Asymmetric Large Language Model Aided Cyber Effects (ALL ACES)

Navy SBIR 25.1- Topic N251-062
Office of Naval Research (ONR)
Pre-release 12/4/24   Opens to accept proposals 1/8/25   Closes 2/5/25 12:00pm ET    [ View Q&A ]

N251-062 TITLE: Asymmetric Large Language Model Aided Cyber Effects (ALL ACES)

OUSD (R&E) CRITICAL TECHNOLOGY AREA(S): Advanced Computing and Software;Integrated Sensing and Cyber;Trusted AI and Autonomy

OBJECTIVE: Develop a comprehensive Cyber/Electromagnetic Spectrum Operations (EMSO) platform to support timely effects-based targeting, mission planning, as well as access and employment by utilizing Artificial Intelligence/Machine Learning (AI/ML) for "Human-AI Partnered" automated technical workflows to improve efficiency, capability, breadth and deployment of effects, and decision support.

DESCRIPTION: The latest evolution in Generative AI/Large-Language Model (LLM) technology presents a strategic opportunity to address challenges in cost, processing-latency, and talent shortages in Offensive Cyber Operations (OCO) and/or Defensive Cyber Operations (DCO). Solutions should demonstrate secure, efficient processing of real-time Cyber Threat Intelligence to inform agile (e.g., same-day) response to new threats, vulnerabilities, and exploits, thereby speeding and simplifying cyber risk mitigation through aligned security operations and threat-specific response.

Technology areas of interest are below. Proposals should focus on or incorporate one or more of the following areas technology areas of interest. Please indicate the technology areas of interest within the Abstract section of the Cover Sheet, Volume 1.

  1. Artificial Intelligence: This area encompasses the integration of computing solutions to use learning and intelligence to take actions that maximize their chances of achieving defined goals. This includes the use of LLMs to understand and provide reactive capabilities for mission-defined tasking and workflow automation. The AI component would perform the heavy lifting that operators can fine-tune to quickly yield the best and most desired results.
  2. Cyberinfrastructure and Advanced Computing: This area focuses on ensuring solutions push the boundaries of current hardware and software technologies to ensure efficient and scalable solutions while still focusing on security. Focusing on a wholistic approach to solutions ensures effectiveness and increases the reach for operational use.
  3. Cybersecurity: This area explores the use of both offensive and defensive cyber strategies for exploitation utilization and vulnerability mitigation. The offensive side would seek to collect existing and novel mission-specific exploitation solutions and facilitate delivery when necessary. The defensive side would gather information from various up-to-date sources and guard against the latest cyber vulnerabilities. Both pieces would use the same collage of vulnerability knowledge for performing their respective tasks.

Work produced in Phase II may become classified. Note: The prospective contractor(s) must be U.S. owned and operated with no foreign influence as defined by 32 U.S.C. § 2004.20 et seq., National Industrial Security Program Executive Agent and Operating Manual, unless acceptable mitigating procedures can and have been implemented and approved by the Defense Counterintelligence and Security Agency (DCSA) formerly Defense Security Service (DSS). The selected contractor must be able to acquire and maintain a secret level facility and Personnel Security Clearances. This will allow contractor personnel to perform on advanced phases of this project as set forth by DCSA and ONR in order to gain access to classified information pertaining to the national defense of the United States and its allies; this will be an inherent requirement. The selected company will be required to safeguard classified material during the advanced phases of this contract IAW the National Industrial Security Program Operating Manual (NISPOM), which can be found at Title 32, Part 2004.20 of the Code of Federal Regulations.

PHASE I: Provide architecture definition, AI Model selection, and concept refinement to support OCO and DCO operations. In addition, prototyping should be used as for validation for technology selection. Provide a Phase II development plan with performance goals and key technical milestones, and that will address technical risk reduction.

PHASE II: Create a demonstrable system prototype for evaluation by USN/USMC personnel to support OCO and DCO operations. Ensure the prototype’s capability for showing ingestion of specified data and ability to interface with it with a chat-style interface in natural language, as well as demonstration of automated analysis of the ingested threat intelligence, overlaid on the real or simulated environment for relevance and actionability. The technology should reach TRL 6 at the conclusion of this phase. Successful completion of Phase II is expected to result in Phase III funding.

It is probable that the work under this effort will be classified under Phase II (see Description section for details).

PHASE III DUAL USE APPLICATIONS: Support transition for Navy use. Further develop and productize the prototype(s) for the intended mission in an operational environment and then test to ensure requirements are satisfied. The prototypes shall be TRL 7 at the conclusion of testing. The concept also will allow potential product opportunities in the Information Security vendor market. The Information Security vertical has a systemic and historical need for skilled practitioners. The technology developed by this SBIR opens an opportunity for product development in this vertical that helps create more productive Information Security practitioners faster. This productivity increase has the potential to reduce the skills gap that currently exists.

REFERENCES:

1. "DoD Digital Modernization Strategy - DoD Information Resource Management Strategic Plan Fy19-23. Goal 3: Evolve Cybersecurity for an Agile and Resilient Defense Posture." https://media.defense.gov/2019/Jul/12/2002156622/-1/-1/1/DOD-DIGITAL-MODERNIZATION-STRATEGY-2019.PDF

2. U.S. Department of Defense. "Summary 2023 Cyber Strategy of the Department of Defense." https://media.defense.gov/2023/Sep/12/2003299076/-1/-1/1/2023_DOD_Cyber_Strategy_Summary.PDF

3. "National Industrial Security Program Executive Agent and Operating Manual (NISP), 32 U.S.C. § 2004.20 et seq. (1993)." https://www.ecfr.gov/current/title-32/subtitle-B/chapter-XX/part-2004

KEYWORDS: Artificial Intelligence, AI, Machine Learning, ML, Offensive Cyber Operations, OCO, Defensive Cyber Operations, DCO, Large Language Models, LLM, Electromagnetic Spectrum Operations, EMSO

** TOPIC NOTICE **

The Navy Topic above is an "unofficial" copy from the Navy Topics in the DoD 25.1 SBIR BAA. Please see the official DoD Topic website at www.dodsbirsttr.mil/submissions/solicitation-documents/active-solicitations for any updates.

The DoD issued its Navy 25.1 SBIR Topics pre-release on December 4, 2024 which opens to receive proposals on January 8, 2025, and closes February 5, 2025 (12:00pm ET).

Direct Contact with Topic Authors: During the pre-release period (December 4, 2024, through January 7, 2025) proposing firms have an opportunity to directly contact the Technical Point of Contact (TPOC) to ask technical questions about the specific BAA topic. Once DoD begins accepting proposals on January 8, 2025 no further direct contact between proposers and topic authors is allowed unless the Topic Author is responding to a question submitted during the Pre-release period.

DoD On-line Q&A System: After the pre-release period, until January 22, at 12:00 PM ET, proposers may submit written questions through the DoD On-line Topic Q&A at https://www.dodsbirsttr.mil/submissions/login/ by logging in and following instructions. In the Topic Q&A system, the questioner and respondent remain anonymous but all questions and answers are posted for general viewing.

DoD Topics Search Tool: Visit the DoD Topic Search Tool at www.dodsbirsttr.mil/topics-app/ to find topics by keyword across all DoD Components participating in this BAA.

Help: If you have general questions about the DoD SBIR program, please contact the DoD SBIR Help Desk via email at [email protected]

Topic Q & A

1/9/25  Q.
  1. Are there specific limitations in current Cyber/Electromagnetic Spectrum Operations (EMSO) tools that ALL ACES aims to address?
  2. What inefficiencies or gaps exist in the current workflows that ALL ACES intends to mitigate?
  3. What training or documentation will be required to ensure end-users can effectively operate the system?
  4. Are there lessons or insights from prior SBIR attempts that could inform performance goals and technical milestones?
  5. Are there specific Program(s) of Record that this solution will integrate into during Phase III?
   A.
  1. No. The Electromagnetic Spectrum will be a key means for employing Cyberspace Effects by all actors in future engagements. As such, the electromagnetic spectrum should not be ignored when considering technical narratives for ALL ACES proposals.
  2. Specific operational workflow examples would need to be discussed with a cyber operator at a higher classification level. It is suggested that performers consider gaps that exist in current penetration testing, red teaming, and threat hunting workflows that could fit within the dual-use aspect of the ALL ACES project.
  3. The level, depth, and breadth of documentation depends on the technical solution proposed. Given SBIRs tend to aim at some level of commercialization by the end of phase 3, it would be reasonable to assume any proposer develop enough training material and documentation such that a user can leverage the product developed.
  4. No.
  5. As of right now no specific Program of Record has been identified, however, due to the horizontal and vertical integration philosophy of the Expeditionary Cyber portfolio at the Office of Naval Research, ample opportunities will be available for a performer going forward to integrated into a holistic solution for the warfighter.
1/5/25  Q. 1.Should the solution prioritize offensive cyber operations (OCO), defensive cyber operations (DCO), or maintain equal focus on both? Are there specific scenarios or use cases the solution must address?
2.What existing Navy systems or infrastructure must the platform integrate with? Are there specific interfaces, APIs, or data formats the solution should support?
3.What are the expectations for handling classified and unclassified threat intelligence data during Phase I and II? Should the solution include specific compliance measures or encryption standards?
4.Are there preferred types of large language models (LLMs) or AI/ML techniques (e.g., generative adversarial networks, reinforcement learning) that should be considered? Should explainability be prioritized in AI-driven decision-making?
5.What are the latency requirements for real-time cyber threat intelligence processing and automated responses? Should the platform support same-day response for all scenarios?
6.What are the expectations for the user interface? Should it include advanced visualizations of threat landscapes or focus primarily on natural language chat interfaces?
7.For commercial opportunities, are there specific markets (e.g., enterprise cybersecurity, incident response) or features that should be prioritized for broader applicability?
   A. 1. The solution space is purposefully broad. We are interested in seeing creative solutions in both the OCO and DCO space while understanding that in many cases these concepts are two sides of the same coin. The general scenario we are concerned with is having a tool that is able to work as a "partner expert" with the human operator to improve their ability in the given operation. This may mean helping provide tactics, technique, and procedure reminders to lower skilled operators or pointing out something to a higher skilled operator they may have missed that could affect the operation negatively if they continue with their course of action.
2. Any specifics regarding infrastructure and GFI would need to be done at a higher classification level with the relevant organization. The general community we are focused on supporting with this work is MARFORCYBER and other in the USMC operating in a Cyber Operations capacity.
3. Barring very specific cases were publishable basic research is being performed, proposers should be expected to securely store and handle CUI. It is expected that any government-specific aspects of any dual-use solution will be CUI while commercial use aspects are at the discretion of the performer wherein other U.S. law is not applicable (e.g., Export Control, ITAR). It is possible that, depending on the proposed solution, later phases will require the performer to have the ability to access higher levels of classified information.
4. No. It is up to the proposer to choose the optimal technology for their given proposed use case and technical narrative.
We do not expect explainability to be a priority, however, given this is a solution teaming a human with a software tool, attempts should be made to assure a level of trust between the human user (and their organization) and the AI tool created. 5. Responses should be at a rate where the information (i.e., the information latency) provided in the response is still valid, useful, and poignant to the original question being asked. If a situation or series of events have changed to make the original question meaningless or less meaningful prior to a response, than the system is responding too slowly.
6.The user interface should perform its intended goal (for the proposed solution) effectively while also being of value to the end-user.
Either of these would be appropriate if they meet the intended goal of the proposed technical solution/narrative.
7. We leave market choice ultimately to the small business. We believe solutions to the SBIR topic, while being beneficial to the US Navy, will also have marketability in Enterprise Cybersecurity (specifically Penetration Testing/Red Teaming support as well as CISO organizational support) and Incident Response (threat hunting, mitigation response). Given the generally mentioned "talent shortage" in the Cybersecurity industry, we would expect this solution beneficial to any organization facing said shortage.


[ Return ]