Past Solicitations
BAA 11-02
Cyber Security Research And Development Broad Agency Announcement

The Department of Homeland Security (DHS) Science and Technology (S&T) Homeland Security Advanced Research Projects Agency (HSARPA) Cyber Security Division's (CSD) announce a Broad Agency Announcement (BAA) for Fiscal Year 2011 to improve the security in both Federal networks and the larger Internet. This Broad Agency Announcement (BAA) seeks ideas and proposals for Research and Development (R&D) in 14 Technical Topic Areas (TTAs) related to CSD. The total estimated value of this acquisition is $40 million. Cyber attacks are increasing in frequency and impact. Even though these attacks have not yet had a significant impact on our Nation's critical infrastructures, they have demonstrated that extensive vulnerabilities exist in information systems and networks, with the potential for serious damage. The effects of a successful cyber attack might include: serious consequences for major economic and industrial sectors, threats to infrastructure elements such as electric power, and disruption of the response and communications capabilities of first responders. The DHS S&T mission is to conduct, for homeland security purposes, research, development, test and evaluation (RDT&E) and timely transition of cyber security capabilities to operational units within DHS, as well as local, state, Federal and operational end users in critical infrastructure. Cyber security is defined in broad terms to encompass the usual attributes of security, as well as reliability, availability, and survivability in the face of adversary attack and accidental fault, while preserving privacy. DHS S&T invests in programs offering the potential for revolutionary changes in technologies that promote homeland security and accelerate the prototyping and system prototype demonstration in an operational environment of technologies that reduce homeland vulnerabilities. A critical area of focus for DHS is the development and deployment of technologies to protect the nation's cyber infrastructure, including the Internet and other critical infrastructures that depend on computer systems for their mission.

Topics

TTA 01 - Software Assurance

The nation's critical infrastructure (energy, transportation, telecommunications, banking and finance, and others), businesses, and services are extensively and increasingly controlled and enabled by software. Vulnerabilities in that software put those resources at risk. The risk is compounded by software size and complexity, the ways in which software is developed and maintained, the use of software produced by unvetted suppliers, and the interdependence of software systems. Software quality addresses the presence of internal flaws and vulnerabilities in software threatening its correct or predictable operation and use. Software assurance deals with the root of the problem by improving software security.

TTA 02 - Enterprise-Level Security Metrics

Defining effective information security metrics has proven difficult, even though there is general agreement that such metrics could allow measurement of progress in security measures and, at a minimum, rough comparisons of security between systems. Metrics underlie and quantify progress in many other system security areas. "You cannot manage what you cannot measure," as the saying goes; the lack of sound and practical security metrics is severely hampering progress both in research and engineering of secure systems. However, general community agreement on meaningful metrics has been hard to achieve. This is due in part to the rapid evolution of IT, as well as the shifting locus of adversarial action.

TTA 03 - Usable Security

Although the problem of achieving usable security is universal - it affects everyone, and everyone stands to benefit enormously if usability is successfully addressed as a core aspect of security - it affects different users in different ways, depending on applications, settings, policies, and user roles. The guiding principles may indeed be universal, but there is certainly no general one-size-fits-all solution.

TTA 04 - Insider Threat

Cybersecurity measures are often focused on threats from outside an organization, rather than threats posed by untrustworthy individuals inside an organization. However, insider threats are the source of many losses in many critical infrastructure industries. In addition, well-publicized intelligence community moles such as Aldrich Ames have caused enormous and irreparable harm to national interests. This TTA focuses on insider threats to our cyber systems, and presents a high-impact research program that could aggressively curtail some aspects of this problem. At a high level, opportunities exist to mitigate insider threats through aggressive profiling and monitoring of users of critical systems, "fishbowling" suspects, "chaffing" data and services by users who are not entitled to access, and finally "quarantining" confirmed malevolent actors to contain damage and leaks while collecting actionable counter-intelligence and legally acceptable evidence.

TTA 05 - Secure, Resilient Systems and Networks

Survivability is the capability of a system to fulfill its mission, in a timely manner, in the presence of attacks, failures, or accidents. Part of the survivability attribute of systems and networks includes being secure and resilient to attack. This is meaningful, in practice, only with respect to well-defined mission requirements against which the survivability can be evaluated and measured.

TTA 06 - Modeling of Internet Attacks

This TTA researches, develops and applies modeling and analysis capabilities to predict the effects of cyber attacks on Federal Government and other critical infrastructures. Two main areas are identified: malware and botnets; and situational understanding and attack attribution.

TTA 07 - Network Mapping and Measurement

The protection of cyber infrastructure depends on the ability to identify critical Internet resources, incorporating an understanding of geographic and topological mapping of Internet hosts and routers. A better understanding of connectivity richness among ISPs will help to identify critical infrastructure. Associated data analysis will allow better understanding of peering relationships, and will help identify infrastructure components in greatest need of protection. Improved router level maps (both logical and physical) will enhance Internet monitoring and modeling capabilities to identify threats and predict the cascading impacts of various damage scenarios.

TTA 08 - Incident Response Communities

Cyber security incident response (CSIR) teams, individuals, and communities have historically consisted of people and organizations that have been "in the right place at the right time." Only recently has the community begun to specify the skills, abilities, structures, and support to create an effective and sustained incident response capability. While there is a good understanding of the technologies involved in CSIRTs, the operational community has not adequately studied the characteristics of individuals, teams, and communities that distinguish the great CSIR responders from the average technology contributor. In other areas where individual contributions are essential to success, e.g., first responders, commercial pilots, and military personnel, there have studies of the individual and group characteristics essential to success. To optimize the selection, training, and organization of CSIR personnel to support the essential cyber missions of DHS, a much greater understanding and appreciation of these characteristics must be achieved.

TTA 09 - Cyber Economics

Today cyber crime pays. So does cyber-espionage. The state of cyber security today is, and in the future will be, significantly affected by economic conditions and factors. Cyber crime and espionage are making their own economic markets today, having gone well beyond the "script kiddie" and "hacker" personas to mature into big business on a global level. Gaining an understanding of the incentive structure is key to getting stakeholders to behave in a way that will improve overall security. Current cyber-related illegal activities are economically attractive for several reasons.

TTA 10 - Digital Provenance

Individuals and organizations routinely work with, and make decisions based on, data that may have originated from many different sources and also may have been processed, transformed, interpreted, and aggregated by numerous entities between the original sources and the consumers. Without good knowledge about the sources and intermediate processors of the data, it can be difficult to assess the data's trustworthiness and reliability, and hence its real value to the decision-making processes in which it is used.

TTA 11 - Hardware-Enabled Trust

Hardware can be the final sanctuary and foundation of trust in the computing environment, based on the technologies that can be developed in the area of hardware-enabled trust and security. With cyber threats steadily increasing in sophistication, hardware can provide a game-changing foundation upon which to build tomorrow's cyber infrastructure. But today's hardware still provides limited support for security and capabilities that do exist are often not fully utilized by software. The hardware of the future also must exhibit greater resilience to function effectively under attack.

TTA 12 - Moving-Target Defense

In the current environment, our systems are built to operate in a relatively static configuration. For example, addresses, names, software stacks, networks, and various configuration parameters remain relatively static over relatively long periods of time. This static approach is a legacy of information technology system design for simplicity in a time when malicious exploitation of system vulnerabilities was not a concern.

TTA 13 - Nature-Inspired Cyber Health

Today, weeks and months may elapse before successful network penetrations are detected through laborious forensic analysis. Despite their potential to function with intelligence, today's typical network components have very limited understanding of what passes through them, coupled with a correspondingly short memory. In the future, network components must have heightened ability to observe and record what is happening to and around them. With this new awareness of the system health and safety, these "self-aware systems" enjoy a range of options: these system may take preventative measures, rejecting requests which do not fit the profile of what is good, a priori, for the network; these systems can build immunological responses to the malicious agents which they sense in real time; these systems may refine the evidence they capture for the pathologist, as a diagnosis of last resort, or to support the development of new prevention methods. In the future, system owners should be able to monitor and control such dynamic cyber environments.

TTA 14 - Software Assurance MarketPlace (SWAMP)

Technical Topic Area #1 on Software Assurance describes the need to address threats throughout the software development process and called for new methods, services, and capabilities in build, test, and analysis phases in order to improve the quality and reliability of software used in the nation's critical infrastructures. Specifically, TTA#1 solicits ideas for research and development of new tools and methods for software analysis, and for applying new and existing capabilities in test and evaluation activities. This TTA (#14) focuses on the research infrastructure necessary to enable these software quality assurance and related activities.

Key Dates
Solicitation Open Date:
01/26/2011
White Paper Registration Deadline:
02/16/2011 04:30 PM ET
White Paper Submission Deadline:
03/03/2011 04:30 PM ET
Submission Deadline:
07/07/2011 04:30 PM ET


Amendments and Q&As


amendment icon Amendment # 12
Posted Date 6/22/11

amendment icon Amendment # 11
Posted Date 6/22/11

amendment icon Amendment # 10
Posted Date 6/22/11

amendment icon Amendment # 9
Posted Date 6/7/11

amendment icon Amendment # 8
Posted Date 5/24/11

amendment icon Amendment # 7
Posted Date 4/8/11

amendment icon Amendment # 6
Posted Date 3/2/11

amendment icon Amendment # 5
Posted Date 3/1/11

amendment icon Amendment # 4
Posted Date 2/23/11

amendment icon Amendment # 3
Posted Date 2/23/11

amendment icon Amendment # 2
Posted Date 2/14/11

amendment icon Amendment # 1
Posted Date 2/10/11



Back to Past Solicitations List