MODIFICATION
A -- CYBER ASSURANCE TECHNOLOGIES
- Notice Date
- 3/15/2012
- Notice Type
- Modification/Amendment
- NAICS
- 541712
— Research and Development in the Physical, Engineering, and Life Sciences (except Biotechnology)
- Contracting Office
- Department of the Air Force, Air Force Materiel Command, AFRL - Rome Research Site, AFRL/Information Directorate, 26 Electronic Parkway, Rome, New York, 13441-4514
- ZIP Code
- 13441-4514
- Solicitation Number
- BAA-11-01-RIKA
- Point of Contact
- Lynn G. White, Phone: (315) 330-4996
- E-Mail Address
-
Lynn.White@rl.af.mil
(Lynn.White@rl.af.mil)
- Small Business Set-Aside
- N/A
- Description
- The purpose of this modification is to include the following changes: (1) Section I Funding Opportunity Description: add additional Focus Area for FY12; (2) Section II, Award Information: last sentence revised for this focus area ONLY; (3) Section IV, APPLICATION AND SUBMISSION INFORMATION, paragraph 3, SUBMISSION DATES AND TIMES, is revised to read as follows for this specific focus area ONLY; and (4) Section VII, AGENCY CONTACTS, for this specific focus area ONLY have been changed. No other changes have been made to this BAA. (1) Insert the following under Section I, FUNDING OPPORTUNITY DESCRIPTION: FY 12 SPECIFIC FOCUS AREA: PROTECTED REPOSITORY FOR THE DEFENSE OF INFRASTRUCTURE AGAINST CYBER THREATS (PREDICT) Background: The Protected Repository for the Defense of Infrastructure Against Cyber Threats (PREDICT) will serve as a large-scale, privacy-protected, dataset repository of real network and system traffic for use by the cyber security research community, both in the U.S. and internationally, to accelerate design, production, and evaluation of next-generation cyber security solutions, including commercial products. The Air Force Research Lab and the Department of Homeland Security (DHS) are collaborating to foster continued support to provide research relevant Internet data to the cybersecurity community. Objective: The objective is to focus development in two technical areas: Data Hosts (DHs) and Data Providers (DPs). Data Providers provide the data that it owns or has a right to control and disclose to researchers. Similarly, Data Hosts maintain computing infrastructure to store data received from one or more data providers, as well as mechanisms to distribute media if needed. To support the evaluation of next-generation cyber security solutions, including commercial products, PREDICT DHs and DPs will make the types of data described below available to the research community and potentially to international entities. The types of data to be made available include but are not limited to: Address Space Allocation Data : Address allocation data is internet data that contains internet protocol (IP) addresses that have properties that can be used to characterize internet topology. The IP addresses in this dataset are typically determined from measurement traffic and not actual sender-receiver communications and are not associated with specific individuals. Border Gateway Protocol (BGP) Routing Data : BGP routing data capture "snapshots" of the topological state of the internet by archiving Border Gateway Protocol (BGP) routing tables from internet routers in many locations around the world (i.e., Internet Exchange Points). Each routing table expresses the "view" of the internet from that router's point in the overall topology. These datasets contain only topology information; they do not contain any packet header information or information which relates to individuals. Blackhole Address Space Data : Blackhole address space data is collected by monitoring routed but unused IP address space that does not host any legitimate networked devices (e.g., hosts or routers). To standardize the terminology "blackhole address space" is used to refer to any unoccupied internet address space, which elsewhere may be referred to as: darkspace, darknets, sinkholes, and background radiation. Domain Name System (DNS)Data: The Domain Name System (DNS) is a distributed hierarchical naming system that at its most fundamental level provides a mapping between IP addresses and names. DNS data includes: DNS traffic (e.g., queries and/or responses); DNS server logs; DNS related metadata. These datasets may be collected at or near clients, from DNS recursive resolvers, or DNS servers for an enterprise, top-level, or root domain. Intrusion Detection System and Firewall Data : Intrusion Detection System (IDS) and firewall data refers to firewall and IDS configuration data, IDS firewall logs and policies and may include protective actions or alerts. Infrastructure Data : Infrastructure data is information and metadata about the internet's physical systems and architecture. Infrastructure data includes, but is not limited to: Internet Exchange Point (IXP) lists; directories of international telecommunications cables; telecommunications system configuration data, such as locations of landing points, cable capacity, dates of construction and expansion, and logs of known outages. Internet Topology Data : Internet topology data consists of raw and curated topology data gathered from across the internet. Internet topology data may be obtained from traceroute probes and could include IP addresses on machines that a packet traverses along the forward path to a target destination. Additionally, internet topology datasets may be organized into router-level or Autonomous System-level. Internet Protocol (IP) Packet Headers : Internet Protocol (IP) packet header datasets are comprised of IP headers containing information such as source and destination IP addresses and other transport protocol (e.g., TCP, UDP, ICMP, SCTP) header fields. No packet contents are included. Performance and Quality Measurements : Performance and quality measurement datasets characterize performance or quality of networks and network services, including response times, throughput, goodput, reliability and resilience, mean-times-between-failure, jitter, diurnal variations, and other measurements, and indicators of Internet quality. Presently the PREDICT project provides VOIP data in this category where the datasets are composed of end-to-end data that characterizes the quality of the paths that VOIP telephone calls take and contains Session Initiation Protocol (SIP) teardown messages collected from both ends of the conversation. Synthetically Generated Datasets : Synthetic datasets are datasets created on an artificial testbed using synthetically generated background traffic in conjunction with a foreground attack scenarios. Unsolicited Bulk Email : Unsolicited bulk e-mail, or spam, datasets may include spam logs collected at individual organizations, reputation lists data, and e-mails, including both headers and contents, captured at spam traps or otherwise specifically identified as spam. The unsolicited bulk email datasets may also include IP addresses or e-mail addresses of suspected spammers and potentially known spam e-mail message contents. Traffic Flow Data (e.g., netflow): Traffic flow datasets are internet traffic flows between two endpoints that have attributes such as source and destination IP address, source and destination port, protocol type, and packet and byte counts. The format of the traffic flow datasets are netflow, IPFIX, and argus. Offerors are invited to submit proposals to participate in the PREDICT project by addressing one or both technical areas. In all cases, the offeror shall propose to provide datasets for publication and hosting that are compliant with all laws and regulations that are pertinent to the dataset content, to include AF and DHS privacy policies, and full compliance with the PREDICT legal framework (which includes international dissemination), also described above. Furthermore, the Government reserves the right to select one or more tasks per white paper/ proposal and to select individual PREDICT dataset types for any task proposed. An overarching requirement of all Data Providers (DPs) is an explicit assertion that they own or have a right to control and disclose to researchers the data they propose to provide, and that they will provide a legal and ethical risk assessment of each dataset they would provide (within thirty (30) days of selection). Lastly, to support measuring the utility of the data PREDICT provides, offerors will need to identify metrics to describe the utility, growth and management of the data they host or provide. In addition, central to PREDICT management and operations is the PREDICT Coordinating Center (PCC). The PCC facilitates the release of datasets by data hosts to approved researchers, subject to the terms and conditions set forth by DHS, the PCC, data providers, and data hosts. In support of these activities, the PCC develops, hosts and maintains a web portal (see http://www.predict.org) that advertises the catalog of datasets available from the PREDICT program and automates the generation of appropriate agreements for and between PREDICT entities. Offerors for either the DP and/or DH technical area are required to coordinate with the PCC to support the PREDICT legal framework. White papers/proposals for the PCC are not being solicited under this BAA. Finally, the PREDICT project relies on program-wide collaboration and outreach efforts to the greater information technology research community. It is anticipated that there will be three (3) principal investigator (PI) meetings a year at performer locations in the United States, and offerors are encouraged to describe outreach activities that would be consistent with their proposals. (2) Section II, AWARD INFORMATION, the last sentence is revised for this specific focus area ONLY to read as follows: "Awards of efforts as a result of this announcement will be in the form of cooperative agreements only." (3) Section IV, APPLICATION AND SUBMISSION INFORMATION, paragraph 3, SUBMISSION DATES AND TIMES, is revised to read as follows for this specific focus area ONLY: "WHITE PAPER DUE DATE AND TIME: White papers will be accepted on or before 2 PM Eastern Standard Time, 6 April 2012 for this focus area ONLY. Late white paper submissions will not be accepted after this due date. Only white papers are due at this time. Full proposals will be requested by the Government from those Offerors selected in the white paper evaluation process. (4) Section VII, AGENCY CONTACTS, for this specific focus area ONLY, the cognizant Technical Point of Contact (TPOC) is specified below: TPOC Name: Robert Kaminski Telephone: (315) 330-4459 Email: Robert.Kaminski@rl.af.mil
- Web Link
-
FBO.gov Permalink
(https://www.fbo.gov/spg/USAF/AFMC/AFRLRRS/BAA-11-01-RIKA/listing.html)
- Record
- SN02698177-W 20120317/120315235517-9cb6af8877e5128e418b2d6d2615e2ba (fbodaily.com)
- Source
-
FedBizOpps Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's FBO Daily Index Page |