Satellite Cyber Immune Response to Evolving Threats

OUSD (R&E) CRITICAL TECHNOLOGY AREA(S): Integrated Sensing and Cyber; Space Technology The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws. OBJECTIVE: Currently, for USSF satellites there are large amounts of telemetry to monitor to ensure the full health of the system. An auto immune response system for cyber events would remove the need for constant monitoring by operators by detecting currently known vulnerabilities and then classifying unknown vulnerabilities. This system follows the operational capabilities of the human immune system to allow for long term and evolving effectiveness of the detect and response capabilities of a space platform. The Objective of the SBIR is to research and develop algorithms and system architectures that can detect a cyber event both known and unknown using bio-inspired computing techniques. DESCRIPTION: For an operator to be able to respond to a cyber event in a proficient and responsive timeline the event would need to be quickly detected. Classic cyber detection and mitigation systems, such as Firewalls and Intrusion Detection Systems, lack the ability to detect/respond to unknown attack signatures [1]. A bio-inspired immune response system complements the classic system to handle the unknown signatures, much like how the human immune system can react and handle known pathogens [1]. There exists cloud based systems, such as IBM Watson for Cyber Security [2], but those systems tend to have large computational requirements and false positive rates. Therefore future research and work would need to inter operate with existing security systems, detect unknown cyber events with high accuracy and decrease computational resources to fit within a satellites SWAP-C. PHASE I: Conduct a literature survey of bio-inspired computing and cyber immune response to understand the current state of the art. Using the survey generate a representative software and hardware architecture for use in implementing a cyber immune response system. Using the architecture create an analysis of alternatives for the key aspects of the architecture. Using the architecture and analysis of alternatives generate a list of data source needs to feed into the system to be able to generate a course of action. Given a vignette mission from the technical point of contact generate a set of courses of action that would pertain. PHASE II: Operating off the phase 1 vignette and proposed architecture implement a proof of concept system that can generate actionable courses of actions in a simulated digital twin of a space platform. Using the simulation demonstrate the ability of the system to learn and respond to known and unknown threats to the platform. Using the proof of concept and simulation determine the optimal location for the response system based on data source and computational needs. Using the simulation and digital twin generate a set of mitigation techniques possible to act on the course of actions coming from the immune response system. Implement the most impactful mitigation techniques and demonstrate the ability for the system to now detect and respond to known and unknown cyber threats. Develop the proof of concept into a space ready prototype that can be tested government test space test range to determine to operational-ability of the prototype. PHASE III DUAL USE APPLICATIONS: Entering into phase 3 the immune response system should be at Technology Readiness Level 5-6 and should be nearing Technology Readiness Level 7, based on National Aeronautics and Space Administration's Technology Readiness Levels. The performing company should now work towards getting on-board a flight test program, such as AFRL RV's small-sat, Department of Defense Space Test Program or University Nano Satellite Program. REFERENCES: Wlodarczak, Peter. "Cyber immunity." International Conference on Bioinformatics and Biomedical Engineering. Springer, Cham, 2017.; IBM launches Watson for Cyber security beta program. IBM (2016). https://www.ibm.com/news/ca/en/2016/12/06/v881650s90213z16.html; KEYWORDS: Cyber-Security; Bio-Inspired Computing; Satellites;