The NAVAIR Cyber Warfare Detachment is soliciting technical/cost proposals for research support in technologies that are applicable to Resilient Cyber Warfare Capabilities for NAVAIR Weapon Systems.The NAVAIR Cyber Warfare Detachment (CWD) develops and assesses cyber warfare capabilities for mission assurance and to defend NAVAIR weapon systems (aircraft, unmanned vehicles, weapons, sensors, etc.) and directly corresponding support systems (data link, mission planning, maintenance, logistic, etc.). The strategy of the CWD is to defend the access points to our weapon systems (detect, prevent), survive and continue to operate during close quarters battle (resilience and response), and to conduct cyber-smart acquisition to achieve this. The foundation of the CWD strategy for NAVAIR weapon systems is to develop the cyber workforce, invest in infrastructure and research and development (R & D) and establish standards and best practices.The objective of this BAA is principally to
orchestrate germane R & D to fill the gaps in cyber warfare capabilities for NAVAIR weapon systems to achieve the CWD strategy, i.e., secure weapon systems able to survive and exploit cyber warfare. It is the finding of the CWD that there is a paucity of cyber R & D and threat information for weapon systems and supporting systems that directly or indirectly "connect" to weapon systems. As well, most business systems Information Technology (IT) cybersecurity measures are mis-applied and ill-designed for weapon systems, especially given air vehicle Size, Weight and Power (SWaP) restrictions, and their operational environments. Therefore, this BAA solicits R & D, not to simply apply IT solutions, concepts and underlying business environment assumptions, but to address cyber issues for weapon systems in a system of systems warfare environment with often intermittent or indirect "connectivity" to other systems.It is also a finding of the CWD that there has been little attention given to these intermittent connections, such as maintenance laptops, mission loaders, etc. As well, there has been little R & D concerning critical physical and industrial control system interfaces with air vehicles, such as aircraft launch and recovery equipment (ALRE), power and navigation umbilical's. In fact, this BAA assumes that the cyber R & D problem space for weapons systems even reaches back to concept development, supply chain management and software (SW) development and assurance / configuration management and as far forward as battle damage assessment (BDA) and equipment sanitization and disposal which all could involve anti-tamper as well.It is assumed that R & D efforts solicited by this BAA would address the most critical access point and resiliency (close quarters battle) issues for both legacy and future systems. However, this should not cause presumptive focus on any specific cybersecurity controls, concepts or preconceptions, i.e., the "Maginot line" effect. Traditional Information Assurance (IA) controls that assume continuous monitoring, patching, and imply the installing of a COTS solution, e.g., the Host Based Security System (HBSS), are not only not implementable as is, but may also decrease security and system performance by offering greater adversary access.Achievement of integrated warfare and kill chain effects while preventing that of the adversary is critical, so it is assumed that all R & D efforts would be mission relatable with germane threat assumptions vice standalone concepts /solutions. It is not desired to employ layer upon layer of costly defenses that only prevent cyber resiliency, dynamic re-configurability / response or, essentially, cyberspace maneuverability.