The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 3.5 of the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws. OBJECTIVE: Develop unsupervised, automated, and encrypted or secure means of exploiting machine learning algorithms in adversary space (midpoint or cloud-based aggregation points) to evaluate and securely exfiltrate only data of relevance to the government missions. The government must have the ability to specify how reporting is generated based on confidence thresholds of data screening, and primarily security of data during exfiltration and at rest (during investigation / inquiry). DESCRIPTION: Securely exfiltrating or transferring data from a midpoint of aggregation into U.S. owned networks at a speed and quantity sufficient to support intelligence or operational needs represents a significant technical challenge to cyber and information warfare operations. The objective desired is secure, data transfer with low or no probability of detection from a point of presence in an adversary network, on a midpoint or cloud-based aggregation point. The SBIR would propose a manner of on sight or in situ analysis to decrease the size and amount of data copied and removed from that network or cloud. The method of obfuscation, encryption, or non-attributable exfiltration are key requirements for any proposed solution. This SBIR is a Direct to Phase II effort. Awardee(s) will be responsible for providing their own hardware and software, chargeable to the contract, but not to exceed the maximum funding limits. During the SBIR Phase II effort, neither SCO, nor its partners, will provide access to any training material, government furnished information, or equipment. Currently, exfiltrated data is backhauled to appropriate government systems for analysis and action. The logistics of this extensive data supply chain process is both expensive and time consuming, negatively impacting the speed to mission. By deploying analysis tools in a gray-space/midpoint aggregation architecture, the process can take advantage of data timeliness and overcome backhaul and storage constraints by applying advanced, encrypted filter and selection, and return only the most relevant, pre-selected data. This will decrease data exfiltration requirements and detection while increasing speed of analysis. Proposed solutions should be able to integrate into existing infrastructures and workflows and scale for use across multiple domains and also allow aggregated data to maintain a low probability of detection in lower trust environments while sensitive operations (search, watch listing, analytics,) are conducted. Awardees are responsible for providing their own training corpuses, and must be able to fully describe said corpuses, what criteria will be used to teach the system, and maintain continued/regular access to said training corpus in the Phase II proposals. The training corpus may be any government, commercial, academic, proprietary, or open source data set, or a combination of any or all. Loss of access to the training corpus before or during the SBIR program will result in cessation of participation of the contract. At the close of the SBIR process, awardees will deliver a successful operational prototype with full government use rights. Awardees may use any developed efforts for other governmental or commercial opportunities, including continued service support in any Phase III options. PHASE I: Documentation should be provided to allow government to make a feasibility determination to proceed direct to Phase II. This could include but is not limited to: examples or the technologies used in existing controlled scenarios or on wholly owned networks. Where else is the proposed encryption, transfer and analytical software used? How does it function? What are the technical limitations and requirements? How much memory is required? How much bandwidth? Processing time? Does it require software installed locally? Or is it accessible via remote solutions? Any reports on current use addressing Software Development Kit (SDK) size, analytical and processing speed, security of encryption and or packet transfer times along with availability and reliability reports (how often does the system go off line or require reprograming, software rewrites, and or updates? Any possible training available and time to train to use, and mastery levels, if required? PHASE II: SCO will accept DP2 proposals for a cost of up to $1.5M for 24 months. The minimum required deliverable would be demonstration of the technology in a proxy adversary owned' network or cloud of the prototype technology allowing secure, low probability non-attributable exfiltration of selected data from a neutral' cloud. PHASE III DUAL USE APPLICATIONS: Commercial applications would include providing select data from cloud environments for data analytics including support of machine learning and artificial intelligence for trend analysis and anomaly detection. This could reduce storage dependency and redundancy allowing cloud storage of most data and select targeted transfer of valued data. Awardees may use any developed efforts for other governmental or commercial opportunities, including continued service support in any Phase III options. Private sector commercial potential includes using the developed tools in a network security environment for data transfers either as a service provider or as a supplier to network security service providers. DOD and Military application of Midpoint and tactical data aggregation to enable cyber operations include intelligence gathering, cyber network analysis, target development, indications and warning, as well as transfer of technical data. REFERENCES: Williams, Ellison Anne. Practical Homomorphic Encryption: Three Business Use Cases. Forbes Forbes Technology Council post, Aug 10, 2020 www.forbes.com/sites/forbestechcouncil/2020/08/10/practical-homomorphic-encryption-three-business-use-cases/?sh=bee4b9a2a460 Williams, Ellison Anne. Homomorphic Encryption: Myths and Misconceptions. Helpnet security Feb 18 2021 www.helpnetsecurity.com/2021/02/18/homomorphic-encryption-myths-misconceptions/ Williams, Ellison Anne. Encrypting data on the Internet of Battlefield Things. Video C4ISRNET June 11 2019. https://www.c4isrnet.com/video/2019/06/12/encrypting-data-on-the-internet-of-battlefield-things// KEYWORDS: Encryption, AI, ML
