03:47 PM
Connect Directly

Air Force Seeks Offensive Cyber Weapons

Agency solicits proposals on capabilities ranging from attack to mapping networks.

Defense Tech: 20 War-Fighting Innovations
Military Transformers: 20 Innovative Defense Technologies
(click image for larger view and for slideshow)
The Air Force wants you to build it a cyber weapon. In a public procurement document released last week, the Air Force announced it was seeking concept papers to help it build offensive cyber warfare capabilities.

While the military has publicly discussed its desire to develop offensive cyber capabilities in the past, it has rarely outlined its needs for cyber weapons in such detail.

The procurement documents, released as part of a broad agency announcement on August 22, indicate that the Air Force is looking for a number of different capabilities, from attack to mapping networks to cyber warfare support.

The first item on the Air Force's list is "Cyber Warfare Attack" capabilities. For this, the Air Force is looking for papers detailing "the employment of cyberspace capabilities to destroy, deny, degrade, deceive, corrupt, or usurp the adversaries' ability to use the cyberspace domain to his advantage."

The fact that such capabilities have been under development is clear. DARPA, for example, recently detailed a project of its own to develop offensive cyber capabilities. Reports have also emerged that the United States played a role in the Stuxnet attacks, and carried out offensive cyber warfare in Afghanistan.

[ Could an international 'cyber arms' agreement forestall U.S. cyber warfare with China and other countries? See The Case For A Cyber Arms Treaty. ]

Among the technologies and capabilities in which the Air Force is interested include network mapping, ways to access networks, denial of service attacks, "data manipulation," and the ability to control "cyberspace effects."

Beyond attack techniques, the Air Force also wants papers about cyberspace operations, "situational awareness capabilities," technologies to assess and visualize the effects of cyber attacks, and technologies and methods to rapidly develop cyber capabilities.

It is unclear when the Air Force will actually turn these concepts into reality. The Air Force is not looking for explicit proposals, but rather for concepts. While prospective vendors are asked to include a "rough order of magnitude cost," they aren't asked to prepare cost proposals, and the Air Force makes it clear that those submitting concept papers are not being considered for any type of award.

However, the procurement documents indicate, "offerors whose concept papers are of interest may be invited to submit a formal proposal." Overall, the total value for all awards could reach up to $10 million.

While unclassified, the Air Force makes it clear that the procurement is still sensitive. "Every precaution must be taken to protect potentially sensitive or classified material," the announcement said. "Such material should not be transmitted across open-source media like public phone, fax, Internet, or email."

Cybersecurity, continuity planning, and data records management top the list in our latest Federal IT Priorities Survey. Also in the new, all-digital Focus On The Foundation issue of InformationWeek Government: The FBI's next-gen digital case management system, Sentinel, is finally up and running. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
8/31/2012 | 1:57:33 AM
re: Air Force Seeks Offensive Cyber Weapons
A good offense is a good defense, I donGÇÖt know who said it but I think =the Air Force is following this old saying . It is surprising that they are going public with what exactly they are looking for. I though that the government had lists upon lists of private contract companies who do the direct bidding on these requests. On the other hand maybe they come to realize the large population of talent out in the public sector that they are not utilizing. Given the nature of the topic it and there advertising for concept ideas I donGÇÖt see how sensitive the Air Force is being, but maybe that is part of the plan to make it publicly known that they are seeking an offensive as to encourage potential threats.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-08
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Published: 2015-10-06
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.

Published: 2015-10-06
Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270.

Published: 2015-10-06
mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006.

Published: 2015-10-06
The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.