NAVAIR looks to bolster cyber defenses for weapons systems

The Naval Air Systems Command, which is responsible for supporting the Navy’s aircraft and airborne weapon systems, is looking for across-the-board improvement in its cyber defenses for weapons and support systems.

In a recent Broad Agency Announcement, NAVAIR’s Cyber Warfare Detachment (CWD) it is interested in research and development efforts “to fill the gaps in cyber warfare capabilities for NAVAIR weapon systems to achieve the CWD strategy,” described as “secur[ing] weapon systems able to survive and exploit cyber warfare.” 

CWD—which develops and assesses cyber warfare capabilities—is mainly interested in the connectivity vulnerabilities from system to system. “[T]his BAA solicits R&D, not to simply apply IT solutions, concepts and underlying business environment assumptions, but to address cyber issues for weapon systems in a system of systems warfare environment with often intermittent or indirect ‘connectivity’ to other systems,” the request states.

R&D proposals should address critical assess points and resiliency in both legacy and future systems throughout their lifecycles. NAVAIR notes that problem areas for weapons systems can crop up anywhere along the line, from concept development to supply chain management to software development and configuration management. Systems could be tampered with even as far forward as during battle damage assessment equipment sanitization and disposal.

The proposal outlines 34 research areas of interest with eight specific areas of interest: 

1. Size, weight and power-sensitive cyber resiliency for real-time operating systems and aviation warfare environment.
2. Access-point identification, prioritization and defense.
3. Cyber-electronic warfare convergent capabilities.
4. Full acquisition cycle cybersecurity measures.
5. Cyber test, inspection and incident response concepts.
6. Cyber warning system techniques.
7. Cyber fault, risk and threat assessment methodologies.
8. Resilient network concepts.

 NAVAIR also is seeking other technologies including, “malware / C2 detection, protection, response and recovery; non-destructive/disruptive inspection; dynamic reconfiguration / re-host / compilation.” 

The first phase of proposals can be submitted any time up to May 15, 2016, the closing date, while Phase II is by invitation only based on those whose abstracts from Phase I are “considered capable of meeting existing or future program requirements.”