Risk
8/30/2012
03:47 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Air Force Seeks Offensive Cyber Weapons

Agency solicits proposals on capabilities ranging from attack to mapping networks.

Defense Tech: 20 War-Fighting Innovations
Military Transformers: 20 Innovative Defense Technologies
(click image for larger view and for slideshow)
The Air Force wants you to build it a cyber weapon. In a public procurement document released last week, the Air Force announced it was seeking concept papers to help it build offensive cyber warfare capabilities.

While the military has publicly discussed its desire to develop offensive cyber capabilities in the past, it has rarely outlined its needs for cyber weapons in such detail.

The procurement documents, released as part of a broad agency announcement on August 22, indicate that the Air Force is looking for a number of different capabilities, from attack to mapping networks to cyber warfare support.

The first item on the Air Force's list is "Cyber Warfare Attack" capabilities. For this, the Air Force is looking for papers detailing "the employment of cyberspace capabilities to destroy, deny, degrade, deceive, corrupt, or usurp the adversaries' ability to use the cyberspace domain to his advantage."

The fact that such capabilities have been under development is clear. DARPA, for example, recently detailed a project of its own to develop offensive cyber capabilities. Reports have also emerged that the United States played a role in the Stuxnet attacks, and carried out offensive cyber warfare in Afghanistan.

[ Could an international 'cyber arms' agreement forestall U.S. cyber warfare with China and other countries? See The Case For A Cyber Arms Treaty. ]

Among the technologies and capabilities in which the Air Force is interested include network mapping, ways to access networks, denial of service attacks, "data manipulation," and the ability to control "cyberspace effects."

Beyond attack techniques, the Air Force also wants papers about cyberspace operations, "situational awareness capabilities," technologies to assess and visualize the effects of cyber attacks, and technologies and methods to rapidly develop cyber capabilities.

It is unclear when the Air Force will actually turn these concepts into reality. The Air Force is not looking for explicit proposals, but rather for concepts. While prospective vendors are asked to include a "rough order of magnitude cost," they aren't asked to prepare cost proposals, and the Air Force makes it clear that those submitting concept papers are not being considered for any type of award.

However, the procurement documents indicate, "offerors whose concept papers are of interest may be invited to submit a formal proposal." Overall, the total value for all awards could reach up to $10 million.

While unclassified, the Air Force makes it clear that the procurement is still sensitive. "Every precaution must be taken to protect potentially sensitive or classified material," the announcement said. "Such material should not be transmitted across open-source media like public phone, fax, Internet, or email."

Cybersecurity, continuity planning, and data records management top the list in our latest Federal IT Priorities Survey. Also in the new, all-digital Focus On The Foundation issue of InformationWeek Government: The FBI's next-gen digital case management system, Sentinel, is finally up and running. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
8/31/2012 | 1:57:33 AM
re: Air Force Seeks Offensive Cyber Weapons
A good offense is a good defense, I donGt know who said it but I think =the Air Force is following this old saying . It is surprising that they are going public with what exactly they are looking for. I though that the government had lists upon lists of private contract companies who do the direct bidding on these requests. On the other hand maybe they come to realize the large population of talent out in the public sector that they are not utilizing. Given the nature of the topic it and there advertising for concept ideas I donGt see how sensitive the Air Force is being, but maybe that is part of the plan to make it publicly known that they are seeking an offensive as to encourage potential threats.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Things Every Business Executive Should Know About Cybersecurity
Don't get lost in security's technical minutiae - a clearer picture of what's at stake can help align business imperatives with technology execution.
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.