Back to news

January 17, 2019 | International, C4ISR, Security

DARPA Explores New Computing Architectures to Deliver Verifiable Data Assurances

Program seeks to create new software and hardware architectures that provide physically provable assurances around data security and privacy

Whether a piece of information is private, proprietary, or sensitive to national security, systems owners and users have little guarantees about where their information resides or of its movements between systems. When a user enters information on a phone, for example, it is difficult to provably track that the data remains on the phone or whether it is uploaded to a server beyond the device. The national defense and security communities are similarly left with few options when it comes to ensuring that sensitive information is appropriately isolated, particularly when it's loaded to an internet-connected system.

“As cloud systems proliferate, most people still have some information that they want to physically track – not just entrust to the ether,” said Walter Weiss, DARPA program manager. “Users should be able to trust their devices to keep their information private and isolated.”

Keeping a system completely disconnected from all means of information transfer is an unrealistic security tactic. Modern computing systems must be able to communicate with other systems, including those with different security requirements. Today, commercial and defense organizations often leverage a series of air-gaps, or breaks between systems, to keep the most sensitive computing devices and information secure. However, interfaces to such air-gapped systems are typically added in after the fact and are exceedingly complex, placing undue burden on systems operators as they implement or manage them.

To create scalable solutions that provide safe, verifiable methods of tracking information and communications between systems, DARPA launched the Guaranteed Architecture for Physical Security (GAPS) program. The goal of GAPS is to develop hardware and software architectures that can provide physically provable guarantees around high-risk transactions, or where data moves between systems of different security levels. DARPA wants to ensure that these transactions are isolated and that the systems they move across are enabled with the necessary data security assertions. The intended outputs of this program are hardware and software co-design tools that allow data separation requirements to be defined during design, and protections that can be physically enforced at system runtime.

GAPS is divided into three research areas that will address: 1) the creation of hardware components and interfaces; 2) the development of software co-design tools; and, 3) the integration of these components and tools, as well as their validation against exemplar Department of Defense (DoD) systems. The new hardware components and interfaces are designed to provide system designers with a library of hardware tools to securely isolate data during transactions. The software co-design tools could someday allow developers to easily employ GAPS hardware components without requiring changes to their existing development processes and frameworks. Finally, the integration and validation of the hardware and software architectures on DoD systems could be used to demonstrate the capability and maturity of the GAPS approach for the kinds of problems DoD system integrators currently face, and expect to see in the future.

Commercializing the resulting technologies is also an objective of the program. The verifiable security properties created under GAPS may also help create safer commercial systems that could be used for preserving proprietary information and protecting consumer privacy.

GAPS is part of the second phase of DARPA's Electronics Resurgence Initiative (ERI) - a five-year, upwards of $1.5 billion investment in the future of domestic, U.S. government and defense electronics systems. Under ERI Phase II, DARPA is exploring the development of trusted electronics components, including the advancement of electronics that can enforce security and privacy protections. GAPS will help address the DoD's unique requirements for assured electronics while helping to move forward ERI's broader mission of creating a more robust, secure and heavily automated electronics industry.

DARPA will hold a Proposers Day on January 23, 2019 from 9:00am to 2:30pm (EST) at the DARPA Conference Center, located at 675 North Randolph Street, Arlington, Virginia 22203, to provide more information about GAPS and answer questions from potential proposers. For details on the event, including registration requirements, please visit: http://www.cvent.com/events/gaps-proposers-day/event-summary-34cbadc0ab2248bb860db3df8223a2f6.aspx.

A Broad Agency Announcement that fully describes the GAPS program structure and objectives can be found here: https://www.fbo.gov/index?s=opportunity&mode=form&id=cfecfe762954149924ec59c95ec6a7b8&tab=core&_cview=1.

https://www.darpa.mil/news-events/2019-01-16

On the same subject

  • Newest DoD industry guidance clarifies repayments, makes prototyping easier

    April 14, 2020 | International, Aerospace, Naval, Land, C4ISR, Security

    Newest DoD industry guidance clarifies repayments, makes prototyping easier

    By: Aaron Mehta WASHINGTON — As part of its ongoing effort to bolster the defense industrial base, the Pentagon has issued two new pieces of guidance — one focused on workers, and one focused on prototype contracts. Overall, the department has now issued 17 different actions, ranging from basic guidance for industry to memos changing how the department pays contractors, since March 5. In an April 6 memo, acquisition head Ellen Lord changed the rules for issuing prototype contracts through other transaction authorities. OTAs are small contracts awarded to companies of any size, in theory targeted at nontraditional defense contractors, with the purpose of conducting research or prototype efforts on a specific project; they are not subject to Federal Acquisition Regulation rules. By comparison, SBIR contracts are targeted at small businesses in order to act as seed money for them to conduct research and development efforts; they are subject to the FAR rules. According to data gathered by Govini, the Pentagon issued $16.3 billion in OTA contracts between fiscal 2015 to fiscal 2019. Those numbers grew year over year during that time period, from $0.7 billion in FY15 to $7 billion in FY19. Lord's memo, which like other Pentagon industrial base guidance will last “for the period covered by the COVID-19 emergency declaration,” includes three pieces of guidance: Prototype project contracts in excess of $100 million can now be issued by the directors of the defense agencies/field activities, commanding officers of combatant command, and the director of the Defense Innovation Unit. Prototype project agreements and any follow-on production contracts in excess of $500 million can be issued by the senior procurement executives of the military departments, the director of DARPA and the director of the Missile Defense Agency. OT prototype actions between $100 and $500 million can be delegated to lower officials as seen fit by the leaders of those organizations. Perhaps most notably, the memo attempts to make it easier to get prototype contracts specifically related to COVID-19 up and running, by relaxing a requirement to give the congressional defense committees a 30-day advance notice before issuing a transaction in excess of $500 million for projects that are tied into the ongoing pandemic. Instead, the goal will be to make a notification “as soon as practicable after the commencement of such a transaction.” Meanwhile, the department has also given new guidance related to a part of the recent Coronavirus Aid, Relief, and Economic Security (CARES) Act stimulus package, which allows agencies to reimburse contractors for payments to their workforce, should they be prevented from working due to COVID-19 facility closures or other restrictions. Under the new guidance, contracting officers at the department may decide not to reimburse in situations where employees or subcontractor employees were able to work, including remote or telework options, but choose not to; when the costs seeking reimbursement were not associated with keeping employees in a ready state; when costs were incurred prior to January 31, 2020, or after September 30, 2020; or when the contractor has been or can be reimbursed by other means. Additionally, the reimbursement is not an option for costs not related to COVID-19 and, notably, is “subject to the availability of funds,” per a department statement. Advance payments are also not an option. https://www.defensenews.com/coronavirus/2020/04/09/newest-dod-industry-guidance-clarifies-repayments-makes-prototyping-easier/

  • KONGSBERG secures NOK 1.2 billion order for deliveries to F-35 Joint Strike Fighters

    September 24, 2023 | International, Aerospace

    KONGSBERG secures NOK 1.2 billion order for deliveries to F-35 Joint Strike Fighters

    Kongsberg Defence & Aerospace has signed an agreement with Lockheed Martin Aeronautics worth NOK 1.2 billion to supply parts for the F-35 Joint Strike Fighter Program.

  • DoD Awards Contract To Break Its Security Clearance Logjam

    May 23, 2019 | International, Other Defence

    DoD Awards Contract To Break Its Security Clearance Logjam

    By BARRY ROSENBERG Can artificial intelligence, machine learning, and agile development help clear the massive backlog? WASHINGTON: The Pentagon hopes that a newly announced $75 million, 24-month contract will clear up its chronically backlogged security clearance system. The plan: develop prototype software that uses artificial intelligence to analyze routine data instead of humans running laborious background checks, freeing investigators to concentrate on the genuinely critical cases. How big is the mess? Hundreds of thousands of would-be federal employees and defense contractors wait an average of 221 days for a Secret clearance and 534 days for a Top Secret clearance, according to the National Background Investigations Bureau. The clearance backlog makes a day in line at the DMV look fast. It's a problem that costs the government millions of dollars and, in many ways, wastes the talent of countless individuals who give up and seek employment elsewhere. “The bottom line is we need to get cleared people to work in their job faster; we're not doing that job well,” said Terry Carpenter, the Program Executive Officer for the National Background Investigation Service, part of the Defense Information Systems Agency (DISA). “Whether you're in an agency, the federal government, or an industry partner .... we need to make sure those companies and agencies can get those people to work because they have their clearance.” The DoD's Defense Security Service (DSS), which runs the clearance process, and DISA, which runs much of the military's networks, jointly awarded the contract to Perspecta Enterprise Solutions of Herndon, VA, using the Other Transaction Authority process to bypass much of the traditional acquisition bureaucracy. Perspecta was formed in 2018 through the merger of the public sector business of DXC Technology, Vencore, and KeyPoint Government Solutions. Over the next 24 months, Perspecta will create a prototype “architecture” that can be scaled up to a full-sized security-check system, with two main features: Data ingestion and analytics using techniques like machine learning and natural language processing, which are both subsets of artificial intelligence; and A “software factory” to develop new vetting capabilities as needed. This will employ a software methodology called DevSecOps (Development-Security-Operations) that quickly delivers functionality that is then constantly improved through user feedback, while injecting security into all interactive phases of development, so usable software is delivered in weeks instead of months or years. Software development will be guided by a framework known as SAFe, which is an online knowledge base made available by an organization called Scaled Agile. The “factory” will continually develop, test, secure, and deploy new software in a government-run cloud, using what's called continuous authority to operate so its products can be used immediately, without a laborious certification process. The new architecture is being designed to transform three mission areas in the clearance process: initiation, investigation, and adjudication. Explained Carpenter: “There are several activities around the initiation part. [For example], you're a new employee coming in or a transfer coming in from a different agency. The initiation process engages with the subject and collects their information in a standard form that feeds the process. Then there's the investigation process. Under the old process, a full investigative package was prepared, which took a lot of time and labor. That was handed over for adjudication to an appropriate business function with the credentials to do the adjudication, and they would make the decision on that clearance. “What we are looking at today is continuous vetting as a way to use data to minimize the amount of labor force that has to knock on doors to get information. The more we can get done with data, the more effective we are at delivering the capability of a clearance, the more confidence we have in it, and the less it costs.” Data analytics will also facilitate continuous vetting throughout the work life of cleared individuals to address possible insider threats. “With this data-driven model, we can get into a continuous evaluation model rather than the current model, which is periodic investigation that looks at somebody every 5 or 10 years,” said Patricia Stokes, director, Defense Vetting Service, DSS. “We can utilize technology available today to initiate processes and capabilities to (gather) information on a real-time basis (to determine) your need for access and your risk.” https://breakingdefense.com/2019/05/dod-awards-contract-to-break-its-security-clearance-logjam

All news