SOLICITATION NOTICE
A -- Proactive and Predictive Information Assurance for Next Generation Systems (P2INGS) Part 2 of 2
- Notice Date
- 4/8/2003
- Notice Type
- Solicitation Notice
- Contracting Office
- Department of the Air Force, Air Force Materiel Command, AFRL - Rome Research Site, AFRL/Information Directorate 26 Electronic Parkway, Rome, NY, 13441-4514
- ZIP Code
- 13441-4514
- Solicitation Number
- Reference-Number-BAA-03-10-IFKA-PART-2
- Point of Contact
- Arnold Kloven, Contracting Officer, Phone (315) 330-4767, Fax (315) 330-8082,
- E-Mail Address
-
klovenj@rl.af.mil
- Description
- CONTINUED - PART II OF II OF BAA 03-10-IFKA. Program Manager, Mr. William E. Wolf, AFRL/IFGB, 525 Brooks Road, Rome, NY, 13441-4505, telephone: (315) 330-2278, email: William.Wolf@rl.af.mil. Technical POC, Joseph Giordano, AFRL/IFGB, 525 Brooks Road, Rome, NY, 13441-4505, telephone: (315) 330-4119, e-mail: Joseph.Giordano@rl.af.mil. Contracting POC: AFRL/IFKA, Arnold J. Kloven, Contracting Officer, 26 Electronic Parkway, NY 13441-4514, telephone: (315) 330-4767, email: Arnold.Kloven@rl.af.mil. ARDA also desires metrics that indicate the increase in warning time that the solution provides for various classes of attacks. 5.2.1.2 Modeling Strategic Cyber Attack Scenarios. While it is possible for attackers to do serious damage with little preparation and with little prior observables, we expect that large-scale strategic cyber campaigns targeted at major IC capabilities will require a more serious preparation and will leave larger footprints or detectable observables. We expect reconnaissance to be more sophisticated in that adversaries will have to create accurate models and test beds of the target system on which to test their attack campaigns before initiating an attack. It is also anticipated that adversaries will perform live tests of several aspects of the attack, and then put into place mechanisms (trojanized commands, logic bombs backdoors on systems, new buffer overflow exploits or other malicious software) that can be triggered in an orchestrated series of events. All of these activities create potentially observable events from within or external to the IC information infrastructure. The goal of this research is to create models of strategic cyber attack scenarios and to develop ways of systematically detecting the observable points in the models. The models need to include time sequence events and the projection of those events onto a defender system. For example, reconnaissance will look like a series of probes and the observables could be the probes themselves, probably attempting to go low and slow to avoid detection. In this case the methods for observation could be probe detectors that look for low and slow kinds of probes. The penetration phase attack may exhibit some observables prior to the attack occurring. ARDA seeks research into technologies and techniques that develop and demonstrate such models in the context of creating indications and warning of major strategic cyberwar campaigns against the IC information infrastructure. 5.2.1.4 Sensor Grid ? Detecting Observables. For the most part, existing intrusion detection systems have made use of event streams that were designed for other purposes (operating system audit logs, network data packets, etc.). This has proven useful, but severely limits the detection of pre-attack activities. Specialized cyber sensors need to be developed that are optimized to detect pre-attack events and observables for indications and warning. The intent of this research is to design a suite of sensors that are specifically suited for the detection of important cyber events/observables that indicate a pending cyber attack. Schemes for working backwards from attacks or attack classes to derive the best sensor designs are of interest to ARDA. Sensor coverage of the most important events and tunability will be considerations in the quality of design. Architectures are also sought for deploying these specialized sensors within a defended IC network in such a way that adversaries are likely to run into them for the tasks that they must accomplish to achieve the results they seek. Sensor deployment architectures with rationale are sought both conceptually and in conjunction with proposed suites of specialized sensors. Leveraging sensor design techniques and concepts from related domains such as the realm of physical sensors is encouraged. As part of this sensor grid research, ARDA also seeks innovative ideas on developing sensor technology that can detect and defeat adversary attempts to deceive the sensors or manipulate the sensors to the adversary's advantage in masking this behavior. VI. Proposal Instructions: THIS ANNOUNCEMENT CONSTITUTES THE ENTIRE SOLICITATION. This Broad Agency Announcement (BAA) (BAA-03-10-IFKA) constitutes the entire solicitation for this effort. No additional information is available, nor will a formal request for proposal or other solicitation regarding this notice be issued. PROPOSAL PREPARATION INSTRUCTIONS: Offerors are required to submit five (5) copies of a thirty (30) page (maximum) technical proposal and a cost proposal (no page limitation) with a cover letter . Pages in excess of the maximum will not be reviewed or evaluated. The technical proposal will be formatted as follows: Section A: Title, Period of Performance, Cost of Task, Name of Company; Section B: Task Objective; Section C: Technical Summary, Section D: Technical Description and Statement of Work (SOW), describing the effort's scope, the specific tasks to be performed and their associated schedules and relationship to the technical topic. Offerors must mark their proposals with the restrictive language stated in FAR 15.609. Proposals should be submitted both on paper and in electronic format (Microsoft Word or Adobe Acrobat Read format) compatible with Windows XP Professional. The page format shall be 12 point or larger type, single-spaced, one inch margins, single sided, 8. 5 by 11 inch pages. The page limitation for the technical/management proposal includes all information (i.e., figures, tables, graphics, charts, indices, photographs, foldouts, appendices, key personnel, resumes, etc.).Offerors are requested to provide their Commercial and Government Entity (CAGE) number with their submission as well as a fax number, and an e-mail address. The Government anticipates awarding approximately four (4) eighteen (18) month contracts in FY 03 in the $500K to $1,500K each for a total of $5.0M. Offerors are requested to propose an additional twelve (12) month period of performance on an option basis to provide for possible demonstrations. These options are anticipated to range from $500K to $1,000K each for a total of $4.0M. The cost proposal should be predicated on a cost-plus-fixed-fee (CPFF/completion) pricing arrangement. Proposed costs shall be identified by element of cost and include the basis of estimate and detailed supporting rationale. Unpriced options will not be considered for award. The cost of preparing proposals in response this announcement is not considered an allowable direct charge to any resulting contract or any other contract. Total funding for this BAA is approximately $9.0M. This BAA is open and effective until thirty-six (36) months from date of publication. The work to be performed shall not exceed the unclassified level. As such, proposals may only be submitted at the unclassified level. Proposals submitted above this level will not be accepted or considered. An informational briefing/industry day is not planned. Foreign or foreign-owned offerors are advised that their participation is subject to foreign disclosure review procedures. Foreign or foreign-owned offerors should immediately contact the contracting office focal point, Arnold J. Kloven, Contracting Officer, telephone (315) 330-4767 or e-mail Arnold.Kloven@rl.af.mil for information if they contemplate responding. The e-mail must reference the title and BAA 03-10-IFKA. Questions, clarification, or concerns from offerors or potential offerors during the proposal development phase of this acquisition should be communicated directly to the IFKA Contracting Officer, Arnold Kloven, telephone (315) 330-4767 or e-mail Arnold.Kloven@rl.af.mil. The email must reference the title and solicitation number of the acquisition. A copy of the Rome "BAA& PRDA: A Guide for Industry," Sep 1996 (Rev), may be accessed at: http://www.if.afrl.af.mil/div/IFK/bp-guide.html. The Air Force Research Laboratory's Information Directorate has contracted for various business and staff support services, some of which require contractors to obtain administrative access to proprietary information submitted by other contractors. Administrative access is defined as "handling or having physical control over information for the sole purpose of accomplishing the administrative functions specified in this contract or order, which do not require the review, reading, or comprehension of the content of the information on the part of non-technical professionals assigned to accomplish the specified administrative tasks." The required administrative access will be granted to non-technical professionals. Examples of the administrative tasks performed include: a. Assembling and organizing information for R&D case files; b. Accessing library files for use by government personnel; and c. Handling and administration of proposals, contracts, contract funding and queries. Any objection to administrative access must be in writing to the contracting officer and shall include a detailed statement of the basis for the objection. The Government may use the services of Omen, Inc., Cyber Defense Agency (subcontractor to Omen, Inc.), Mitretek Systems, and Institute for Defense Analysis personnel in an advisory role for the technical evaluation of proposals. The exclusive responsibility for evaluation remains with the Government. Representatives of the foregoing firm(s) participating in the evaluation process will sign a non-disclosure agreement in order to highlight the sensitivity of the evaluation process and to protect any proprietary information within the proposals. Submission of a proposal constitutes permission to release the proposal to the identified firms for evaluation purposes. PROPOSAL SUBMISSION: Prospective offerors shall submitted proposals within forty-five (45) days of the date of publication of this notice. All technical and cost proposals submitted in responses to this BAA must be addressed to ATTN: Mr. William E. Wolf, Reference BAA 03-03-IFKA, AFRL/IFGB, 525 Brooks Road, Rome, NY, 13441-4505. PROPOSAL EVALUATION AND SELECTION: Proposals will be selected through a technical/scientific/business decision process using the following criteria in descending order of importance: (1) Overall scientific and/or technical merit, including technical feasibility, degree of innovation, understanding of the technical and operational approach, and experimental approach. If a proposal lacks overall scientific and/or technical merit, it will not be further considered for award. (2) The effort's potential contributions to the Intelligence Community's Information Assurance efforts. (3) Cost reasonableness and realism. (4) The offeror's capabilities, related experience, facilities, techniques, or unique combinations of these which are integral factors for achieving proposal objectives (5) Qualifications, capabilities, and experience of key personnel (6) The offeror's record of present and past performance. Awards under this BAA will be made to responsible offerors on the basis of the evaluation criteria above and a BEST VALUE approach to the Government. Awards will be subject to the availability of funds. Awards may take the form of a procurement contract, grant, or cooperative agreement, depending upon the nature of the work proposed, the required degree of interaction between parties, and other factors. The Government reserves the right to 1) select for award all, some, or none of the proposals received, and 2) incrementally fund any award instrument. All responsible firms may submit a proposal, which shall be considered. Prospective offerors are advised that only Contracting Officers are legally authorized to commit the Government. Proposals submitted will be evaluated as they are received. Individual proposal evaluations will be based on acceptability or non-acceptability without regard to other proposals submitted under the announcement. VII. APPENDIX: APPENDIX A: Intelligence Community's Advanced Research and Development Activity (ARDA) for Information Technology ARDA (http://www.ic-arda.org/) is a joint Department of Defense and Intelligence Community organization that was established in December 1998. While the ARDA office is organizationally part of the National Security Agency, ARDA's mission is to incubate revolutionary Research and Development (R&D) activities within the broad field of Information Technology for the shared benefit of the Intelligence Community. In order to satisfy this mission, ARDA, in close cooperation with its Intelligence Community partners, originates and manages advanced R&D programs that: 1. Will have fundamental impact on future Intelligence Community operational needs and strategies; 2. Demand substantial, long-term venture investment to spur risk-taking; 3. Progress measurably toward mid-term and final goals; and 4.Take many forms and employ many delivery vehicles. This BAA has been developed under ARDA's guidance and direction by representatives from a number of Intelligence Community Agencies that include NIMA, the Central Intelligence Agency (CIA), the Defense Intelligence Agency (DIA), the National Reconnaissance Office (NRO), and the National Security Agency (NSA). The US Air Force Rome Laboratory has agreed to issue the solicitation. The evaluation of proposals, the selection of awardees, the execution of the resulting contracts, and the overall management of the proposals awarded from this BAA will be accomplished under the guidance and direction of ARDA. Appendix B - DoD Instruction 8530.2, Enclosure E4, Section E4.3.1. E4.3.1. Situational awareness is the key to effective CND. A robust situational awareness capability is mandated by the highly interconnected nature of the DoD information systems and computer networks; the degree to which they share risk; and the coordination and synchronization requirements of response efforts. Situational awareness is enabled by an interoperable suite of information systems that collectively support and comprise a Common Operational Picture (COP). E4.3.l.l. Constructing a COP is a top down and a bottom up endeavor. A common operational picture is required that is both Defense-wide and tailored to a hierarchy of decision-makers in a dynamic command and control construct. Managing and collecting information in and for a dynamic environment is inherently complex. Many factors contribute to that complexity, for example: E4.3.l.l.l. The optimum set off data elements is inherently dynamic, changing as the computer networks environment, the DoD operational environment and the threat change, as the DoD CND capability matures, and as technology evolves to support CND. Additionally, the optimum subset for decision support changes as control shifts up and down the operational hierarchy. E4.3.l.l.2. Both the optimal and the obtainable refresh rates for the required data elements are inherently dynamic. Each rate is continuously moving toward real time but is constrained by the rates of the set itself in that extremely disparate refresh rates among individual data elements can distort or falsify the resulting fused picture. E4.3.1.2. The major Components of the CND COP are: E4.3.l.2.l. A shared picture of the DoD global information and computing networks and the military and business operations they support, to include notice of any impending changes in configuration, capacity, utilization, assurance posture, user priorities, or criticality of support for military operations. An understanding and visualization of these global systems is required for all Network Operations elements ? network management, information dissemination management, and information assurance ? therefore, the development and maintenance of the network operational picture is not the exclusive responsibility of CND. Rather, the CND COP incorporates and builds upon the operational picture of the DoD global network COP that is common to all Network Operations elements. E4.3.l.2.2. A shared picture of the threat developed from all sources. These sources include foreign intelligence; Federal law enforcement; National counterintelligence; Defense Law enforcement, Defense counterintelligence, other security sources; private sector infrastructure service and computer emergency response providers and, other open sources E.O. 12333 (reference (i)) applies to both DoD and non-DoD intelligence and counterintelligence units. DoD Directive 5240.l (reference (j)) and DoD 5240.1-R (reference (k)) govern the activities of all DoD intelligence units and non-intelligence units performing intelligence activities. E4.3.l.2.3. A shared picture of CND operations, e.g., effective INFOCON levels and status of compliance, status and compliance of IAVAs, schedule and status of VAAs, status of CND COA development and execution, as well as impending changes to CND services. E4.3.l.3. In addition to a Defense-wide shared picture, the COP seeks to enable contributing communities by promoting "community specific COPs." Communities may be organizational, e.g., DoD Component, or functional, e.g., the Defense Law Enforcement community. The community specific COPs are intended to: E4.3.l.3.l. Provide the ability to collect, organize, process, manage and disseminate CND related information within the community at a level of detail greater than the CND COP. E4.3.1.3.2. Support the development and improvement of standard processes for community support to CND. E4.3.l.3.3. Support the standardization and availability of information required for the DoD CND COP E4.3.l.4. Tier l: The USCINCSPACE establishes CND requirements for the CND COP. The certification authorities maintain common Defense-wide aspects of the COP by: E4.3.l.4.l. Contributing Component and relevant functional CND information to the COP. E4.3.l.4.2. Coordinating informational needs with Tier 2 entities to ensure a Defense-wide CND COP. E4.3.l.4.3. Assisting Tier 2 entities to meet reporting and information input requirements. E4.3.l.5. Tier 2 CNDS providers support situational awareness by: E4.3.l.5.l. Working with and supporting the CND Architect and the CND Systems Integrator to identify requirements, and to develop, deploy and maintain information systems. E4.3.l.5.2. Working with serviced Tier 3 entities and Components to ensure that CND COP information is timely and accurate. E4.3.l.5.3. Working with serviced Components to identify Component-unique requirements and support their development, deployment and maintenance. E4.3.l.5.4. Assisting Tier 3 entities to meet reporting and information input requirements. E4.3.l.6. Tier 3 supports situational awareness by complying with reporting requirements and providing information inputs to the COP. Appendix C - DoD Instruction 8530.2, Enclosure E4, Section E4.3.2 E4.3.2. Indications and Warning (I&W) is defined as those intelligence activities intended to detect and report time-sensitive intelligence information on foreign developments that could involve a threat to the United States or allied/coalition military, political, or economic interests or to U. S. citizens abroad. It includes forewarning of enemy actions or intentions; the imminence of hostilities; insurgency; nuclear/non-nuclear attack on the United States, its overseas forces, or allied/coalition nations; hostile reactions to U. S. reconnaissance activities; terrorists' attacks; and other similar events. E4.3.2.1. Tier 1: The USCINSPACE provides the Intelligence Community (IC) with priority intelligence requirements (PIR) and indications and warning requirements for potential attacks against DoD information systems and computer networks. The Defense Intelligence Agency (DIA) coordinates IC support to the USCINSPACE. E4.3.2.2. Tier 2: DoD Components provide PIR input to the USCINSPACE, and in coordination with the USCINSPACE and DIA, determine direct intelligence support to the CNDS providers. E4.3.2.3. Tier 3 implements Tier 1 and Tier 2 direction.
- Record
- SN00298563-W 20030410/030408213607 (fbodaily.com)
- Source
-
FedBizOpps.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |