The Applied Cyber Resiliency program focuses on advancing fundamental technology to ruggedize naval data and software systems to achieve mission objectives in the face of adversarial cyber interference. Building on results from and knowledge explored by the Cyber Security and Complex Software Systems the program seeks to develop and evaluate technical approaches for future cyber capabilities.
Dependable and resilient computing systems are challenged by exponential growth in complexity and connectivity, an increasing pace of threats, and a general lack of transparency in hardware and software supply chains. The program seeks to investigate attack-agnostic approaches that address root causes of cyber vulnerability and enhance efficiency, robustness, and cyber resiliency for all classes of computing systems across the naval enterprise.
The program heavily considers naval relevance in approaching the above challenges, seeking to research and develop novel methods and technology that contend with or overcome the unique challenges imposed by maritime environments. Long-lived, heterogeneous deployments of legacy systems where no source code is available is a common reality. High degrees of automation are necessary to succeed against machine-speed nation-state threats with limited bandwidth and little to no access to human cyber expertise.
Research Concentration Areas
- Safe and Resilient Cyber-Physical Systems: Dependability and reliability of maritime platforms and infrastructure is critical to the successful exercise of naval power. The integrated control systems and complex sensors that power these platforms must be secure and able to tolerate adversarial cyber interference. The vision is to limit or reverse an attacker’s ability to translate vulnerabilities to unsafe system states.
- Understanding and Limiting the Exploitability of Systems: As system complexity and connectivity soars, proactively reducing and reshaping attack surfaces is critical. Further, unanticipated interdependences and non-traditional apertures are emerging in systems that require principled engineering approaches to protect. Traditional signature and network-based detection offers too little, too late.
- Advancing Automation of Cyber Operations: With timelines shrinking and human expertise in limited supply, conducting successful operations that involve cyber requires greatly improved levels of automation. Approaches should consider how to defend in disadvantaged and intermittent communications environments, and should bring forward orthogonal approaches to complement existing operational workflows, such as to resist and disrupt malware.
- Transformation and Analysis to achieve Zero-trust Hardware and Software Supply Chains:Modern supply chains for hardware and software are exceedingly complex and opaque, oftenresulting in brittle end systems that defy understanding when things fail. Novel methods areneeded to analyze artifacts from any source and proactively disrupt undesirable behavior.
Research Challenges and Opportunities
- Principled fault-tolerance architectures to survive adverse cyber events
- Binary analysis, transformation, diversification, and dynamic reshaping
- Higher level system characterization and attack surface evaluation from binary
- Tools and architectures for the security and resilience of emerging technology systems
- Means to characterize the operational impacts of cyber improvements
How to Submit
For detailed application and submission information for this research topic, please refer to our broad agency announcement (BAA) No. N0001425SB001.
Contracts: All white papers and full proposals for contracts must be submitted through FedConnect; instructions are included in the BAA.
Grants: All white papers for grants must be submitted through FedConnect, and full proposals for grants must be submitted through grants.gov; instructions are included in the BAA.