You are here

NAVWAR Open Topic for Advanced Data Integrity and Control Methods

Description:

OUSD (R&E) CRITICAL TECHNOLOGY AREA(S): Integrated Network Systems of Systems

 

The technology within this topic is restricted under the International Traffic in Arms Regulation (ITAR), 22 CFR Parts 120-130, which controls the export and import of defense-related material and services, including export of sensitive technical data, or the Export Administration Regulation (EAR), 15 CFR Parts 730-774, which controls dual use items. Offerors must disclose any proposed use of foreign nationals (FNs), their country(ies) of origin, the type of visa or work permit possessed, and the statement of work (SOW) tasks intended for accomplishment by the FN(s) in accordance with the Announcement. Offerors are advised foreign nationals proposed to perform on this topic may be restricted due to the technical data under US Export Control Laws.

 

OBJECTIVE: Develop a method to assure integrity, and control access and distribution for information on any device or network.

 

DESCRIPTION: The DoN requires the ability to securely move information from anywhere to anywhere. Once that information is delivered, the ability to assure integrity, control access, and limit further distribution becomes the critical capability. This topic seeks the development of technology that will provide for these critical capabilities independent from controls provided by networks, applications, platforms, or database technologies.

 

Traditionally, networks and applications have been the primary control method to assure integrity, control access, and limit distribution of information. The concept of Zero Trust aims to move the focus of protection to data elements, thus allowing much more flexibility and resiliency in the technology needed to connect people and things. Moving the protection boundary to data also frustrates malicious actors’ ability to gain access to information by compromising a position on a network and using that position to gain further access. To achieve this vison, concepts and technologies must be developed that can secure the most basic elements of our information in a way that enhances resiliency through distribution rather than centralization.

 

The current approach to Zero Trust implementation depends on applications and platforms to provide integrity and control of data. The DoN lacks the ability to universally control data independent of an application layer solution. The DoN is exploring methods to provide integrity and control of data, as an object independent of an application or platform. The DoN is aware of data format concepts such as the Intelligence Community Data Format (ICDF), and the Zero Trust Data Format (ZTDF) that embed control mechanisms into the elemental data object as a potential technical solution. The DoN is reviewing blockchain technology as a potential technical solution to maintain control of data independent of an application or platform environment. The DoN will use this NAVWAR Open Topic to explore other approaches we may not be aware of to assure the integrity and preserve access and proliferation control of data as the elemental object.

 

Proposed solutions must protect data independent of networks, applications, or database technologies, function in disrupted, disconnected, intermittent and low-bandwidth (DDIL) situations, and recover gracefully once connectivity is restored to normal. Solutions must not require the ability to reach a certain application or network to function.

 

Required Attributes:

  • Data controls are independent of any application, platform, network, or database
  • Ability to integrate external identity sources (NIS)
  • Resiliency to node and/or connectivity failures
  • Resiliency to encryption manipulation techniques
  • Rapid recovery/reconstitution capability
  • Minimal effort to deploy and scale
  • Distributed architecture (resiliency increases with scale)

 

PHASE I: The DoN is planning to issue multiple Phase I awards for this topic but reserves the right to issue no awards. Each Phase I proposal must include a Base and Option period of performance. The Phase I Base must have a period of performance of four (4) months at a cost not to exceed $75,000. The Phase I Option must have a period of performance of six (6) months at a cost not to exceed $100,000.

 

Phase I feasibility will show the Navy a design concept for data integrity and control, demonstrating all the required attributes listed in the description above. This concept will show the Navy how any information can be securely moved from anywhere to anywhere, while maintaining the integrity and control of the information post-delivery. Results of Phase I will be detailed in a final technical report (Final Report).

 

Phase I deliverables include:

- Kick-Off Briefing, due 15 days from start of Base award

- Final Report, due 120 days from start of Base award

- Quad Chart, due 120 days from start of Base award

- Initial Phase II Proposal, due 120 days from start of Base award

 

PHASE II: All Phase I awardees may submit an Initial Phase II proposal for evaluation and selection. The evaluation criteria for Phase II is the same as Phase I (as stated in this BAA). The Phase I Final Report and Initial Phase II Proposal will be used to evaluate the small business concern’s potential to adapt commercial products to fill a capability gap, improve performance, or modernize an existing capability for DoN and transition the technology to Phase III. Details on the due date, content, and submission requirements of the Initial Phase II Proposal will be provided by the awarding SYSCOM either in the Phase I contract or by subsequent notification.

 

The scope of the Phase II effort will be a small-scale deployment of the concept proposed in Phase I. Details of the performance goals will be defined in a Statement of Work (SoW) provided by the Navy. Phase II will be evaluated to prove or disprove the ability to control the integrity, access, and distribution of data independent of networks, applications, platforms, or database technology. The solution will aim to prove or disprove that protections are equal or better than current methods.

 

PHASE III DUAL USE APPLICATIONS: Phase III will be Integrating the capability demonstrated in Phase II with current Naval networks. Working with selected Naval network operators, the capability will be integrated and tested in operational settings. If Phase III efforts produce desirable results, the partner will develop a plan for further release within Naval elements, and to commercial network operators. Providing highly available, highly secure data without the complexity of applications, platforms, or networks is a desirable capability for anyone working with sensitive information. The concept of Zero Trust is applicable far beyond the defense domain, and protection at the data element level is a key outcome of the Zero Trust theory. Commercial operators implementing this solution will allow defense customers to make better use of commercial IT offerings.

 

REFERENCES:

  1. 1. Scott Rose (NIST), Oliver Borchert (NIST), Stu Mitchell (Stu2Labs), Sean Connelly (DHS) “NIST Special Publication 800-207 Zero Trust Architecture” https://csrc.nist.gov/publications/detail/sp/800-207/final Retrieved 11 July 2023
  2. Loïc Lesavre, Priam Varin, Dylan Yaga “Blockchain Networks: Token Design and Management Overview” https://nvlpubs.nist.gov/nistpubs/ir/2021/NIST.IR.8301.pdf Retrieved 11 July 2023
  3. Department of the Navy Capstone Design Concept for Information Superiority https://www.doncio.navy.mil/mobile/ContentView.aspx?ID=15864&TypeID=3 Retrieved 11 July 2023

 

KEYWORDS: Zero Trust; Data-Centric Security; Web3; Blockchain; Encryption; Network

US Flag An Official Website of the United States Government