The detection efficacy of X-Ray is highly dependent on operator skill. Tools to (a) improve proficiency of operators and assess their performance and (b) provide assistance to an operator in evaluation of the threats in the images generated by the scanner. These are important capability gaps that TSA has indicated it needs to fill. This topic is aimed at bullet "b".

Transportation Security Administration (TSA)

Air Cargo is extremely complex and current operator training methods are inadequate. This is an important vulnerability since the detection efficiency of screened cargo is highly dependent on operator skill. The TSA, in consultation with cargo screening companies, freight carriers etc., has therefore identified this as a significant gap that needs to be filled quickly

TSA plans to deploy this tool at hundreds of cargo screening companies to evaluate and improve operator performance.

https://www.dhs.gov/science-and-technology/air-cargo-program

Air cargo skid screening solutions which are less than $1,00,000.00 (US) in production quantities to screen dense material in air cargo skids measuring 48"W x 65"H x 48" (or longer) deep are needed. The need for high density cargo penetration systems has been identified by the TSA (Transportation Security Administration) as a key capability gap. The end objective is an imaging scanner prototype, at a TRL of 6 or higher, that can detect explosives per classified standards concealed in dense cargo.

Transportation Security Administration (TSA) qualifies these products so that commercial TSA certified cargo shipping companies can purchase these products. Transition involves equipment passing TSA qualification tests.

There are certain air cargo commodities, such as machine and auto parts and 55 gallon drums, which are too dense for a standard X-Ray/EDS operator to make a confident determination of a possible threat based on the image. As a result, these shipments must be screened via other methods that tend to be slower and/or costlier, to include breaking down and rebuilding pallets. There is a need to be able to successfully screen a wider range of dense objects, than is currently possible. This could possibly be accomplished via software changes, hardware upgrades, ancillary equipment, or new X-Ray/EDS systems. This might include increasing transmission X-Ray penetration, pairing X-Ray/EDS with other detection technologies (e.g., neutron imaging, X-Ray diffraction), or other techniques/methods.

Almost 50% of passenger aircraft carry air cargo that needs to be screened. Unlike checked baggage, cargo equipment is bought by private screening companies that are certified by the TSA. This screening equipment needs to meet qualification standards set by the TSA so that it can be listed on their Air Cargo Screening Technology List or ACSTL. Currently there are over 750 private screening companies in the US that could be the basis of a large market for a suitable product. Additionally, ICAO has mandated that after June 2021 all air cargo globally has to be screened. This provides additional opportunities to vendors.

https://www.dhs.gov/science-and-technology/air-cargo-program

Enhanced contact and non-contact trace explosives sampling methods and prototypes that are seamlessly integrated with or integration-ready with currently deployed Explosives Trace Detectors (ETDs) and/or Next Generation ETDs. The methods and prototypes are expected to be developed and undergo Developmental Test and Evaluation at a Government laboratory. Upon successful completion of Developmental Testing and Evaluation (DT&E) phase(s), the method/prototype may be selected for advancement to Integration Test and Evaluation.

TSA Requirements and Capabilities Analysis

Non-contact distance: at least two in from the surface being screened.

Surface types to be sampled: Muslin, Nomex, Bytac, ABS plastic, vinyl, Teflon, packaging tapes, cardboard, cotton, metal, plastic zipper, and leather.

Broad spectrum threat sampling capability: Sampling capability for at least twenty explosives covering aliphatic organic nitrates, aromatic organic nitrates, organic peroxides, inorganic salts, plastics explosives, inorganic salt/fuel mixtures.

Collection efficiency: Ability to deliver >50% of the threat related trace amount to the sensor/detection engine. If a preconcentration component/method is involved, then collection efficiency is defined as the ability to deliver >50% of the threat related trace amount to the preconcentration component.

Size of object sampled: Focus on two of the following three object scales: 1. localized region of passengers' body (~200 square centimeter), 2. carry-on baggage (~0.8 square meter), 3. checked baggage (~1.3 square meter). Sampling time: <= 5 sec per sampling event.

Clear-down time after alarm (cleaning time between samples to prevent memory effect): not to exceed two minutes.

Reliability: minimal maintenance required similar to reliability specification of currently deployed ETDs.

Seamlessly integrated with or integration-ready with currently deployed Explosives Trace Detectors (ETDs) and/or Next Generation ETDs: Integration schemes may include the uses of a pre-concentration component, a desorber component, an ionization source, and/or a transfer line. Candidate technologies need to have provisions for how such integration can be accomplished. These include sizes and methods for coupling the samplers to the detection engines, what components of an ETD are to be kept and what components are to be taken out. The task of integration should not impact detection capabilities of ETDs. If detection capabilities of the ETDs are impacted (negatively) by the integration, technology developers need to devise a mitigation plan to circumvent or overcome these impacts.

TSA's Strategic Five-Year Technology Investment Plan for Aviation Security, 2017 called for the deployment of Next Generation ETDs in 2020 and the development of technologies and CONOPs that enhance the passenger experience during screening. Successful development of enhanced contact and non-contact explosives trace sampling technologies has the potential for higher return of investment by providing improved secondary screening and alarm resolution for TSA and their procurement cycle with a proven and matured technology.

The end objective is a prototype solution capable of improving the security, throughput, and/or passenger experience at the airport checkpoint or similar environments. Capabilities of particular interest include accessible property (carry-on baggage) screening systems, components, and algorithms; on-person screening systems, components, and algorithms; curb-to-gate screening capabilities and integration architectures; cyber secure architecture and capabilities; and passenger facing technologies to improve the overall user experience.

Successful prototypes will be transitioned to the Transportation Security Administration's Office of Requirements and Capability Analysis

Imagine passing through airport security without removing your coat, shoes, or laptop from its case and arriving at your departure gate with minimal delays and full confidence in your safety and security. The Department of Homeland Security (DHS) Science and Technology Directorate's (S&T) Screening at Speed program invests in technologies and techniques that will bring that vision closer to reality.

The Screening at Speed program aims to research and develop new technologies, techniques, and processes that allow aviation checkpoints to screen 300 passengers per lane and their carry-on belongings to TSA's highest security standards. New systems should reduce the divestiture of outerwear, removal of liquids and electronics from carry-on bags, and adapt dynamically to information provided by risk-based screening. Raising throughput enables technology to meet additional DHS customer requirements, including US Customs and Border Protection and Secret Service, as well as uses in the private sector such as stadiums, shopping malls, and mass transit.

Screening at Speed is evaluating the holistic aviation security architecture while growing technology development spirals, coordinated with TSA's recapitalization plans, to ensure smooth and timely technology insertion. Screening at Speed seeks to develop technologies for passenger screening by leveraging existing state-of-the-art technologies from industry, academia, national laboratories, and other government organizations. Projects should work with current systems such as Advanced Imaging Technology, Computed Tomography X-Ray systems, application programming interfaces, automated target recognition software, and secondary screening technologies and methods. Leveraging resources from other S&T projects and efforts complementary to the task is encouraged.

High throughput screening technologies are applicable to TSA as well as other DHS components. Technologies may also meet requirements from the private sector including security at stadiums, shopping malls, and mass transit facilities.

https://www.dhs.gov/science-and-technology/apex-screening-speed

Solutions will help operators better leverage data via advanced data analytic capabilities to drive better decision-making in DHS missions.

Note: TRL levels stated are a range. We are interested in technologies within this range.

DHS operational Components and greater homeland security enterprise.

This program has a preference for commercially-supportable solution versus Government-off-the-shelf, unless the solution is highly unique. Cost of the solution should be kept in mind for use cases and solutions targeting specific homeland security enterprise sectors, e.g., Are you developing a solution for a commercial infrastructure sector or first responder?

This program's preference is for solutions to be commercially supportable and hence, more affordable for DHS missions.

Enable agriculture defense against current, emerging and future unknown pathogens and pests.

Develop tools and technologies to enable preparedness and response to dissemination and spread of veterinary and zoonotic pathogens and pests by environmental pathways, animals and humans.

Expand countermeasure discovery and development for preventing new and emerging animal and plant pests and infectious diseases.

Develop and deploy user-friendly cutting-edge tools, techniques, and technologies for rapid detection and diagnosis, management, mitigation, prevention, and containment of high consequence food and agricultural pathogens and pests at local, regional and national scales.

Transition opportunities include DHS-USDA-PIADC/NBAF, DHS components (CWMD, CBP, USCG, FEMA) and commodity sectors.

The Food, Animal and Veterinary Defense (FAV D) arena faces challenges in securing the nation against foreign biological threat agents. Because these bioagents are infrequently encountered or unknown in the US, rapid and accurate diagnosis poses one of the challenges in protecting agricultural commodities and preventing further transmission to nearby operations including farms. Highly transmissible infectious diseases such as Foot and Mouth Disease, Avian Influenza and African Swine Fever pose threats to livestock, with the potential to cause significant national economic loss and food insecurity. The latest outbreak of African Swine Fever disease on the European and Asian continents, reinforces the importance of biosecurity in the agricultural domain.

While vaccine development for known agents continue to progress, shorter term research and identification of countermeasures are also imperative as a means to avert potential introduction and spread of current and emerging threat agents. In addition to prophylactic and treatment of diseases, countermeasures of interest may include products that accelerate rapid response capabilities, cross protection, and emergency preparedness and response planning to contain high consequence threat agents.

DHS Science and Technology Directorate provides cutting edge R&D solutions to the Food, Animal and Veterinary Defense (FAV-D ) program by addressing gaps and requirements in the food and agriculture continuum. In coordination with the Countering Weapons of Mass Destruction (CWMD) office and other DHS components (CWMD, CISA, FEMA), the FAV-D program seeks R&D solutions to address DHS operation requirements to protect, prevent, mitigate, respond to, and recover from catastrophic events related to intentional or natural introduction of high consequence threat agents affecting livestock, wildlife, and plants.

Transition opportunities include federal and state departments and agencies with responsibilities for monitoring, protection, and surveillance of transboundary animal and plant pathogens and pests. This would include DHS-USDA-PIADC/NBAF, and DHS components (TSA, USCG, and FEMA).

HSPD Presidential Directive 9 (https://fas.org/irp/offdocs/nspd/hspd-9.html)

National Biodefense Strategy (https://www.dhs.gov/coronavirus/presidents-biodefense-strategy) FAV-D Program requirements and capability gaps (i) capabilities to characterize agents related to high consequence pests and pathogens, most prominent of which is African Swine Fever and other high priority transboundary pests and pathogens (ii) targeted advanced development of vaccines and companion diagnostics to mitigate transboundary foreign animal diseases (iii) rapid containment of pest and pathogen spread, and dissemination, and, (iv) screening tools and job aids at inspection sites along the food continuum

The end objective of this effort is to transfer the advancement of tunnel detection technologies to enhance the mission capability of CBP and ICE to disrupt, mitigate, and investigate clandestine criminal subterranean cross-border activity. The solutions must be operationally relevant, measurable, beneficial, and consistent with the documented priorities and needs of the DHS Component customer.

U.S. Customs and Border Protection (CBP) and U.S. Border Patrol (USBP), U.S. Immigration and Customs Enforcement

U.S. Customs and Border Patrol (CBP) and U.S. Immigration and Customs Enforcement (ICE) have long sought an effective and covert solution to locating the underground pathways that defy U.S.-Mexico border security. Tunnel detection capabilities currently in use were designed and developed to locate land mines or identify natural gas and oil deposits. However, this re-purposed technology is not necessarily suited to the front-line needs of Border Patrol agents.

DHS S&T is working to facilitate the development of reliable, easily deployable tunnel detection solutions that will locate and characterize the tunnels before they become operational. Proposed systems should fulfill, but not be limited to, the following requirements:

1. Easy-to-Use
2. Easy-to-Deploy
3. Work in variable weather conditions
4. Work at variable altitudes
5. Work in variable geologies
6. Work in densely populated urban centers or sparsely populated areas
7. Not interfere with Component customer standard operations
8. Not cause disruptions of civilian services
9. Have a low false alarm rate in the areas of detection and classification

Industry participants chosen to take part in DHS S&T Tunnel Detection Programs will execute projects with the ultimate objective to fulfill the key requirements defined by DHS Component customers. DHS S&T funded projects will have clearly defined transition requirements consistent with the needs of DHS, S&T, and Component customers.

The end objective of any ABT project is to transfer the advancement of aircraft technology (manned and/or unmanned) to enhance the mission capability of the DHS Operational Components and the extended HSE.

The enhancement must be operationally relevant, measurable, beneficial, and consistent with the documented priorities and needs of the mission partner.

DHS Components: CBP, USBP, USCG, HIS, ICE, USSS, FPS, FLETC, CWMD, CISA, I&A

Key challenge areas include the following:

• Effective, small, lightweight, and affordable small ISR sensor packages that can be easily integrated into the current DHS sUAS operational assets
• Technologies to enable FAA compliant sUAS operations beyond visual line of sight of the operator
• Autonomous and automated vehicle to vehicle (V2V) communications among sUAS and manned aircraft to enable collision avoidance
• Tracking of non-compliant and evasive land based and maritime contacts who employ denial and deception tactics to avoid detection and tracking
• Remote detection of explosive and illicit materials
• Innovative low-cost technologies to enable greater hours of flight operations
• Counter ISR capabilities

As a result of awards through this LRBAA, industry partners may become well positioned for additional rewards through the component's acquisition lifecycle. These opportunities are evaluated on a case by case basis with the component's acquisition teams.

The end objective is to transfer the advancement of C-UAS technologies to enhance the mission capability of the DHS Operational Components and the extended Homeland Security Enterprise.
The enhancement must be operationally relevant, measurable, beneficial, and consistent with the documented priorities and needs of the mission partner.

DHS Components Customers may include, but not limited to: Federal Protective Services; U.S. Coast Guard; U.S. Secret Service; U.S. Customs & Border Protection; Transportation Security Agency;

• Detection and Tracking of Class 1 unmanned aircraft at distances greater than 3 kilometers with direct line of sight.
• Assessment of unmanned aircraft intent based on flight behavior, and payload at distances greater than 1 kilometer.
• Detection and Tracking of ground control stations in non-line of sight conditions at distances less than 2 kilometers.
• Accuracy of 10 meters or less for reported location and tracking information of unmanned aircraft and ground control stations
• Mitigation of Class 1 unmanned aircraft at distances greater than 1 kilometer for all flight modes.
• Seamlessly integrated with or integration-ready with command and control modules, government developed signature libraries, common operating pictures, and third party developed sensors, components, or accessories.
• Ability to merge data from disparate sources (I.e. different sensor modalities) such that the resulting information stream reduces uncertainty and inaccuracies that might be present when viewing ? data from each source individually.
• Integration of Remote ID and similar broadcast information for situational awareness and assessment of intent.
• Low collateral effect UAS mitigation technologies for use in highly populated areas or mass gathering events.
• Forensic analysis and exploitation of recovered aircraft.

As the commercial market grows and UAS become more readily available, nefarious use of UAS becomes a greater threat to the homeland security enterprise. Bad actors are increasingly using UAS for surveillance, reconnaissance, illicit conveyance, targeted attacks, disruption of operations, and other hostile actions. Advances in technology have made UAS cheaper, more capable, and widely available. These advances will continue to accelerate.
To protect the nation against this increasing UAS threat, Congress enacted the Preventing Emerging Threats Act of 2018 to provide DHS personnel with authorities to mitigate credible UAS threats to the safety or security of certain facilities and assets ("covered assets") as defined by the statute and identified by the Secretary of Homeland Security. DHS S&T plans to integrate, test and evaluate promising technologies through this LRBAA and pilot select technologies in operational environments with DHS Components. In parallel, DHS Components are planning their own acquisition programs to begin C-UAS procurement and operations to protect our country, people and critical infrastructure.

Counter Unmanned Aircraft Systems Legal Authorities Fact Sheet (https://www.dhs.gov/publication/st-counter-unmanned-aircraft-systems-legal-authorities)

The Maritime Border Security Program at the Department of Homeland Security Science and Technology Directorate will develop, and transition cutting edge technology to the Homeland Security Enterprise to safeguard and facilitate lawful trade while disrupting and dismantling transnational and criminal and terrorist organizations.

The capabilities developed through the MDA Pilots research activity will provide its DHS component customers with new maritime surveillance capabilities enhancing cross stakeholder information sharing. Once technologies are transitioned, DHS will have enhanced, unique maritime surveillance capabilities that can be applied on a broader scale.

US Coast Guard; CBP; ICE

Background:

The United States has over 95,471 miles of coastline. The US Coast Guard (USCG) is responsible for the safety, security, and stewardship of the coastline's exclusive economic zone (EEZ). The Coast Guard is responsible for Maritime Domain Awareness (MDA), which is the effective understanding of anything associated with the global maritime domain that could influence the security, safety, economy, or environment. US Customs and Border Protection (CBP) Air and Marine Operations (AMO) and the United States Border Patrol (USBP) requires MDA in order to achieve maritime border security. Numerous threats exist threatening American citizens and their coastlines, from drug and human traffic smuggling, to search and rescue efforts, to piracy, and to illegal fishing. USCG and CBP mitigate these threats to Americans through MDA. Through enhancing unrelenting maritime surveillance capabilities in US ports and coastlines, and improving dark vessel detection, tracking and interdiction capabilities, the USCG and CBP will be able to achieve enhancing, innovative, and novel maritime surveillance capabilities.

• Small, dark, and fast-moving target of interest
• Covert vessels
• Varying climate and meteorological conditions
• Bad actors attempting to blend with legitimate traffic
• Limited, high bandwidth communication over long distances
• Limited users to operate and respond to targets of interest
• Illegal trade and travel across maritime borders
• Smuggling, trafficking, and illicit activities through maritime pathways

The technologies may be transitioned to USCG and CBP for operational use at US ports, borders, and coastlines. They also may be of interest to US Navy's littoral mission spaces.

Commercial opportunities include harbor security and critical infrastructure protection by DHS CISA, state and local governments, as well as private entities. Technologies may be used in search and rescue operations and emergency management by FEMA, state and local governments, and private entities. They may also be of interest for interdiction of illegal fishing by US Fish and Wildlife service

Technologies may be transitioned as whole systems or using a Data-as-a-Service model.

https://www.mycg.uscg.mil/Missions/
https://www.mycg.uscg.mil/Missions/Maritime_Law/
https://www.cbp.gov/border-security/air-sea/missions
https://www.cbp.gov/sites/default/files/assets/documents/2016-Nov/AMO Vision 2025.pdf

These efforts will establish and leverage innovative and robust science-based capabilities to provide the DHS and federal partners with data and knowledge products which inform requirements and acquisition decisions. Impacts include (1) realizing economies of scale in acquisition planning, (2) enabling enhanced interoperability across mission sets, (3) improving and streamlining DHS Components' source selections to definitively determine best-value solutions for any mission.

These efforts will inform DHS entities about the availability and base capabilities of current and new biometric acquisition and/or recognition system performance; to collaborate with industry to shape the direction of biometric system development, and; to support ad-hoc requests concerning existing and emerging DHS biometric use cases.

Customs and Border Protection; Transportation Security Administration; Office of Biometric Identity Management

DHS components require more effective identity and biometric capabilities to improve screening and inspection of people accessing secure federal facilities as well as arriving in, departing from, and traveling within the United States. These capabilities must balance security concerns with ongoing needs to facilitate lawful trade and travel, by improving accuracy, flexibility, and scalability of solutions.

DHS components' strategic plans include increasing the use of biometric screening of travelers at Air, Land, and Sea Ports of Entry (POE). This is to address security concerns but must also handle increases in traveler volume to traveler inspection operations in order to strengthen traveler vetting and scale operations to continue to facilitate lawful and legitimate travel

CBP Entry-Exit Program
TSA Touch-less Checkpoints Program
OBIM Futures Identity RDT&E

Objective 3.5 in the DHS Biometrics Strategic Framework requires DHS components to "Implement Standard Solutions" as a mitigation for operational and programmatic gaps pertaining to undisciplined acquisition of biometric technology. Standardization of biometric acquisition systems facilitate interoperability resulting in an improved ability to share data collected in the field across the Homeland Security Enterprise (HSE). S&T leverages its full matrix of services to pursue R&D of both proven and standards based biometric technologies best suited to component use cases.

The end goal is mitigation of Distributed Denial of Service (DDoS) attacks or protection for relevant networks and communication channels from Denial of Service attacks.

Efforts that provide tools and/or techniques for situational awareness and identify Denial of Service (DoS) attacks on relevant networks and communications channels, including differentiating between DDoS and other disruptions on relevant networks are of interest. These disruptions may occur at various layers of the network.

Efforts that provide mitigation techniques/tools, recovery techniques/tools, or protection to relevant networks and communication channels are also of interest. These efforts may leverage existing policies and practices or adopt existing technologies for near term protection. Novel approaches for understanding and mitigating new forms of DDoS against relevant networks and communication channels are encouraged.

Cybersecurity and Infrastructure Security Agency (CISA) Emergency Communications Division (ECD), CISA Critical Infrastructure

Denial of service attacks can affect many aspects of networking, from the application layer to the network itself. Attacks may be multi-pronged, using several attacks simultaneously or be used to distract from a more focused and damaging attack. For critical infrastructure, such as 911 systems, there have been deaths reported because the system was not available when needed.

The state of the art mitigation technique is to "scrub" the data, sending all the victim's data to a scrubbing center and removing the attack traffic while returning the "good" traffic to the victim. This approach can be quite expensive, beyond the means of many small to medium sized businesses. The drop rate for "good" traffic can border on the unacceptable as well. For some critical infrastructure networks such as a public safety answering point (PSAP), a TDoS attack or call flood can prevent the PSAP from answering emergency calls.

Significant work has been done in several areas of DDoS defense. In particular, authentication for voice calls is now available for several types of calls, such as calls from "do not originate (DNO)" phone numbers or numbers that have never been assigned to a phone. However, much work remains to solve the DDoS problem, especially for niche network types. In particular, very little work has been done to provide situational awareness for DDoS Defense, where other network disruptions may masquerade as a DDoS attack. Understanding the situation is critical to an appropriate response to the network issues. Some network types require adaptation of standard techniques/tools or creation of new techniques/tools to mitigate and recover from a DDoS attack.

DDoSD solutions should be low cost and available to resource-constrained small or medium sized businesses and municipalities.

There is a great need for DDoSD situational awareness, identification, mitigation recovery, and/or protection for relevant networks and communication channels. NG911 in particular is very vulnerable to TDoS attacks, as well as DDoS attacks from the network. Internet of Things (IoT) devices are often compromised and used in such attacks. Protecting relevant networks, such as those comprised of IoT devices in critical infrastructure (e.g. building controllers at facilities such as PIADC) is necessary, as is protecting other networks.

Some projects, such as those protecting 911 voice systems, have a cross-over market in-call center protection that is sustainable commercially.

https://en.wikipedia.org/wiki/Denial-of-service_attack
www.cisecurity.org/white-papers/cis-primer-telephony-denial-of-service-attacks
Akami-DDoS-Your guide to DDoS attacks

Predictive Analysis, as applied to cybersecurity, is the ability to identify potential cyber threat vectors and determine the probable course of action for each threat. These findings should be presented automatically, with human-in-the-loop if desired, but not required. Presentation should be in an easily understandable format, to allow resource management to address threats as they evolve. Predictive Analysis may be applied at any phase or stage, from fully protected to compromise and recovery. All types from fully protected to compromise and recovery. All types of cyber threats may be considered.

Cybersecurity and Infrastructure Security Agency

Prediction of cyber threats allows the development of mitigation and recovery strategies before an attack occurs. With the collection of large data sets and machine learning or artificial intelligence algorithms, some cyber events may be predicted with enough time to do the required development, actually preventing or deflecting attacks so that little damage may occur. This is the cutting edge of cyber security, and requires large data sets and trust networks.

The Networking Information Technology Research and Development (NITRD) report by Martin Stanley of Cybersecurity and Infrastructure Security Agency (CISA) lists cyber analytics as a high priority item for CISA.

Analyst Report 2019 Gartner Market Guide for AIOps Platforms
https://www.convergetechmedia.com/predictive-analytics-future-cybersecurity/

The development of technologies that secure and add resilience to the mobile ecosystem that support DHS use cases.

CISA, CBP, FEMA, TSA, Civilian Federal Government, DoD

The DHS Study on Mobile Device Security identified threats to, and security challenges in, mobile network infrastructure that could negatively impact the Government's use of mobile technologies. It also identified the need for government research and development (R&D) to address the risks. R&D is still needed to develop and implement improvements in security and resilience of critical mobile communications networks to enable DHS use-cases.

The Mobile Security R&D program is partnering with all DHS components and collaborating with several organizations to facilitate piloting, transition, and adoption of the technologies developed under the program. This provides an opportunity to fine-tune requirements, align to and influence development of federal standards or criteria, and conduct pilots with real-world applications. The partners will provide support in developing requirements and use cases, providing information, insights, and access to information technology architecture, offering feedback and evaluation of developed R&D, and contributing in-kind resources associated with testing.

https://www.dhs.gov/publication/st-mobile-device-security-study
https://www.dhs.gov/publication/st-securing-mobile-applications-first-responders
https://www.dhs.gov/publication/st-mobile-device-security-fact-sheet
https://www.dhs.gov/publication/st-mobile-security-rd-program-guide

Develop or provide software assurance tools, including making combinations of tools easier to use and to understand the results of such tools. This may be provided as a cloud service or as a stand-alone product. Both static and dynamic analysis tools or access to tools are desired. Code coverage metrics should be provided for any tools proposed or supported.

Additional desired activities include improving the software assurance ecosystem in novel or unique ways. This allows for a broad spectrum of activities, limited only by the creativity of the proposer.

National Risk Management Center (NRMC)

Software errors remain prominently in cybersecurity breaches; even in good to excellent code, there are thousands of errors that may be exploited for every million lines of code. There is much work to be done in this area, from training students to security when coding, encouraging software developers to actually use software assurance tools, and ensuring the tools themselves are effective in discovering errors that need correction.

Cybersecurity and Infrastructure Security Agency (CISA) has listed software assurance as an area of interest.

https://continuousassurance.org/
https://www.dhs.gov/science-and-technology/stamp#
https://www.bluerisc.com/threatscope/

S&T goals are to provide our customer base - TSA and the Homeland Security Enterprise (HSE) - with the tools, techniques, and knowledge to better understand, train, and utilize the detection canine and improve proficiency of the DHS/HSE detection canine teams. Additionally, S&T is focused on providing an enduring research and development capability to the Homeland Security Enterprise with a unique focal point and knowledge base for detection canines by establishing a scientifically rigorous, statistically significant approach for the detection canine community that is currently absent in the industry.

Knowledge products and methodologies has the potential to transition to operating components in DHS and State and Local Law Enforcement within the Homeland Security Enterprise, who maintain detection canines for the execution of their appointed missions.

Detection focus is not limited to explosive threats, but includes all detection canine threat vectors including narcotics, firearms detection, human detection, cadaver detection, infectious disease detection, and currency. Operational efficacy, safety and cost are major metrics of success.

The potential exists for licensing and commercialization of tools and knowledge products that may serve the over 16,000 detection canine teams nationwide across all threat disciplines. Knowledge products and methodologies have been successful in receiving patents and facilitated various levels of commercialized products

https://www.dhs.gov/science-and-technology/detection-canine

This project aims to develop a capability that can be commercialized to enhance security against the vehicle ramming threat, with particular emphasis on special events.

CISA and public and private sector owners and operators of critical infrastructure and manufacturers, distributors, and retailers of commercial vehicle ramming mitigation technology

Through CISA's partnership, it is apparent that there is no cost effective, easy to use, and commercially available vehicle ramming mitigation technologies that can be leveraged as part of security procedures. As a result, security planners have to use larger vehicles or expensive, immobile barriers to create perimeters around a special event. There are also significant limitations on budgetary impacts from liability and restoration.

The end users would be public and private sector stakeholders responsible for security during special events. These events include sporting events, festivals, parades, and many other events often limited in the level of support received from local law enforcement and other levels of government, making the implications of this technology extremely vast. The number of potential lives saved can amount to hundreds or thousands depending on the type of event, support received from local law enforcement and federal government if identified as a National Special Security Event (NSSE) or Special Events Assessment Rating (SEAR) 1-5, and location of the venue.

https://www.congress.gov/bill/115th-congress/house-bill/4227
https://www.dhs.gov/securing-soft-targets-and-crowded-places

DHS S&T seeks to ensure rigorous, high quality data to understand the nature of threats in the United States; provide independent, objective assessment of activities to ensure that DHS can continually improve and understand the outcomes, impacts, and unintended consequences of investments in threat prevention; and, ensure the most up-to-date scientific information from around the world is readily available to DHS and DHS enterprise decision-makers for science-informed policy and practice.

DHS Targeted Violence and Terrorism Prevention (TVTP); DHS Policy; DHS Components and state, local and private organizations; Law enforcement and first responder organizations

DHS S&T will conduct work in 4 principle areas to support the TVTP mission. They are:

1. Evaluation research to determine what works, what doesn't, and what's promising in TVTP including Federal, state, and local efforts, tools, and practices;
2. The development, analysis, and reporting and interagency sharing of scientific data on the nature of targeted violence and threat prevention crimes, organizations, and individuals in efforts to understand where, when and how to best intervene and prevent future attacks;
3. Develop and deliver new capabilities to support stakeholders across the DHS enterprise in prevention;
4. Coordinate and collaborate across the interagency and international research communities to ensure efficient delivery of cutting-edge knowledge, data, and technologies to support the Department, S/L/T stakeholders to include but not limited to law enforcement and first responder organizations.

TBD

https://www.dhs.gov/sites/default/files/publications/19_0920_plcy_strategic-framework-countering-terrorism-targeted-violence.pdf
https://www.dhs.gov/sites/default/files/publications/20_0115_plcy_human-trafficking-forced-labor-child-exploit-strategy.pdf

DHS S&T seeks to improve adoption of new technologies to improve national security. Because the selection and adoption of new technologies often requires a substantial investment of organizational time and resources, ensuring that the technology can be successfully embedded within the organization's structure and culture and used efficiently and effectively by employees remains an important priority. This research will increase the understanding of how organizations operate and interact both internally and with constituents that leads to transition a technology into the organizational context.

DHS Components and state, local and private organizations; Law enforcement and first responder organizations; DHS Policy

This work can support any DHS component or SLTT agency. Additionally, test cases for research can be completed across a range of new and emerging technologies. DHS S&T is focused on work in XX key areas to improve technology adoption. They are:

1. Fundamental research to develop a theory of public agency adoption of new technologies;

2. Assessments of workforce acceptance to enhance facilitators and mitigate barriers to adoption of new technologies;

3. Enhance understanding of public perceptions of new technology - including concerns around safety, privacy, and civil liberties;

4. Providing recommendations to operational customers on strategy, policy, and communications needs to increase the probably of successful technology adoption.

A technology that improves PNT resilience, is likely to be adopted by critical infrastructure PNT end-users, and has a path to transition and/or commercialization.

DHS Cybersecurity and Infrastructure Security Agency (CISA) - National Risk Management Center - is interested in developing these technologies for use in Critical Infrastructure

Position, Navigation, and Timing (PNT) data services are critical to the operations of multiple critical infrastructure sectors, such as communication and transportation. As the Nation's critical infrastructure assets, networks, and systems have become much more interdependent across vast regions, crossing jurisdictional/national boundaries and time zones, the need for accurate and precise PNT services is vital to the continued functioning of infrastructure. The 16 critical infrastructure sectors' increased dependency on timing services leaves them potentially vulnerable to disruption; the potential severity of impacts and possible cascading effects from denial of timing services has not been fully explored.

National Security Presidential Directive-39 (NSPD-39: 2004) requires DHS to develop backup capabilities to mitigate Global Positioning System (GPS) disruptions in coordination with the Department of Transportation, and "identify space-based positioning, navigation, and timing requirements for homeland security purposes to the Secretary of Transportation, and coordinate the use of positioning, navigation, and timing capabilities and backup systems for homeland security purposes by Federal, State, and local governments and authorities."

DHS CISA National Risk Management Center has identified the need for resilient PNT as a key programmatic goal. This work will initially focus on the timing portion of PNT services used throughout critical infrastructure. In 2019, CISA identified "Provide Positioning, Navigation, and Timing Services" as one of the National Critical Functions.

Opportunities for higher return on investment include patents and licenses and/or commercialization.

https://www.cisa.gov/national-critical-functions-set

By providing a low-cost device that interfaces wirelessly with modern smartphones, low bandwidth data including position location information (PLI), text messages and other customer-provided payloads can be transmitted and received by DHS users in remote environments that do not have commercial infrastructure like cell towers. This effort will enable tactical air, land, and maritime information sharing to provide agent safety and increase agent situational awareness.

CBP, DNDO, FEMA, ICE, USCG, USSS

DHS S&T is looking for low-cost communication devices with the following characteristics:

• Must work off-grid, with no local infrastructure required.
• Lightweight, must weigh less than 5 ounces.
• Low-cost, must cost <=$200 each for 20,000 quantity, ~$400 each for quantity 50.
• Unit must be environmentally protected, IP67 rated or better.
• Battery life must be >=24 hours per charge.
• Battery charger must be same as standard cell phone chargers, micro-USB, USB-C, etc.
• Size must be 8" or less in length, 2" or less in width, 2" or less in depth.
• Antenna must be integrated into unit with industry-standard external antenna port that becomes enabled in the presence of an antenna for integration into a vehicle, aircraft, vessel, etc.
• Must be able to receive data from modern smartphones wirelessly using Bluetooth, WiFi or other common smartphone communications method. Wired connection can be an option, but it must contain wireless connection. If wired connection is used, it will need to work with stock Android OS 6.0+ without the need for special rooting of the device or special applications to make the interface work.
• Must provide an open API/SDK to allow custom payloads with target size of 1KB per data transmission.
• Radio frequency preferable in U.S. ISM bands for HF, VHF, UHF. Frequency can be outside U.S. ISM bands but NTIA certification plan must be addressed.
• Must be capable of secure/encrypted communications with smartphone using AES-256 bit encryption. When the device is encrypted it will only communicate with other devices on the same encryption key, no communication with non-keyed devices will take place to mesh data unless it has the same encryption key.
• Mesh networking capable up to 30-50 nodes with a minimum of 4 hops in a 10 square mile area.
• Power less than or equal to 5 Watts.
• No subscription costs.
• No vendor hosted server infrastructure to setup devices (encryption, frequencies).
• Ability to fully program radio via API/SDK for encryption keys, frequencies, and all setup with Android Application. iOS app not immediately required but must address plan and cost.
• Ability to toggle message Tx/Rx receipt flag on messages.
• Must contain external emergency beacon button on the device case that transmits an emergency message across the API/SDK.

Investment in this technology supports many tactical users within DHS components and will provide real-time situational awareness and sharing of timely and actionable information in support of law enforcement operations across our air, land, and maritime borders. This capability could also be used by the public sector for secure, mobile, low-cost communications without reliance on commercial infrastructure or in locations where commercial infrastructure is not available, or where it has been degraded due to natural disasters.

Any or all of the following:

Cybersecurity and Infrastructure Security Agency (CISA) - National Risk Management Center, public and private sector owners, operators of critical infrastructure and manufacturers, distributors

DHS recently released its "Strategy for Protecting and Preparing the Homeland Against Threats of Electromagnetic Pulse and Geomagnetic Disturbances" (as required in 6 USC 121(d)) that defines a vision where the United States is prepared for extreme electromagnetic incidents and capable of quickly restoring critical infrastructure and supporting communities to fully recover. This strategy is aligned with the statutory direction to the Department in 6 USC 195(f) that current efforts must take further action to mitigate the impact of EMP and GMD on critical infrastructure. Action includes completing objective scientific analyses, identifying critical utilities and national security assets and infrastructure that are at risk from threats of EMP and GMD, and analysis of technology options available to improve the resiliency of critical infrastructure to threats of EMP and GMD.

Both GMD and EMP are low probability/high consequence scenarios that challenge effective policymaking. Science and technology advancements in the following topic areas will clarify our understanding the threat and impacts and improve our ability to mitigate the consequences.

Additional Transition Customers: retailers of energy system (i.e., electrical grid and natural gas and petroleum pipelines), communications, water and wastewater systems, and transportation equipment.

The key objective of this area of research and development is to identify, characterize and understand risks and opportunities associated with emerging advanced computing technologies.

This research and development will support the development of knowledge and evidence for cross cutting technology innovations that can be translated to mission outcomes for S&T Programs, Component Programs and/or DHS Acquisition Programs.

Advanced Computing is a newly established technical focus for topics related to the future, a three to five year horizon, of computing for homeland security applications and missions. The topics identified are cross-cutting and related to future critical missions of the Department. Topics can be focused on risks and/or opportunities associated with emerging technologies related to advanced computing. We have explored and continue to be interested in scalable near real-time computing, secure multi-party computing, visual question answering, edge to cloud computing strategies, hybrid cloud computing, software assurance for industrial control systems and quantum computing applications for homeland security.

Concepts, studies, prototypes and characterizations are often communicated across the Department in the form of technical reports, briefings and technical recommendations that are used to inform future DHS technical requirements, program formulations and acquisition strategies.