Past Solicitations
NWO Joint U.S. - Netherlands Cyber Security Research Programme

This is Broad Agency Announcement (BAA) Call 1 (HSHQDC-17-R-B0004) under CSD-2017-International BAA Broad Agency Announcement HSHQDC-17-R-B0001. This is soliciting for up to four year efforts for two unrelated TTAs, Industrial Control Systems/ Supervisory Control and Data Acquisition (ICS/SCADA), and Distributed Denial of Service (DDoS) attacks and the Domain Name System (DNS).


TTA.01 - Industrial Control Systems/ Supervisory Control and Data Acquisition (ICS/SCADA)

Industrial Control Systems (ICS) and/or Supervisory Control and Data Acquisition (SCADA) systems control segments of the infrastructure critical to the smooth function of our society. These systems collect information from sensors and actuators about some physical environment and provide an operator interface which allows control and reporting. The physical environment could be a power plant, power-distribution network, water-treatment plant, manufacturing floor, petroleum refinery, or any other physical environment that requires control and data acquisition. Technically the ICS and/or SCADA system is composed of information technology (IT) that provides the human-machine interface (HMI) and stores and analyzes the data. It may contain the logic necessary to operate the physical environment either autonomously or semi-autonomously. Although technically not part of the SCADA system, SCADA systems are connected to the sensors and actuators via a complex network of devices that may include any of the following: Front End Processors (FEPs), Intelligent Electronic Devices (IEDs), Master Terminal Units (MTUs), Motor Control Centers (MCCs), Programmable Logic Controllers (PLCs), and Remote Terminal Units (RTUs). Because ICS and/or SCADA systems are largely composed of commercial-off-the-shelf technology (COTS) they inherit all of the common vulnerabilities, in addition to some vulnerabilities that are quite unique. Given the critical nature of ICS and/or SCADA systems, developing tools and techniques to address one or more of the following ICS and/or SCADA topics are of interest. Note, however, research on this TTA is not strictly limited to these areas of interests: a. ICS Digital Data Collection and Analysis. Develop forensically sound methods of digital data collection and rigorous digital data analysis for Industrial Control System field equipment including Programmable Logic Controllers, Remote Terminal Units (RTUs) and other Field Input/Output equipment to include data stored in drives, memory, telemetry data and firmware that can analytically prove an ICS Cyber-attack affected the field equipment and created any consequence in the process controlled by the field equipment. b. ICS/SCADA Vulnerability Assessment Tool. Create a specific ICS vulnerability assessment scanning tool for use at asset owners as well as a more aggressive version for system assessments that is extensible c. ICS/SCADA Common Operating Picture (COP) Tool. Create a tool with live information feeds that provides a common operating picture of cyber threats to Critical Infrastructure that includes specific adversary analysis, vulnerability analysis, and integration with live reporting from control systems. d. Securing ICS/SCADA legacy systems. Create architectures, protocols, guidelines and other technologies or solutions to protect older, insecure ICS/SCADA systems. This research will enable owners of ICS/SCADA legacy systems to easily maintain outdated and unsupported systems and protect them against current and future threats and vulnerabilities.

TTA.02 - Distributed Denial of Service (DDoS) Defenses

DDoS attacks can take many vectors and targets. Attack vectors of particular interest include DDoS attacks directed at critical services and those directed at the Domain Name System (DNS), in particular. The DNS has played a role in several recent attacks and developing tools and techniques to address one or more of the following DNS related DDoS threats and vulnerabilities are of interest. Note, however, research on this TTA is not strictly limited to these areas of interests: a. Protection of the DNS against DDoS attacks. Attacks on the DNS have been used to disrupt Internet service. If you can stop the DNS, you effectively stop most Internet communication. Therefore, a goal of this TTA is to secure DNS beyond DNSSEC implementation. b. Prevention of exploiting DNS to generate DDoS attacks. DNS has been used as both a reflector and amplifier for attacks on other sites. In this case, the objective is not to disrupt the DNS but instead to use the DNS as a tool to disrupt other services. Therefore, a goal of this TTA is to develop techniques, mechanisms and tools to prevent any DNS component from being exploited in a way that facilitates a DDoS attack. c. Understanding the mechanisms and methods DNS can be used to effect and mitigate Internet of Things (IoT) DDoS attacks. A goal of this TTA is to explore IoT DNS related DDoS attacks. This could include: exploring DNS as a mechanism to better understand and potentially mitigate IoT based DDoS attacks; studying DNS to determine how information about what IoT devices are present, and what those devices are doing, to prevent DDoS attacks; and studying how DNS may be used to exploit IoT devices to implement botnetbased DDoS attacks.

Key Dates
Solicitation Open Date:
Registration Deadline:
08/31/2017 08:00 AM ET
Submission Deadline:
08/31/2017 08:00 AM ET

Back to Past Solicitations List