TECHNOLOGY AREA(S): Information Systems
The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 5.4.c.(8) of the solicitation and within the AF Component-specific instructions. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws. Please direct questions to the AF SBIR/STTR Contracting Officer, Ms. Gail Nyikon, firstname.lastname@example.org.
OBJECTIVE: Develop innovative techniques to adapt network or perception of network to thwart adversary attempt to perform reconnaissance, launch attack and successfully exfiltrate information.
DESCRIPTION: Attackers go through the process of gathering information about a target, preparing the correct and appropriate attack vector, gaining access, maintaining access and then causing harm, including removing information. If we can disrupt the attacker’s processes at any of these stages by introducing MTD techniques, we may defeat or at least delay the attack by increasing the attackers work factor and making them become more “visible” and subject to detection and eradication via other techniques. The methods developed should be compatible with existing protocols and standards so that they can be applied to most networks.
The increasing focus on network centric warfare means that the ability to protect networks will become essential to ensuring the safety of military operations. Similarly, in the civilian domain the increased use of electronic commerce and cyber-physical systems, such as industrial/home control networks, is creating a situation where the ability to resist or delay attacks will become more and more critical over time.
PHASE I: Describe & develop creative methods, techniques & tools for causing the perceived/actual picture of the network from an attackers perspective to change. Methodologies should in particular address issues of how to cause disruption & doubt from an attacker’s perspective but not add any significant error, confusion/processing to the protected network.
PHASE II: Develop, implement and validate a prototype system that utilizes the tools and methods from Phase I. The prototypes should be sufficiently detailed to evaluate scalability, usability, and resistance to malicious attack. Efficiency is also an issue that should be explored, although it is less critical than overall scalability.
PHASE III DUAL USE APPLICATIONS: Demonstrate results in relevant military and civilian applications.
KEYWORDS: moving target defense, agility, uncertainty, dynamic diversity defense
POINT OF CONTACT: David Climek, Phone: 315-330-4123, Email: email@example.com