Loren Data's SAM Daily™

 fbodaily.com
Home Today's SAM Search Archives Numbered Notes CBD Archives Subscribe
SAMDAILY.US - ISSUE OF DECEMBER 25, 2019 SAM #6600
SPECIAL NOTICE

99 -- EVALUATION OF CYBER/IoT VULNERABILITIES OF DOD CRITICAL INFRASTRUCTURE (ExCITe)

Notice Date
12/23/2019 10:11:34 AM
 
Notice Type
Special Notice
 
NAICS
541715 — Research and Development in the Physical, Engineering, and Life Sciences (except Nanotechnology and Biotechnology)
 
Contracting Office
DEPT OF THE AIR FORCE
 
ZIP Code
00000
 
Solicitation Number
RFI-AFRL-RIK-20-01
 
Response Due
1/31/2020 8:59:00 PM
 
Archive Date
02/15/2020
 
Point of Contact
Philip Morrone, Phone: 315-330-2237, Amber Buckley, Phone: 315-330-3605
 
E-Mail Address
philip.morrone.6@us.af.mil, amber.buckley@us.af.mil
(philip.morrone.6@us.af.mil, amber.buckley@us.af.mil)
 
Description
1.0 INTRODUCTION This publication constitutes a Request for Information (RFI) as defined in Federal Acquisition Regulation (FAR) 15.201(e), ""Exchanges with Industry before receipt of Proposals, Request for Information"". Respondents should note that no funding has been specifically reserved for this announcement. We are soliciting Requests for Information abstracts only. Do not submit a white paper or proposal at this time. 2.0 FEDERAL AGENCY NAME Department of Air Force, Air Force Materiel Command, AFRL - Rome Research Site, AFRL/Information Directorate AFRL/RIED RFI-AFRL-RIK-20-01 26 Electronic Parkway Rome, NY, 13441-4514 3.0 REQUEST FOR INFORMATION (RFI) The RFI seeks to obtain technical concepts, approaches, and merits of the ideas of work pertaining to the automatic identification, mapping, and security analysis of various base control systems. For the scope of this RFI, base control systems consist of industrial control systems/supervisory control and data acquisition (ICS/SCADA), building automation, life safety, utility monitoring, and airfield control systems. Further, it seeks to obtain information about pricing, delivery, and other market information or capabilities for possible use in a future Broad Agency Announcement (BAA). This announcement is not a request for proposals; therefore, responses to the RFI are not considered offers and cannot be accepted by the Government to form a binding contract. Refer to Section 6 of this announcement for instructions on submitting an RFI abstract. All submissions must be unclassified. 3.1 RFI ABSTRACTS To help guide the RFI process the following questions would be appropriate and should be considered when responding to this request. 1. What are you trying to do? 2. How is it done today? 3. What is new or innovative in your approach? 4. If you are successful, what difference will it make? 5. What are the risks and payoffs? 6. How much will it cost? How long will it take? 7. What are the midterm and final ""exams"" to check for success? Abstracts should contain, in sufficient detail, information to enable the Government to determine whether the technical concept and/or capabilities should be reflected in a future BAA. 3.2 RFI SUBMISSIONS Submission of an abstract is voluntary and is not required to propose to subsequent Broad Agency Announcements (if any) on this topic. Respondents are advised that AFRL is under no obligation to provide feedback with respect to any information submitted under this RFI. RFI abstract due date is 31 January 2020. 4.0 TECHNICAL REQUIREMENTS: The Air Force is interested in novel methods to automatically identify and map USAF base control systems and infrastructure devices, perform analytics to identify critical dependencies and threats, and support ad hoc reporting. � 4.1 EVALUATION OF CYBER/IoT VULNERABILITIES OF DOD CRITICAL INFRASTRUCTURE (ExCITe): Control systems technology extends across a broad array of Air Force functions and facilities. Control systems enable both automation and information exchange. Ensuring organizational awareness and obtaining a comprehensive understanding of threats and risks to control systems is integral to ensuring Air Force mission success. In response to these needs, the Air Force seeks to establish a real-time situational awareness platform capable of determining a base�s overall cyber threat surface in terms of control systems technology. A key factor in determining the overall cyber threat surface is an accurate inventory of control systems devices connected through both internet protocol (IP), serial, and other connections. Base control systems of interest include, but are not limited to, supervisory control and data acquisition (SCADA) systems, building automation, life safety, utility monitoring, and airfield control systems. � Specific data acquisition capabilities of interest include: Passive network packet capture and protocol decoding to support continuous monitoring Selective active scanning for appropriate systems Protocol inspection and analysis (e.g., BACNet, LonWorks, Modbus, ZigBee) Analytics and data integration capabilities of interest include: Ad hoc reporting, dashboarding, alerts (visualization and interaction) Storage, indexing, processing (analysis and algorithms) Determination of a� base�s overall risk / threat posture Generation of alerts for events of interest Existing Application Program Interfaces (APIs) to support enterprise integration Additional consideration for:� Comparing device configuration and software component versions with NIST and other vulnerability databases Out of the box connectivity with data historians, vertical databases and management systems Familiarity with USAF Civil Engineering functions � 5.0 TECHNICAL CONSIDERATIONS: There are several technical objectives that must be balanced to support the evaluation of cyber/IoT vulnerabilities of DOD critical infrastructure: Technology stack must be applicable to numerous USAF bases Significant variation in terms of geography and age for bases, buildings, and devices Ability to test, validate, and verify solution on ranges Classification concerns due to aggregation of data The Air Force is currently not interested in service providers for this effort. The intent of this RFI is to explore potential platforms that address the stated capabilities above. 6.0 REQUEST FOR INFORMATION (RFI) ABSTRACTS 6.1 CONTENT All abstracts shall state that they are submitted in response to this announcement. RFI responses shall include the company name, address and the title, telephone number, mail and e-mail addresses of the point of contact having the authority and knowledge to discuss the RFI submission. The Government is assessing the current state-of-the-art and future IoT analytics. The RFI responses should describe the product solution proposed, addressed coverage of the requirements stated in this RFI by the proposed solution, explain the potential advantage to the Air Force, and provide a rough order of magnitude for the cost of the proposed solution. 6.2 SPECIAL CONSIDERATIONS Multiple abstracts within the purview of this RFI announcement may be submitted by each responder. 6.3 SUBMISSION RFI abstract due date is 31 January 2020. 6.4 FORMAT The abstracts will be formatted as follows: Section A: Title, Technical Area, Period of Performance (if applicable), Estimated Cost, Name/Address of Company, Technical and Contracting Points of Contact (phone, fax, and email) (This section is Not included in the page count.) Section B: Technical Summary. The abstracts shall be limited to 8 pages. All abstracts shall be double spaced in no smaller than 12 font size. All submissions must be unclassified. All responses to this announcement must be addressed to the Technical POC listed in Section 7 of this announcement. Respondents are required to submit at least one electronic copy to the Government technical point of contact (TPOC) in Microsoft Office Word. AFRL/RI is not responsible for undelivered emails. Please confirm receipt of all submission with the TPOC. 7.0 AGENCY CONTACTS Verification of government receipt or questions of a technical nature can also be directed to the cognizant TPOCs. Primary TPOC: Philip Morrone Telephone: 315-330-2237 Email: philip.morrone.6@us.af.mil Secondary TPOC: Alexander Aved Telephone: 315-330-3957 Email: alexander.aved@us.af.mil Questions of a contractual/business nature shall be directed to the cognizant Contracting Officer, as specified below: Amber Buckley Telephone: (315) 330-3605 Email: amber.buckley@us.af.mil
 
Web Link
SAM.gov Permalink
(https://beta.sam.gov/opp/9dc0228748a64632ae42ed99d59b08bf/view)
 
Record
SN05523233-F 20191225/191223230136 (samdaily.us)
 
Source
SAM.gov Link to This Notice
(may not be valid after Archive Date)
FSG Index  |  This Issue's Index  |  Today's SAM Daily Index Page |
ECGrid: EDI VAN Interconnect ECGridOS: EDI Web Services Interconnect API Government Data Publications CBDDisk Subscribers
 Privacy Policy  Jenny in Wanderland!  © 1994-2024, Loren Data Corp.