DHS SBIR HSHQDC-14-R-00035

OBJECTIVE:  Demonstrate a novel technology platform that is non-destructive to common environmental surfaces but capable of destroying a range of biological agents.

DESCRIPTION:  Following the release of a virulent biological agent that demonstrates persistence in the environment, thereby posing a continuing exposure risk to the public, harsh chemical technologies are typically employed to decontaminate (destroy) the hazard.  The decontamination process is known as remediation.  Currently available approaches to remediation may involve the use of acidic, caustic or other hazardous substances such as chlorine dioxide, sodium hydroxide, bleach, metal ion alkoxides, or formaldehyde.   An example of the use of such technology was the large-scale decontamination of government properties using chlorine dioxide gas following the 2001 anthrax letter events. Vaporous hydrogen peroxide (VHP) and methyl bromide, while generally having good material compatibility characteristics, are also options for decontamination of biological agents although each demonstrates limitations.  For example, high loadings of indigenous bacteria or the presence of reactive surfaces can consume hydrogen peroxide and complicate the decontamination process, while methyl bromide is an EPA-regulated gaseous chemical that depletes ozone in the atmosphere.  Enzymatic technologies also have been developed and applied for decontamination purposes.  Limitations with enzymatic processes include less than satisfactory turnover rates of a substrate molecule or enzyme deactivation when used in an operational environment.  As a result of the drawbacks or limitations to the use of the aforementioned technologies, recovery of affected areas becomes more costly and resumption of normal activities can be delayed, due to the need for extensive restoration or renovation activities.  The DHS Science and Technology Directorate seeks innovative technical approaches for the safe, efficacious, selective and environmentally-friendly destruction of persistent biological agents that can overcome the limitations of current decontamination technologies and exhibit good material compatibility characteristics.  For a biological agent, the required level of decontamination efficacy is a 6-log reduction in viable agent (99.9999% destruction) on three or more of the following environmental surfaces (e.g., concrete, wood, soil, galvanized metal, glass, plastic, painted wallboard).

PHASE I:  Develop, demonstrate and show material compatibility for an innovative, low-cost, environmentally-friendly concept for 6-log reduction of a non-hazardous, biological agent simulant (e.g., Bacillus thuringiensis or other spore-forming bacteria) on three environmental surfaces such as concrete, wood, soil, galvanized metal, glass, plastic, and painted wallboard.  Deliverables include a detailed project report showing material compatibility for a low cost and environmentally friendly solution as outlined above, as well as a project plan for Phase II, including costs, schedule and proposed subcontract arrangements, if any.

PHASE II:  Optimize the innovative technical approach and demonstrate 6-log reduction in viable biological agent simulant such as Bacillus anthracis – Sterne strain on the following environmental surfaces:  concrete, wood, soil, galvanized metal, glass, plastic, and painted wallboard. Demonstrate required efficacy can be achieved under the following three different environmental conditions:  low temperature/low humidity, room temperature/40-50% relative humidity, and high temperature/high humidity.  Demonstrate the ability to deliver the decontamination technology using commercial devices that are compatible with standard decontamination operations.  Demonstrate a small pilot-scale production process that can produce the innovative decontamination product in a safe and cost-effective manner that can be readily scaled by a qualified manufacturer for cost-effective production of large, commercial quantities.  Deliverables also include 0.5 – 1.0 kilogram of innovative decontamination technology product for independent government evaluation and a project and business plan for commercialization during Phase III, including costs, schedule and any proposed subcontract or toll manufacturing (license) arrangements.

PHASE III:  COMMERCIAL OR GOVERNMENT APPLICATIONS:  The innovative decontamination technology can be produced and supplied to the government for decontamination of public health hazards involving virulent biological agents.  Other potential and significant applications and market opportunities in the commercial sector may include pest control, mold and fungus removal, sterilization of medical facilities and sensitive equipment, water purification.

OBJECTIVE:  AMENDED TOPIC (as of May 1, 2014):  Develop innovative techniques to rapidly and automatically detect and automatically patch vulnerabilities in complex networked, embedded systems while offline.  This offline analysis and data-mining of features of large firmware image populations enables identification of vulnerabilities in the firmware of embedded devices, to support risk assessment and mitigation actions of complex software systems found throughout national critical infrastructures and systems.

DESCRIPTION:  AMENDED TOPIC (as of May 1, 2014):  Embedded systems form a ubiquitous, networked, computing substrate that underlies much of modern technological society. Embedded systems are considered to be networked even if the network connection is intermittent or occasional.  Examples include supervisory control and data acquisition (SCADA) systems, medical devices, computer peripherals, communication devices, and vehicles, and the many consumer devices that make up the “Internet of Things”. A report in January of 2014 by Proofpoint[1] indicated that about 25% of a spamming botnet was from the Internet of Things, including at least one refrigerator.  Networking these embedded systems enables remote retrieval of diagnostic information, permits software updates, and provides access to innovative features, but it also introduces vulnerabilities to the system via remote attack.  As these systems continue to grow more numerous, more complex and more interconnected, so will the need for automatic identification and response to vulnerabilities in these systems, distributed throughout our critical infrastructure networks and systems. 

AMENDED TOPIC (as of May 1, 2014):  A study by Cui and Stolfo [2] showed that an extensive number of unsecured, embedded, networked devices exist that are trivially vulnerable to exploitation by remote attackers. Furthermore, a 2012 report by McAfee Labs [3] predicted that in 2012, industrial threats to SCADA systems and industrial controller systems (ICS) will mature and that embedded hardware attacks will widen and deepen. Operational availability has taken precedence over security in this community. This state of SCADA systems was confirmed in the 2013 report by Secunia [4]. The state of the practice of security for traditional IT systems is anti-virus scanning, intrusion detection systems, and a patching infrastructure. This approach does not work well for embedded systems for a variety of reasons, including its focus on known vulnerabilities and the fact that security code can itself introduce new vulnerabilities. Embedded systems impose additional difficulties, such as strict resource constraints, hard real-time performance requirements, reliability over long periods of time, and the need for extensive verification and validation before patches can be installed [5]. 

AMENDED TOPIC (as of May 1, 2014):  Embedded system research has lagged behind general IT security research [6].  Some progress has been made in the last few years, but at best we have only kept up with the problem, the net outcome is essentially unchanged. DHS seeks to develop novel technology for automatically detecting and automatically patching vulnerabilities in networked, embedded systems. The technology should represent practical and effective techniques that can be applied to a wide-range of embedded system platforms that will increasingly be employed across the various infrastructure sectors. In addition, the techniques should be versatile such that it can be implemented on systems externally networked by various mechanisms, including, Bluetooth, Wi-Fi, radios, etc. This technology will lead to more resilient and secure embedded systems used in critical infrastructure, medical, transportation and other sectors.   Manual techniques for detecting and patching vulnerabilities are not within the scope of this topic and should not be submitted for consideration.

AMENDED TOPIC (as of May 1, 2014):  This SBIR effort is focused on the near-term needs of critical infrastructure systems and components, which is different than the focus of related work at DARPA (longer term and higher risk), NSF (foundational research that will support future improvements), and Military Service R&D organizations (near-term needs of military systems and components).  

AMENDED TOPIC (as of May 1, 2014):  The offline analysis and data-mining of features of large firmware image populations encourages a hybrid approach for vulnerability identification using host based monitoring capabilities on the device, in conjunction with offline static analysis of code and data.  Fuzzing is one approach to incorporate dynamic analysis of embedded systems, and has successfully been used for some device types, such as cell phones, to identify some vulnerabilities that are not detected with static code analysis.  The hybrid approach fits the off-line analysis envisioned in this request, rather than pipeline approach concepts needed to repair firmware exploited inside running embedded devices.  This hybrid approach (using fuzzing or other appropriate techniques and host based run-time defense) will enable:

     1.  mitigation or prevention of potential run-time threats;

     2.  offline modification of firmware to either remove or replace vulnerable code;

     3.  allowing the embedded device to act as a detector, to alert on successful exploitation of known vulnerabilities; and

     4.  using host-based capabilities to dynamically react to real-time information generated by a large population of embedded devices acting as sensors.

AMENDED TOPIC (as of May 1, 2014):  With the scope, complexity and dynamics of embedded software found throughout our national infrastructures and their various systems, hybrid approaches will be needed to address the vulnerabilities of these kinds of systems.

PHASE I:  AMENDED TOPIC (as of May 1, 2014):  Develop novel techniques for automatic detection and automatic patching of vulnerabilities in networked, embedded systems that are offline for one or more applications. Required Phase I deliverable includes monthly progress reports, a final report that details the proposed techniques, the level of vulnerability expected to be achieved by the techniques, the specific systems or types of systems that the technique(s) will benefit, the basic architecture or design to implement the intended approach, and the anticipated amount of software development required.

PHASE II:  AMENDED TOPIC (as of May 1, 2014):  Demonstrate that the techniques from Phase I can be practically and effectively applied to any general networked, embedded system connected by any external means, such as, Bluetooth, Wi-Fi, radios, etc.  These offline devices may only connect intermittently or occasionally.   Required Phase II deliverables include all documentation for the developed techniques; full architecture/design supporting the implementation; software or prototype(s) that will be demonstrated on multiple networked, embedded system platforms; monthly reports; and a final report describing the effort, including a description of remaining work to commercialize the prototype. 

PHASE III:  COMMERCIAL OR GOVERNMENT APPLICATIONS:   AMENDED TOPIC (as of May 1, 2014):  The technology will be demonstrated through a full-scale pilot in one or more civil/commercial applications, such as SCADA systems, medical devices, computer peripherals, communication devices, and vehicles. Required deliverables include a commercial service, or a technology product that can be commercialized in the private sector. For example, this technology can be integrated into a larger security software product suite (i.e., McAfee, Symantec) and would represent a specialized tool that can be applied specifically on networked, embedded systems that are offline, as opposed to current security tools designed specifically for traditional IT systems.

OBJECTIVE:  Develop a cost-effective reconstruction computing platform to perform iterative reconstruction for computed tomography (CT)-based explosive detection systems.

DESCRIPTION:  All fielded computed tomography (CT)-based explosive detection systems (EDS) in the United States create images using analytic reconstruction methods such as filtered back-projection or the direct Fourier method.  The reconstruction computing platforms (RCP) for these systems reconstruct images in real-time, meaning that systems are able to continuously scan bags without having to wait for the RCP to complete a bag.  Recent research using data from EDS equipment has shown that iterative reconstruction techniques (IRT) yield improved image quality (IQ) compared to the analytic reconstruction methods.  The improved IQ will lead to improved automated threat recognition (ATR) with increased probability of detection (PD) and decreased probability of false alarms (PFA).  That, in turn, may accommodate further expansion of the detection envelope (new threats or reduced mass quantities).  However, IRT requires thousands of times more computational operations and memory access than analytic reconstruction methods.  Therefore a RCP that supports real-time reconstruction using IRT will need more hardware and software capability, or algorithm compromises that may degrade IQ.  In order to advance the deployment of IRT, the DHS Science and Technology Directorate is seeking to investigate methods to develop a cost-effective RCP for implementing IRT.  The following three methods may be considered for this project: (1) reducing the of number of mathematical operations and memory accesses in IRT; (2) developing methods to achieve equivalent IQ as IRT using other reconstruction methods such as raw data processing or image processing; and (3) applying IRT to selective regions of bags or only on bags that are sent to secondary inspection such as on-screen resolution.  Techniques other than these three methods may be used.  In Phase I of the project, an IRT method shall be implemented based on publically available descriptions of algorithms that may have been used to reconstruct data from EDS systems.  Research shall be performed to identify possible methods to develop the cost-effective RCP that preserves most of the IQ of the publically available version of IRT. 

PHASE I:  Implement a version of IRT, which has shown to improve the IQ of scans of bags, based on algorithm descriptions in the public domain.  Investigate methods to develop a cost-effective RCP based on software, algorithmic and hardware solutions.  The deliverables include a technical report that describes methods to develop a cost-effective RCP.

PHASE II:  Design and implement a cost-effective RCP and associated IRT.  The implementation may include software, algorithmic and hardware solutions.  Deliverables include a technical report providing proof that a cost-effective RCP can be implemented that preserves most of the IQ of the publically available version of IRT.

PHASE III:  COMMERCIAL OR GOVERNMENT APPLICATIONS:  The RCP can be sourced by vendors of EDS equipment or the associated technologies can be transferred to the vendors on the payment of royalties. 

OBJECTIVE:  Develop a portable monitoring system that directly measures laser exposure relative to Maximum Permissible Exposure (MPE) limits for the evaluation of established Normal Hazard Zones (NHZs) for eye safety considerations.

DESCRIPTION:  The safe use of laser-based technologies to solve numerous challenges faced by the Department of Defense (DoD) and the Department of Homeland Security (DHS) is of immense interest. The American National Standards Institute’s (ANSI), Z136.1-2007 consensus standard, provides recommendations for the safe use of lasers and laser systems that operate at wavelengths between 0.18 micrometers (µm) and 1 millimeter (mm).  It provides guidance on how to derive NHZs based on specific laser parameters.  Laser exposure levels beyond the boundaries of the NHZ are sufficiently low (below MPE limits) that an unprotected person may be exposed without adverse biological changes in the eye or skin.  However, prior knowledge of specific laser characteristics such as: emitted wavelength(s), power level, pulse length/repetition rates and beam geometry in addition to having someone capable of calculating the boundaries of an NHZ is required.  Having a monitoring system that could either validate a calculated NHZ or even automatically derive the NHZ based on direct measurements would provide significant assurance that a fielded technology can be safely operated. 

DHS is seeking a system that can directly measure the radiant laser exposure of a laser beam, derive MPE limits based on those measurements and be used to evaluate the boundaries of an NHZ.  The interrogation of an incident laser beam shall provide all the necessary laser characteristics such as spectral, temporal, geometric and radiant exposure levels for the system to automatically derive MPEs consistent with the ANSI Z136.1-2007 standard.  DHS is seeking a single system capable of evaluating laser beams with wavelengths between 0.213 µm and 1 mm.  Higher priority will be given to system proposals covering broader wavelength ranges within these boundaries.  For example, a single system operating between 0.213 µm and 1.2 µm would be considered more desirable than a similar system operating between 0.213 µm and 0.8 µm.

PHASE I:  Demonstrate the feasibility of the proposed technical approach.  A laboratory demonstration, although not required, is desirable.  The physical basis of the proposed detection and computation technology should be described.

PHASE II:  Develop and deliver two prototypes for third party testing on mutually acceptable lasers within the 0.213 µm to 1 mm spectral range.  Mutually acceptable lasers may operate with pulsed and/or continuous wave (CW) emissions, with average and peak powers (or pulse energies) that are commercially available.

PHASE III: COMMERCIAL OR GOVERNMENT APPLICATIONS:   In addition to the numerous homeland security and defense applications, this capability can be directly utilized to evaluate the safety of laser systems used in academic research and more broadly in private industry.

OBJECTIVE:  Develop an indicator, visual or otherwise, for electric power distribution cables that allow nearby personnel to determine whether a downed power line is energized or not, creating a safer environment and facilitating a more rapid recovery following an event.

DESCRIPTION:  The impact of severe weather events on critical infrastructure can have devastating impacts. With regard to the electricity subsector, 90% of all power outages occur on the distribution system. Severe storms and natural disasters can cause a variety of safety hazards including downed power lines which create a dangerous environment for those working to recover from the damages of a weather event.  To assist in restoration and recovery efforts and reduce the number of lives lost, the DHS Science and Technology Directorate is looking for ways to minimize hazards and enable rapid recovery. 

Downed power lines may still carry live, high voltage electricity. Contact with a downed, energized power line can cause severe injury or even lead to fatality.  Safety is of utmost concern to the electric utilities and the highest priority is given to calls regarding downed power lines. Utilities also receive substantial calls for downed power lines from the public that turn out to be other types of lines, such as communications lines, that do not pose the same threat; however, they still must respond to all such calls. Crews are immediately dispatched to the affected areas to determine if the downed lines are power lines and if they are energized.  If energized, the crew will cut power to the affected area until the lines can be safely restored.  This response can drain a utility’s resources, particularly after a large event as they must tend to all calls for downed lines, regardless of whether they are energized or not, before they can begin their damage assessment and restoration process for restoring power to the community.  Additionally, the first responder’s ability to access areas with downed power lines is also hampered until a utility crew can physically come to the site to verify that any downed power lines are de-energized and the site is safe.   

The goal is for a status indicator device to determine if a downed line is energized or not and relay that status information to the electric utility as well as provide that information to anyone who may be in the vicinity of the downed line.  An example may be a sensor node in conjunction with a visual or aural indicator.  The device should capture the status of a downed line and if it is energized, an alarm, message, or notification should be sent to the utility’s operations center, in addition to providing an indication of hazardous conditions to anyone in the vicinity of the downed line.  If the downed line is not energized, the device must still provide a status both to the utility and to anyone in the vicinity.  Therefore the system must operate independently of and with minimum impact to the power line.  The device/system should also consider a communication method that is reliable when the power may be out.  The device must meet all applicable ANSI/IEEE/NESC industry standards, as well as any applicable safety and environmental standards. The device must be of reasonable cost.  It is recommended that interested parties consult or partner with electric utility companies as well as the first responder community to gain further insight into the operational environment and resulting specific requirements.   

PHASE I:  Evaluate the design of the status indicator and the system’s functionality and feasibility in an operational environment.  Complete and test the prototype subcomponent development to determine the feasibility of the design.  The final technical report will document the status indicator design, evaluate subcomponent testing / modeling results, and provide a concept of operations analysis.  

PHASE II:  Fabricate and test the prototype device system under various laboratory scenarios. Revise and finalize the design based on test results. Prepare an installation guide and/or installation toolkit. The final deliverable will be to install the device in an operational environment with a partner utility.   

PHASE III:  COMMERCIAL OR GOVERNMENT APPLICATIONS:  Potential applications of the status indicator would be applicable for all overhead distribution systems around the country. This solution could also potentially be incorporated in the operations for the first responder community.

OBJECTIVE:  Develop a hand-held or "man portable" device that will detect and quantify levels of toxic gases, vapors, and particulates commonly found in the post-fire environment.

DESCRIPTION:  Fire Investigators and other First Responders involved in a post-fire investigation require the ability to detect, monitor, and analyze the potential hazard fire gases and particulates could pose to the health of the First Responders at the scene.  Currently, the technologies most often employed by firefighters to ascertain such risks are the four gas analyzers such as the MiniRAE™[1], and a Gas Chromatography-Mass Spectrometry (GC-MS) such as seen in products like Hapsite™[2].  Both technologies have several drawbacks when applied to fire investigation.  For example, the four gas detectors have limited capability (i.e., can only detect four gases), and GC-MS devices tend to be too large (~40 lbs), take too long for analysis (approximately 10 minutes), and are cumbersome for use in a chaotic and disordered fire environment.  In addition, the current fieldable GC/MS devices are able to analyze for vapor samples but not particulates without some sort of sample preparation and typically do not currently have in their libraries all the compounds of interest that are potentially present in a post-fire scenario.  GC-MS is an analytical method which provides great analytical
power.  However, these devices, such as Hapsite™, also have a cost disadvantage when considering wide-spread fire department use, with device costs starting at approximately
$110,000.  A lightweight, low cost portable instrument that can detect gases and report on particulate load would be very beneficial for First Responder use.

The portable or hand-held device shall be intrinsically safe, small and lightweight with a goal of weighing less than 1 pound with a threshold of less than 3 pounds.  It shall be able to work in normal heat and cold conditions; operating from between 140◦F to -30◦F temperatures, water-resistant, and rugged enough to withstand a drop test of a minimum of 10 feet.  The device shall be small (goal of 4” x 3” x 1” with a threshold of 6” x 4” x 2”) and ideally be able to be adhered to or integrated with other First Responder Personal Protective Equipment (PPE), such as the Self-contained Breathing Apparatus (SCBA) or the Personal Alert Safety System (PASS).  The device shall have a minimum of a 4-hour battery life and the batteries required to operate the system shall be commercially available.  If rechargeable batteries are used, there should be an ability to swap out off-the-shelf batteries if there is no time to perform a recharge.  In addition, the long-term sustainment for the device’s sensors should allow for maintenance to be conducted by the user rather than require manufacturer involvement.  The price goal should be less than $1,500 per unit, with a threshold of less than $5,000 per unit.  The response time goal of the system should be less than 1 minute, with a threshold of less than 5 minutes.  The device should provide the capability for the user to immediately know about present dangers, and include clear (preset) audible and visual alarm indicators.  The display shall be readable in all light conditions and should display only relevant data such as an indication that the device is operating normally and/or information concerning a specific detection notification.  The device should include displays for both current and cumulative exposure levels. 

The level of detection goal for the device shall be within Permissible Exposure Limits (PEL).  The threshold for detection shall be Acute Exposure Guideline Level (AEGL) 2 at a 30-minute exposure. 

The device shall, at a minimum, monitor and detect the following gases and particulates:

• Chlorine;
• Methane;
• Carbon Monoxide
• Carbon Dioxide;
• Hydrogen;
• Hydrogen Sulfide;
• Hydrogen Chloride;
• Hydrogen Cyanide;
• Ammonia;
• Oxygen;
• Lower Explosive Limit;
• Sulfur Dioxide;
• Mercury; and
• Dection scheme must include a particle counter with user settable alarm thresholds

PHASE I:  The Phase I effort will result in a detailed technical report outlining the proposed field detection and analysis device prototype.  The report shall include the system objectives, proposed outputs, and mechanisms for operation and interoperability with present-day incident command processes and systems, as well as with firefighters’ self-contained breathing apparatus (SCBA).  The report must include how the proposed analytical and logistical (i.e., size, weight, cost, power requirements, etc.) approach is better than the commercially available detection systems.  The report must include possible risks to success and mitigation strategies to be deployed if those risks come to fruition.  It must also provide preliminary data characterizing the detection capability and observed detection limits of the chosen detection technology for the compounds in the above list.

PHASE II:   Based on the Phase I technical report, a minimum of three prototypes will be developed that provides timely situational awareness of an on-the-ground emerging threat.  These prototypes shall be interoperable with decision support systems so that data can be studied and managed appropriately.  The government customer will work with awardee to prepare a test plan for execution during this phase so that sufficient test data is collected to validate detector performance.  

PHASE III:  COMMERCIAL OR GOVERNMENT APPLICATIONS:  If a new prototype is developed that can provide a field detection and analysis device for fire gases and particulate detection, this prototype would be made available to manufacturers so that a future tool can be made available for First Responder use.