We know that Quantum Ventura mentioned Akida for possible Cyber- NeuroRT & wonder if we will get a crack at this one as well.
They wanting AI / ML Neuromorphic.
They make it clear that offeror can't disclose specific platforms through unclassified channels.
The following dates apply to this DARPA Topic release: April 26, 2022: Topics issued for pre-release May 11, 2022: Topics open; DARPA begins accepting proposals via DSIP June 07, 2022: Deadline for technical question submission June 14, 2022: Deadline for receipt of proposals no later than 12:00 pm ET
HR0011SB20224-06 TITLE: Hardening Aircraft Systems through Hardware (HASH)
OUSD (R&E) MODERNIZATION PRIORITY: Cybersecurity
TECHNOLOGY AREA(S): Air Platform,Information Systems
OBJECTIVE: The effort will develop, validate and harden aircraft systems against errors, failures, and
cyber-attacks arising from the introduction of electronic pilot kneeboards and maintenance connections
into the cockpit.
DESCRIPTION: Electronic pilot kneeboards and the cost advantages of condition- and network-based
maintenance processes offer new potential mission benefits and new requirements for connectivity in the
cockpit of DoD aircraft systems. At the same time, these open new concerns associated with pilot and
operator errors, system failures, and cyber-vulnerabilities. Hardware hardening capabilities are required
that are impervious to malicious software yet mindful of Size, Weight, and Power (SWaP) constraints.
Unlike most ground-based installations, DoD aircraft defenses must respond in real-time, provide alerts to
the pilot, prevent undesirable outcomes, and instantly adapt to the level of threat.
The last five years have seen a quiet revolution in the underlying fabric of systems engineering with the
coming of age of many enabling technologies: open standards for system and sensor busses have emerged
that enable competitive acquisition processes; System-on-Chip and Field Programmable Gate Array
(FPGA) devices offer new levels of integration and performance; High-Level Synthesis accelerates circuit
design; Partial Reconfiguration allows real-time circuit adaptivity; formally verified software subsystems
offer new levels of system assurance. These advances are revolutionizing commercial networking and
systems design, but have yet to have a significant presence in the cockpit, especially on DoD legacy
platforms.
This SBIR topic will develop, harden and validate system design, software, and hardware innovations that
improve aircraft resilience while reducing SWaP. Approaches should address the hardware to be
developed, expected path of integration, metrics of success, assessment methods, and integration of
solutions into robust, real-time cyber defenses of interest to the DoD.
PHASE I: The Phase I feasibility study shall include the documentation of a basic prototype consisting of
the co-designed software code and hardware capabilities that are demonstrably impervious to advanced
cyber-attacks and malicious software infiltrations of the supply chain yet mindful of Size, Weight, and
Power (SWaP) constraints for connectivity in the cockpit of DoD aircraft systems.
Proposers interested in submitting a Direct to Phase II (DP2) proposal must provide documentation to
substantiate that the scientific and technical merit and feasibility described above has been met and
describes the potential military and/or commercial applications. Documentation should include all
relevant information including, but not limited to: technical reports, test data, prototype designs/models,
and performance goals/results. For detailed information on DP2 requirements and eligibility, please refer
to Section 4.2, Direct to Phase II (DP2) Requirements, and Appendix B of the DARPA Instructions for
DoD BAA 2022.4
PHASE II: Phase II shall produce system design, implementation, and maintenance capabilities to
significantly advance the state of the art in security and resilience of cockpit connectivity and integration
of modern computational architectures and user interfaces. These integrated systems of co-designed
software and hardware architectures will support Artificial Intelligence (AI)-based or Neuromorphicbased capabilities, including a cyber-attack detection capability. This capability will detect anomalous
sequences of instructions, using strategies for tight integration of CPUs and Artificial Intelligence
DARPA - 33
(AI)/Machine Learning (ML)/neuromorphic fabrics. It will provide for effective cyber warning with an
acceptable false alarm rate in a SWaP-constrained environment for efficient runtime cyber warning.
Strong technical approaches will provide innovative concepts for coupling AI/ML or neuromorphic logic
with conventional CPU cores. Thus, it will provide the ability to monitor an instruction queue of the
frontside bus of CPU cores to mitigate cyber vulnerabilities. The AI or ML techniques shall capture an
understanding of a system design and determine vulnerabilities.
The DoD has requirements for implementing cyber resiliency and tamper resistance in its aircraft
platforms, ordnance systems and associated support systems. The DoD has significant interest in
advanced software engineering and digital design technologies that implement robust security related to
Platform IT (PIT), programmable logic, and physical digital electronics hardware involving, but not
limited to, the following:
• Software, hardware and/or programmable logic implementing security that significantly advances the
state of the art while simultaneously supporting performance and SWaP in areas regarding:
1. Protocol checking logic for detection of maliciously formed packets with advanced secure parsing
and input validation logic residing on hardware or FPGA fabric, to implement a vetting function
prior to reaching an objective network stack process residing on the objective CPU core. Said
capability shall provide minimal impact on performance, latency and throughput.
2. Packet inspection logic supporting high throughput and minimal latency for detection of
malicious payloads prior to reaching an objective network stack process residing on the objective
CPU core.
3. Avionics networking defensive logic, especially targeting MIL-STD-1553, ARINC-429, ARINC629, ARINC-664, Fibre Channel and Ethernet. Said approaches shall be retrofittable with
minimal impact on target platforms.
4. Advanced approaches to implement secure loader and secure monitor functionality on a SoC type
implementation with security core residing on fabric interacting with processes running on
contained CPU cores for robust detection of malicious activity on protected CPU cores.
5. Innovative methods to improve the capability of standard FPGA security cores, regarding
performance and resource utilization.
a. Methods to detect and/or prevent the adversary utilizing undefined semantics for malicious
purposes.
b. Methods to detect and/or prevent the adversary from utilizing emergent behaviors of existing
implementations for malicious purposes.
c. Methods to implement Root of Trust (RoT), secure boot (cold boot), and secure restart (warm
boot).
d. Methods to advance the secure loading of FPGA configuration files over existing approaches.
e. Methods in volume protection that increase security while simultaneously supporting high
heat dissipation.
6. Methods to implement security in a powered-off state with only limited battery powered
functionality available for sensors and defensive logic.
a. Methods that address known computer processor hardware vulnerabilities that are
retrofittable into existing systems. [IMPORTANT: Offeror in an UNCLASSIFIED proposal
should not explicitly mention specific platform subject to said vulnerability.]
b. Methods that address known crypto implementational security issues (not basic cryptological
algorithm issues) in embedded crypto systems that are retrofittable into existing systems.
[IMPORTANT: Offeror in an UNCLASSIFIED proposal should not explicitly mention
specific platform subject to said vulnerability.]
DARPA - 34
c. Methods to thwart Reverse Engineering (RE) of sensitive software, hardware and/or
programmable logic that strongly obscures the functionality, effectively denying the ability to
perform RE but provides for the ability to operate in a hidden/obfuscated/encrypted state with
minimal and/or acceptable impact on performance and/or latency.
d. Methods for implementing a covert communication channel (intended to be unknown to the
attacker) between various avionics components or subsystems to support alerting, logging or
a coordinated response to a RE attack or a cyber attack.
• Techniques to provide for provability and traceability of software, hardware and programmable logic
regarding:
1. Innovative approaches to formal methods that in addition to proof of correctness, provide proofs
of Confidentiality, Integrity, and Availability (CIA):
a. Approaches to supporting scalability of formal methods to support large scale software
packages and large circuit design Hardware Description Language (HDL) code bases.
b. Robust approaches to dealing with covert channels, timing channels and side channels.
c. Provability regarding software targeting multiprocessing implementations including
Symmetric Multi-Processing (SMP) and other multiprocessing arrangements such as
Asymmetric Multi-Processing (AMP) (in part, related to the previous bullet).
d. Techniques to support verification for mixed implementations involving both software with
hardware and/or programmable logic, where the software is tightly coupled to
hardware/programmable logic in a target such as a System on a Chip (SoC).
e. Techniques to provide for formal verification of Machine Learning (ML) and neuromorphic
hardware and use cases where software is coupled to a ML/neuromorphic system in support
of some Naval Aviation Enterprise (NAE) application such as sensor data processing,
tracking or autonomy.
• Technologies that provide the ability to rapidly and effectively assess the provenance of software,
programmable logic and hardware in a manner significantly more robust than code signing (cf. the
recent SolarWinds attack subverting the software build environment to bypass code signing). These
technologies must provide the capability to prove that no unauthorized and potentially malicious
modification has been made anywhere in the supply chain or development system. They shall have
traceability back to the software/hardware development system and relate to the software
module/hardware cell level. They shall provide the ability to vet the individual software/IP
blocks/hardware cells at the target or at the software loader/device programmer, accessing artifacts
providing proof such as:
1. Software/hardware/programmable logic fully confirms to system program office approved design
specification with no additional functionality.
2. Software/hardware/programmable logic was only developed and/or modified by authorized
developer personnel.
3. Software/hardware/programmable logic was only developed and/or modified using approved
toolchains.
4. Software/hardware/programmable logic was only developed and/or modified on approved
development systems.
5. Software/hardware/programmable logic was only developed and/or modified during an approved
period.
DARPA - 35
Successful offerors in their proposals will demonstrate a strong understanding of the technology areas that
they respond to and they will articulate a compelling necessity for S&T funding to support their
respective proposed technology approaches over existing capabilities.
Schedule/Milestones/Deliverables Phase II fixed payable milestones for this program shall include:
• Month 2: New Capabilities Report, that identifies additions and modifications that will be researched,
developed, and customized for incorporation in the pilot demonstration.
• Month 4: PI meeting presentation material, including demonstration of progress to date, PowerPoint
presentations of accomplishments and plans.
• Month 6: Demonstration Plan that identifies schedule, location, computing resources, and any other
requirements for the pilot demonstration.
• Month 9: Initial demonstration of stand-alone pilot application to DARPA; identification of military
transition partner(s) and other interested DoD organizations
• Month 12: PI meeting presentation material, including demonstration of progress to date, PowerPoint
presentations of accomplishments and plans.
• Month 15: Demonstration to military transition partners (s) and other DoD organizations.
• Month 18: PI meeting presentation material, including demonstration of progress to date, PowerPoint
presentations of accomplishments and plans.
• Month 21: PI meeting presentation material, including demonstration of progress to date, PowerPoint
presentations of accomplishments and plans.
• Month 24: Final software and hardware delivery, both object and source code, for operation by
DARPA or other Government personnel for additional demonstrations, with suitable documentation
in a contractor proposed format. Deliver a Final Report, including quantitative metrics on decision
making benefits, costs, risks, and schedule for implementation of a full prototype capability based on
the pilot demonstration. This report shall include an identification of estimated level of effort to
integrate the pilot capability into an operational environment, addressing computing infrastructure
and environment, decision making processes, real-time and archival data sources, maintenance and
updating needs; reliability, sensitivity, and uncertainty quantification; and transferability to other
military users and problems. The report shall also document any scientific advances that have been
achieved under the program. (A brief statement of claims supplemented by publication material will
meet this requirement.) Provide Final PI meeting presentation material.
Phase II Option: The option shall address preliminary steps toward the certification, accreditation and/or
verification of the resulting base effort's hardening capability.
Schedule/Milestones/Deliverables for Phase II Option Phase II fixed payable milestones for this
program option shall include:
• Month 2: Plan that identifies the schedule, location, computing resources and/or any other
requirements for the hardening capability's certification, accreditation, and/or verification.
• Month 4: Presentation on the detailed software and hardware plan for the technical capability.
• Month 7: Interim report on progress toward certification, accreditation and/or verification of the
technical capability.
• Month 10: Review and/or demonstration of the prototype capability with the documentation
supporting certification, accreditation and/or verification.
• Month 12: Final Phase II option report summarizing the certification, accreditation and/or verification
approach, architecture and algorithms; data sets; results; performance characterization and
quantification of robustness.
PHASE III DUAL USE APPLICATIONS: (U) The DoD and the commercial world have similar
challenges with respect to maintaining the cyber integrity of their computing and communications
infrastructure. The Phase III effort will see the developed technical capability transitioned into a DoD
DARPA - 36
enterprise aircraft system that can be used to discover, analyze, and mitigate cyber threats. Government
and commercial aircraft systems have similar challenges in tracking, understanding, and mitigating the
varied cyber threats facing them in the cockpit of aircraft systems. Thus, the resulting hardening
capability is directly transitionable to both the DoD and the commercial sectors: military and commercial
air, sea, space and ground vehicles; commercial hardening of critical industrial plant (i.e. control systems,
manufacturing lines, chemical processes, etc.) through secure programmable logic controllers; securing
cloud infrastructure associated with optimization of industrial processes and condition-based maintenance
of air, sea, space and ground vehicles.
As part of Phase III, the developed capability should be transitioned into an enterprise level system that
can be used to detect heavily obfuscated or anti-debugging and integrity checking techniques employed
by a cyber intruder. The resulting hardening capability is directly transitionable to the DoD for use by the
services (e.g., Naval Aviation Enterprise (NAE), etc.) that have requirements for implementing cyber
resiliency and tamper resistance in its aircraft platforms. This is a dual-use technology that applies to both
military and commercial aviation environments affected by cyber adversaries.
REFERENCES:
1. C. Adams, “HUMS Technology”, Aviation Today, May 2012.
2.
https://www.aviationtoday.com/2012/05/01/hums-technology/
3. Shanthakumaran, P. (2010) “Usage Based Fatigue Damage Calculation for AH-64 Apache
Dynamic Components”, The American Helicopter Society 66th Annual Forum, Phoenix, Arizona.
4. P. Murvay and B. Groza, "Security Shortcomings and Countermeasures for the SAE J1939
Commercial Vehicle Bus Protocol," in IEEE Transactions on Vehicular Technology, vol. 67, no.
5, pp. 4325-4339, May 2018, doi: 10.1109/TVT.2018.2795384.
KEYWORDS: aircraft systems, cyber attacks, operator errors, cyber vulnerabilities, hardware hardening
TPOC-1: DARPA SBIR/STTR Program Office
