There is an existing DLA open SBIR Phase I opportunity requesting innovative methods for providing supply chain cybersecurity. Follow the link to access topic on DOD SBIR portal. Submissions are due in 24 days. Funding for Phase I is 100K. For a discussion of the Phase II opportunity see this link.

Text of Phase I Opportunity

DLA202-002 TITLE: Secure Computing Autonomous Network (SCAN) 

RT&L FOCUS AREA(S): Cybersecurity TECHNOLOGY AREA(S): Information Systems

KEYWORDS: Anomaly Detection, Behavior-Based Detection, Blockchain, Classification, Computer Network Traffic Analysis, Cryptography, Cybersecurity, Data Analysis, Data Provenance, Decentralized Logging, Logistics Platforms, Machine Learning, Networking, Network Intrusion Detection, Pattern Matching, Supply Chain Risk Management, SCRM, System Of Systems, Zero Trust

OBJECTIVE: Develop, demonstrate, and field a private distributed platform that can continuously identify, assess, report, and mitigate threats, vulnerabilities, and disruptions to DLA’s network-connected devices. The platform should be scalable with low bandwidth and compute resource requirements. It should also be capable of running asynchronously within isolated environments outside of network connectivity.

Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 3.5 of the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws.

DESCRIPTION: DLA requires a cyber-detection platform that comprehensively addresses supply chain security challenges, evolves as new threats emerge, and endures the test of time to provide uninterrupted support to the warfighter. The platform should provide distributed command-and-control of cyber threats, including the ability to rapidly stop effects and restore normal operations. The platform must not harm the underlying network infrastructure or host systems. The platform architecture should be system-agnostic and provide distributed aggregation and storage of all relevant cybersecurity data, allowing for real-time analysis of any network.

DLA202-002 TITLE: Secure Computing Autonomous Network (SCAN) The platform should passively monitor system data for problem trends and behaviors, and then issue warnings to the operators of more significant systemic faults. The platform should automatically update its risk index to address emerging threats. The platform should classify device-related errors, and have behavior-based or anomaly-based detection of threats that may otherwise go undetected. In all cases, the platform may be required to function under a variety of scenarios within isolated environments that do not support robust learning models. This lack of connectivity to models makes the common approach to cyber detection less effective. An alternative approach is to focus on coupling machine learning (ML) with distributed ledger technologies (DLT) to provide indexed integrity of system interactions. The ability to interface with simulation environments is also of interest. 

PHASE I: Phase I – 6 Months $100K The below actions would be required in order to successfully accomplish Phase I:

• At a minimum, a workable concept for a Secure Computing Autonomous Network (SCAN) prototype that addresses the basic requirements of the stated objective above.

• Develop a distributed platform that can conduct automated scans of various data streams to learn, predict, and mitigate future disturbances, abnormal trends, and problems.

• Develop and prove feasibility of a Concept of Operation (CONOP) for the use of the platform. Develop a preliminary design to implement the CONOP.

• Address all viable overall platform design options with respective specifications on software modularity, hardware requirements for computational power and capacity, system/sensor agnosticism, and dissemination of information products requested by the user community. 

REFERENCES:

1) 1. DoD Enterprise DevSecOps Reference Design, August 2019.

https://dodcio.defense.gov/Portals/0/Documents/DoD%20Enterprise%20DevSecOps%20Reference%20Design%20v1.0_Public%20Release.pdf?ver=2019-09-26-115824-583

2. It Takes an Average 38 Days to Patch a Vulnerability, Kelly Sheridan, Dark Reading, August 2018. https://www.darkreading.com/cloud/it-takes-an-average-38-days-to-patch-a-vulnerability/d/d-id/1332638

3. Cyber-security Framework for Multi-Cloud Environment, Taslet Security, September 2018.

https://medium.com/taslet-security/cyber-security-framework-for-multi-cloud-environment-e7d35fd32bd6

4. Zero Trust: Beyond Access Controls, Rob MacDonald, HelpNetSecurity, January 2020.

https://www.helpnetsecurity.com/2020/01/23/zero-trust-approach-cybersecurity/