Small Space, Weight, and Power (SWaP) Multilevel Security Cross-Domain Solution

Navy SBIR 20.2 - Topic N202-092

Naval Air Systems Command (NAVAIR) - Ms. Donna Attick navairsbir@navy.mil

Opens: June 3, 2020 - Closes: July 2, 2020 (12:00 pm ET)

 

 

N202-092       TITLE: Small Space, Weight, and Power (SWaP) Multilevel Security Cross-Domain Solution

 

RT&L FOCUS AREA(S): General Warfighting Requirements (GWR)

TECHNOLOGY AREA(S): Air Platform, Information Systems, Battlespace

 

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 3.5 of the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws.

 

OBJECTIVE: Develop a small form factor, integrated, multi-level security, cross-domain solution.

 

DESCRIPTION: The Navy's integrated warfighting strategy, driven by advancing adversaries, calls for high levels of interoperability while at the same time maintaining the highest level of cybersecurity protection. Multiple security enclaves within a platform are becoming commonplace across the Navy, but no common solution exists. Along with coordination of systems and sensors within a platform, datalinks between similar and dissimilar aircraft are critical to success for the future of the Navy. Due to the current security posture across the Department of Defense (DoD), data of different security levels are often unable to be integrated, limiting warfighters’ ability to make tactical decisions. The development and fielding of a small form factor, integrated, multi-level security, cross-domain solution able to be tailored to a platform's need while maintaining a set of common standards would save each program from redundant development [Refs 1, 2]. Each Naval program will have their independent needs for number of domains, required classification levels, and SWaP constraints, but at a minimum, the developed technology must meet the following requirements:

 

•        Demonstrate concurrent operation across four distinct security domains.

•        Operator interface with access to all security levels.

•        Develop rulesets to control data flows within, in, and out of the system.

•        Send and receive data across each domain while ensuring no spillage to unapproved domains with Government designated simulation environment.

•        In-flight demonstration of technology with similar and dissimilar aircraft in Government-designated scenario.

•        Process DoD classified data at all levels of classification.

•        Plan for National Security Agency (NSA) approval as a cryptologic device [Refs 3, 4].

•        Maximum physical size of 1” x 4” x 6” per security domain.

•        Maximum weight of 8 ounces per security domain.

•        Operate via aircraft power at 28VDC or 400Hz AC.

•        MIL-STD 810H [Ref 5] for environmental effects.

 

Without a common solution and coordination of system architecture design, the Navy is at risk of stove piped solutions that would require complete redesign when asked to fight together.

 

Work produced in Phase II may become classified. Note: The prospective contractor(s) must be U.S. owned and operated with no foreign influence as defined by DoD 5220.22-M, National Industrial Security Program Operating Manual, unless acceptable mitigating procedures can and have been implemented and approved by the Defense Counterintelligence and Security Agency (DCSA). The selected contractor and/or subcontractor must be able to acquire and maintain a secret level facility and Personnel Security Clearances. This will allow contractor personnel to perform on advanced phases of this project as set forth by DCSA and NAVAIR in order to gain access to classified information pertaining to the national defense of the United States and its allies; this will be an inherent requirement. The selected company will be required to safeguard classified material IAW DoD 5220.22-M during the advanced phases of this contract.

 

PHASE I: Design and demonstrate feasibility of a flyable routing solution scalable to various platform configurations with a cross-domain solution addressing multiple security levels. Develop a draft architecture and plan for attaining NSA approval for cryptologic systems. The Phase I effort will include prototype plans to be developed under Phase II.

 

PHASE II: Further design and develop the solution identified in Phase I into a prototype. In conjunction with the Government, develop simulated data and then use that data to demonstrate the prototype. Develop an unclassified set of controls to handle organic and off-board classified data types provided by the Government. Initiate process of attaining NSA approval for designed hardware and software.

Work in Phase II may become classified. Please see note in the Description section.

 

PHASE III DUAL USE APPLICATIONS: Complete development of the cross-domain control measures and perform final testing in a Government-designated simulation environment. After identifying specific data types and classifications of airborne system data, demonstrate a fully capable multi-level security cross-domain solution in a live fly event. Continue work with the Government sponsor to gain NSA approval for provided approach and transition to applications across Naval airborne platforms.

 

The control measures and techniques employed may benefit companies seeking to protect proprietary data while working with other organizations. This technology will apply beyond the contractors supporting the DoD. Medical, financial, and civilian electronics industries will benefit from a technology that allows networking with competitors for collaboration while preventing proprietary or personal data from spillage onto an improper domain.

 

REFERENCES:

1. Koelsch, Col. B. F. “Solving the Cross Domain Conundrum.” US Army War College, Strategy Research Project  2013. https://pdfs.semanticscholar.org/26b3/0eab984c8c5c31e9a18e75b4ac4c52b1c14c.pdf

 

2. US Joint Staff. “Cross-Domain Synergy in Joint Operations, Planners Guide, January 2016.”  https://www.jcs.mil/Portals/36/Documents/Doctrine/concepts/cross_domain_planning_guide.pdf?ver=2017-12-28-161956-230

 

3. National Security Agency/ Central Security Service. “Information Assurance Capabilities, Data at Rest Capability Package, Version 4.0. January 2018.” https://www.nsa.gov/Portals/70/documents/resources/everyone/csfc/capability-packages/dar-cp.pdf

 

4. National Security Agency/ Central Security Service. “Information Assurance Capabilities, Commercial Solutions for Classified, Harnessing the Power of Commercial Industry,,September 2018. https://www.nsa.gov/Portals/70/documents/resources/everyone/csfc/csfc-faqs.pdf

 

5. MIL-STD-810H, DEPARTMENT OF DEFENSE TEST METHOD STANDARD: ENVIRONMENTAL ENGINEERING CONSIDERATIONS AND LABORATORY TESTS (31-JAN-2019). http://everyspec.com/MIL-STD/MIL-STD-0800-0899/MIL-STD-810H_55998/

 

KEYWORDS: Multi-level Security, Cross-domain Solution, Data Sorting, Adaptive, Small Form-factor, Modular