PROJECTED CMMC LEVEL REQUIREMENT
Level 2 (Self)
TECHNOLOGY AREAS
Human Systems
|
Information Systems
MODERNIZATION PRIORITIES
Advanced Materials
|
Mission Readiness & Disaster Preparedness
|
Nuclear
|
Sustainment & Logistics
KEYWORDS
Operational Technology (OT), Critical Infrastructure, Cybersecurity, Industrial Control Systems (ICS), Homeland Defense, AI, Mission Planning, Incident Response
OBJECTIVE
U.S. critical infrastructure—including power grids, water treatment facilities, and transportation networks—is increasingly targeted by sophisticated adversaries using coordinated cyber and physical attacks. The Operational Technology (OT) and Industrial Control Systems (ICS) governing this infrastructure present a complex, vulnerable attack surface. The current process for planning and executing defensive and responsive actions is often manual, stove-piped between different agencies and asset owners, and too slow to counter machine-speed threats. There is a critical need to automate and accelerate the planning and coordination of defensive and offensive effects to protect national critical infrastructure.
ITAR
The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with section 3.5 of the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws.
DESCRIPTION
DoW, in partnership with homeland security stakeholders, seeks SBIR project opportunities for STRIKE AI, an AI-enabled mission planning system designed to automate the planning and synchronization of effects to defend Operational Technology (OT) infrastructure. This system will function as a rapid response planning tool, ingesting high-level commander's intent (e.g., "Ensure integrity of the regional power grid") and rapidly generating executable, deconflicted response plans for both cyber and physical assets.
The proposed solution is a holistic, AI-driven planning engine that can reason across multiple domains (cyber, physical, intelligence) and orchestrate complex response operations at machine speed. Specific areas of interest for this framework include:
Commander's Intent Interpretation: Processing high-level defensive objectives and translating them into specific tasks for cyber protection teams, law enforcement, and military response units.
Modeling OT Environments and Assets: Maintaining a comprehensive model of friendly defensive assets (e.g., CISA incident response teams, National Guard cyber units, physical security teams) and a detailed model of the targeted OT environment, including its specific controllers (PLCs, RTUs), network topology, and known vulnerabilities.
Threat Analysis: Ingesting intelligence data from multiple sources to model adversary tactics, techniques, and procedures (TTPs) against critical infrastructure.
Automated Response Plan Generation: Utilizing advanced algorithms to generate, deconflict, and sequence defensive actions (e.g., network segmentation, honeypot deployment) and offensive responses (e.g., counter-cyber operations, interdiction of physical threats) to neutralize threats while minimizing collateral damage and service disruption.
Human-on-the-Loop Oversight: Presenting generated response plans in an intuitive format for human commanders (e.g., at USNORTHCOM, CISA) to review, modify, and approve before execution.
PHASE I
Not to exceed a duration of 12 months and cost of $100,000.
Phase I will demonstrate the feasibility of the STRIKE AI concept by developing a proof-of-concept prototype capable of generating a simple, integrated defensive plan for an OT scenario. Key activities will include: designing the system architecture and data models for OT assets and threats; developing a foundational planning engine for basic task allocation; creating a mock-up scenario involving a notional critical infrastructure target (e.g., a municipal water utility) under a simulated multi-pronged attack; and demonstrating the prototype's ability to automatically generate a deconflicted response plan coordinating cyber and physical defensive actions. A final report on feasibility and a detailed Phase II plan will be delivered.
PHASE II
Not to exceed a duration of 24 months and cost of $1,000,000.
Depending on Phase I results, Phase II will consist of developing a more robust prototype capable of planning for more complex, large-scale scenarios (e.g., a regional power grid). This will involve expanding the planning engine to ingest real-time threat intelligence and asset status feeds. The prototype will be enhanced to model cascading effects across interconnected infrastructure sectors. The effort will focus on creating a high-fidelity user interface and testing the system's ability to rapidly re-plan in response to dynamic threat activity. A key goal will be demonstrating the prototype in a relevant environment, such as a joint exercise with CISA and USNORTHCOM.
PHASE III DUAL USE APPLICATIONS
The STRIKE AI system has significant dual-use potential for protecting national security interests. The mature system would be transitioned for operational use by DoW entities responsible for homeland defense (e.g., USNORTHCOM) and civilian partners like the Department of Homeland Security's CISA. The platform would provide a critical capability for national-level incident response, enabling rapid, coordinated protection of the nation's most vital assets. The modular architecture would allow for continuous integration of new defensive tools and intelligence sources, ensuring the system remains effective against evolving threats to U.S. critical infrastructure.
Phase III proposal Submission. Phase III proposals are emailed directly to DLA SBIR2@dla.mil. The PMO team will set up evaluations and coordinate the funding and contracting actions depending on the outcome of the evaluations. A Phase III proposal should follow the same format as Phase II for the content and format. There are, however, no limitations to the amount of funding requested, or the period of performance. All other guidelines apply.
REFERENCES
NIST Special Publication 800-82, "Guide to Industrial Control Systems (ICS) Security."
CISA, "Known Exploited Vulnerabilities Catalog."
MITRE ATT&CK® for Industrial Control Systems (ICS).
Show All
