N211-009 TITLE: Cyber Protection for Physical Avionics Data Inputs to Navy Platforms
RT&L FOCUS AREA(S): Cybersecurity; General Warfighting Requirements
TECHNOLOGY AREA(S): Air Platforms; Battlespace Environments; Electronics
The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 3.5 of the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws.
OBJECTIVE: Research and address the holistic cyber threat posed by the transfer of aeronautical data to Navy and United States Marine Corps (USMC) aircraft by taking physical avionics data inputs to the aircraft and developing solutions to harden those input channels, protecting the data from malicious tampering and errant corruption.
DESCRIPTION: Critical aeronautical data is transferred into avionics systems to provide pilot guidance or other information used to influence pilot decisions in the cockpit. This aeronautical data may include the navigation database, vertical obstruction database, flight plans, world magnetic model, maps, and imagery. To prevent malicious tampering of this data, cyber protection needs to be implemented on all physical avionics data inputs in these airborne systems. Currently, minimal cyber-safe mechanisms are offered and only provide protection against errant corruption. No complete cyber protection set exists for the physical avionics data inputs creating a multitude of threat surfaces to be addressed. The Navy must fully identify all threat surfaces and begin to prototype protections against those threats. The following are examples of physical data threat surfaces (but by no means intended to be a complete list):
Corrupt/Invalid Source �involves the data validity of the data sourced by the data provider (Government, industry, or open-sourced); could be a result of any other type of threat surface.
Errant Corruption �a non-intentional data corruption introduced by human or computer error; also the most easily identified by mechanisms such as Cyclical Redundancy Checks (CRCs).
Proposed approaches should include, but not be limited to, a white hat analysis of all physical avionics data inputs to all Navy and USMC aircraft. For each physical avionics data input this research should identify the data flow which includes data source, transitional systems (e.g., tablet, Navy/Marine Corps Internet (NMCI), Joint Mission Planning Software (JMPS), maintenance computer), and end use. For each data flow, perform a human factors assessment to determine if the pilot decision making based on operational conditions (e.g., instrument flight rules (IFR) vs visual flight rules (VFR), approach vs cross country) and alteration of data inputs can be altered. Potential mitigation strategies should be identified for each physical avionics data input. These mitigation strategies could be process, software, or hardware solutions depending on the scenario. An evaluation of current protections, postulate new or enhanced cyber protections, and perform experimentation to determine if protections are sufficient to mitigate risk should be performed. All postulated solutions should focus on performance of the solution to prevent unnecessary burden on the aircrew that could prevent them from attaining mission success.
Utilizing the white hat analysis, firms should develop prototype solutions for the two platforms with the largest threat surface in order to provide a formal design, implementation, and formal qualification testing of protection strategies for the data chain from source to end use. Prototype solutions in this context could be hardware, software, and/or procedural guidance. To validate the initial threat surface analysis and protections implemented provide sufficient protections to avert any corrupt/invalid source, errant corruption, Denial of Service (DoS), or spoofing/hacking attack types, potential technologies will participate in a focused ethical hacking event (or Hack-a-thon). A successful demonstration of the prototype solutions would be the prevention of all attempts to infiltrate the system and successful identification and notification of operators of hazardously misleading information that would affect decisions within the cockpit.
Work produced in Phase II may become classified. Note: The prospective contractor(s) must be U.S. owned and operated with no foreign influence as defined by DoD 5220.22-M, National Industrial Security Program Operating Manual, unless acceptable mitigating procedures can and have been implemented and approved by the Defense Counterintelligence and Security Agency (DCSA) formerly Defense Security Service (DSS). The selected contractor and/or subcontractor must be able to acquire and maintain a secret level facility and Personnel Security Clearances. This will allow contractor personnel to perform on advanced phases of this project as set forth by DCSA and NAVAIR in order to gain access to classified information pertaining to the national defense of the United States and its allies; this will be an inherent requirement. The selected company will be required to safeguard classified material IAW DoD 5220.22-M during the advanced phases of this contract.
PHASE I: Determine feasibility of proposed approach by performing a white hat analysis of all physical avionics data inputs to all Navy aircraft. Provide a summary of the white hat analysis, a listing of all threat surfaces, the affected aircraft, mitigation strategies, and residual risk while also identifying gaps where analysis was non-deterministic. In the Phase I option, if exercised, develop a threat brief deployable to each platform and a Business Case Analysis (BCA). The Phase I effort will include prototype plans to be developed under Phase II.
PHASE II: Develop and demonstrate prototyping solutions for the two platforms with the largest threat surface. Provide a formal design, implementation, and formal qualification testing of protection strategies for the data chain from source to end use. Prototype solutions in this context could be hardware, software, and/or procedural guidance.
It is probable that the work under this effort will be classified under Phase II (see Description section for details).
PHASE III DUAL USE APPLICATIONS: Finalize prototype solutions and validate at a focused ethical hacking event (or Hack-A-Thon). Proofing of threat patches, if high priority topics are discovered, additional or iterative hacking events may occur to ensure completion of targeted topics (i.e., fly-fix). Transition and integrate the deployment of cyber protection strategies to naval platforms or Programs of Record.
The outcome of this topic will result in a packaged set of methodologies to protect data in transit from off-aircraft maintenance stations to on-aircraft usage to protect against both errant and malicious corruptions. Those methodologies could in turn be documented and shared with the private sector for use on Navy projects. Both the commercial sector (such as GE, Jacobs, Raytheon, Rockwell Collins, L3Harris) and other DoD services could benefit from a deployed base cyber protection suite of tools. Software, hardware, and procedural solutions would need to remain portable to multiple environments to support reuse of tools and methodologies.
REFERENCES:
KEYWORDS: cyber; collision avoidance; obstacle; database; Hazardously Misleading Information; HMI; safety; cyber protection; corrupt/invalid source; errant corruption