recommended reading

Air Force Casts a Wide Net For Cyber Warfare Tools

Orion-v/Shutterstock.com

The Air Force is scanning the market for “cyber warfare systems” tools, in an acknowledgment of the need to open up the opaque and inaccessible space to new players, documents show.  

The acquisition unit for Air Force cyber operations known as the Network Warfare Systems Branch, posted a request for information from firms that could offer software and services to support cyber operations. “The objective of this effort is to overcome restricted competition barriers in subsequent acquisitions for cyber warfare systems supplies and services resulting from legacy security policies, practices, and guidance,” according to the document released Friday. The market research will influence whether the service should bid out contracts openly and set aside some to small businesses.

A more transparent bid process would engage more start-ups when the work of supporting the Defense Department’s classified surveillance and offensive security machinery has typically fallen to the largest defense contractors, even with cheaper products in an increasingly-crowded market.

The document, obliquely worded, did not specify what the Air Force was seeking, but said that “CWS [Cyber Warfare Systems] information includes, but is not limited to: source code, installation code, unit test scripts, unit test data, application programming interfaces, data schemas, training material, graphics, and technical manuals.” There was no mention of exploits or vulnerabilities. Only unclassified information will be accepted. The window for responses is narrow: the call for information closes May 30 at 4 p.m.

The Air Force estimates base spending of $9.89 million in fiscal 2014 for unclassified offensive cyber operational support -- including computer infrastructure and software to perform data analysis.

Service officials are open to reviewing classifications around certain cyber operations, a move that would allow firms to bid for the contracts more easily, the Air Force signaled. It plans on “reviewing the system information of existing cyber warfare systems, preparing that information to be transferred to the appropriate (lower) security levels,” the document said.

The move to loosen up the security classifications on these systems coincides with the willingness of the top brass to highlight the administration’s commitment to honing its adversarial computer capabilities, especially in the face of attacks from Chinese and other foreign entities.

When the Air Force began searching for providers to offer hardware and software maintenance on “network warfare operating systems” in 2010, it focused on contractors with clearances in San Antonio, where the 24th Air Force, an operational warfighting unit that protects Air Force networks, is housed at Lackland Air Force Base. General Dynamics, which was tapped for the work, was hindered by unspecified “operational constraints” from completing deployment before the original contract was slated to end and a follow-on order was drawn up, federal databases reveal. The Air Force also indicated that it plans to launch within five years a full and open source selection for subsequent contracts involving logistical support for those network warfare operating systems.

(Image via Orion-v/Shutterstock.com)

Threatwatch Alert

Stolen credentials

Hackers Steal $31M from Russian Central Bank

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.