllers often require that outputs are generated periodically and processed with regular frequency (sometimes referred to as the epoch).

The cyber exploit resiliency mechanism needs to perform detection and recovery within a window of time such that the physical system remains stable without a control signal. Upon recovery, a controller’s knowledge of the physical system state must also be restored. Control systems are typically engineered to withstand some loss of state, such that the loss does not impact the overall stability of the physical system. Any state information lost should be within the tolerable amount for maintaining physical system stability, which is application specific, and often a small multiple of the epoch.

The recovery mechanism should be able to remove a malicious input and recover to a known good state within the acceptable limits of the physical system. Proposals should concentrate on the detection and mitigation for assured cybersecurity and resiliency of tactical and real-time controllers on manned and unmanned Naval platforms. Proactive-Cyber Shaping Proactive-cyber shaping focuses on developing effective new approaches in cyber, information, and control systems to support tactical decision makers with agile and responsive battlespace shaping capabilities in a rapidly evolving cyberspace. Proactive-cyber shaping capabilities for real-time ICCS will provide an in-depth understanding of a system’s cyber health and status, as well as inform the development of novel protocols, security mechanisms, secure computing platforms, modeling, and evaluation techniques for these ICCS.

Producing FSC effects will encompass all necessary capabilities to assure access to, and integrity of, all information in the battlespace. Specific proposals should focus on tactical and real-time cyber capabilities for both manned and unmanned US Naval platforms. Desired technologies focus on real-time hardware and software, sensing, monitoring, analysis, and technical applications that protect the US Naval information enterprise. Research ideas are being sought after that build upon fundamental research in computer and information sciences for ensuring the integrity of the US Naval information enterprise including the protection of our ICCS.

The cyberspace domain in which the US Naval Forces operate requires advances in cyber that enable our warfighters to remain persistently ahead of the adversary. Proposals are desired that aim to develop methods to assure access to cyberspace and the integrity of command and control, along with advancing research on the convergence of cyber and electromagnetic maneuver.