Spot The Hack: Intrusion detection systems for avionics networks and bus technologies

IMPORTANT

Requests to open an epost Connect conversation must be sent to:
DND.IDEaS-IDEeS.MDN@forces.gc.ca

--------------------------------------------------------

INTRODUCTION

This Challenge notice is issued under the Innovation for Defence Excellence and Security (IDEaS) Program Call for Proposals (CFP) Call 003 (W7714-196962).

Please refer to the main solicitation documents and amendments which contain the process for submitting a proposal.

--------------------------------------------------------

HOW TO APPLY

Step 1:
Read the Challenge notice in its entirety.

Step 2:
Read the Call for Proposals (CFP) and any associated attachments.

Step 3:
Download and complete Attachment 1 – Electronic Proposal Submission Form, found below. If you have technical difficulties downloading the form, please see Attachment 2 – Important Information below.

Step 4:
Follow the submission instructions listed in Part 2 – Bidder Instructions of the CFP. Please allow sufficient time to register and submit the completed form before the Challenge tender notice closing date.

Requests to open an epost Connect Conversation are to be sent to DND.IDEaS-IDEeS.MDN@forces.gc.ca with the bid solicitation number at least five business days prior to the closing date of the Challenge tender notice. Follow the instructions that will be provided by email and submit your Electronic Proposal Submission Form by using the opened epost Connect Conversation.

Important: To avoid last minute technical difficulties that could delay your submission, ensure that Part 2 – Bidder Instructions and Part 3 – Proposal Preparation Instructions are followed carefully. Late submissions will not be accepted.

--------------------------------------------------------

MAXIMUM FUNDING AND PERFORMANCE PERIOD

Multiple contracts could result from this Challenge.

The individual maximum contract funding available under Competitive Projects - Component 1a is up to $200,000 CAD (excluding applicable taxes) for a maximum performance period of up to 6 months.

This disclosure is made in good faith and does not commit Canada to contract for the total approximate funding.

--------------------------------------------------------

CHALLENGE DETAILS

Challenge Title

Spot The Hack: Intrusion detection systems for avionics networks and bus technologies

Challenge Statement

The Department of National Defence and the Canadian Armed Forces (DND/CAF) are seeking innovative solutions for an effective Intrusion Detection Systems (IDS) for avionics network and bus technologies used within the aerospace and space industry.

Background and Context

Operational Technologies (OT) and Platform Technologies (PT) are used to control operations in manufacturing, transportation, utilities, defence networks, etc. Historically, these systems relied on closed proprietary protocols and software, and were managed and monitored by humans, thereby presenting a minimal attack surface from the outside. System/protocol developers were not concerned about security due to the rudimentary cyber security field and supposed air gap, but nowadays, legacy OT/PT systems are increasingly integrated with newer Information Technology (IT) systems. This connectivity improves efficiency in processes, transmission, and data storage allowing for remote monitoring and control of physical devices, but it also exposes these legacy systems to a wider range of threat scenarios which were never taken into account by their developers.

Military Standard (MIL-STD) 1553 bus is used in the majority of Royal Canadian Air Force (RCAF) aircraft to share avionics information, such as altitude, position and speed, throughout a network of remote terminals. Recent research has identified possible attack vectors for corrupting/modifying data on the MIL-STD-1553 bus as well as their likely consequences¹.

A sound “defense-in-depth” strategy for air platforms includes avionics bus monitoring as a way of detecting malicious cyber events. Platform technologies such as MIL-STD-1553 lack the richness and maturity of the IDS solutions available for traditional IT infrastructures. One of the main challenges with defending military platform technologies is that the cyber weapons that must be defended against do not have their signatures in openly available databases, as is usually the case for traditional IDS used within IT. The ability to detect zero-days via bus monitoring tips the scale towards a noisier anomaly-based IDS solution.

Avionics systems are real-time systems that operate in very predictable ways. Although there may be a variety of modes of operation, the number of modes is finite and well-defined. MIL-STD-1553 is a protocol designed to support real-time communications through the implementation of a schedule where every communication is initiated by a bus controller, orchestrating all communications designed to meet all the time constraints of the data exchange for the systems it supports. This predictability greatly increases the potential precision of an anomaly-based IDS in that a system could build a very precise model of normal operation in order to recognize abnormal activities.

Desired Outcomes

Innovative research, tools, technologies and/or processes are sought that address, but are not limited to the following:

• Anomaly-based IDS tailored to the MIL-STD-1553 protocol;
• The ability to monitor and analyze bus traffic while it is in operation and process the information faster than it is produced by the bus recorders;
• Solutions that can be customized to suit other similar aerospace systems or protocols;
• Ability to minimize the false positive rates or provide a means to reliably prioritize the detected anomalies;
• Information that can help guide analysts when responding to anomalous activity.

¹ O. Stan, Y. Elovici, A. Shabtai, G. Shugol, R. Tikochinski, and S. Kur. “Protecting Military Avionics Platforms from Attacks on MIL-STD-1553 Communication Bus.” arXiv:1707.05032v1 [cs.CR]. 17 Jul, 2017

--------------------------------------------------------

ENQUIRIES

All Challenge-related enquiries must be submitted in writing to:

TPSGC.PAIDEES-APIDEAS.PWGSC@tpsgc-pwgsc.gc.ca

Enquiries must be submitted no later than 10 calendar days before the Challenge notice closing date. Enquiries received after that time may not be answered.

For more information about the IDEaS program, Bidders can visit the IDEaS website.