Risk
8/30/2012
03:47 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Air Force Seeks Offensive Cyber Weapons

Agency solicits proposals on capabilities ranging from attack to mapping networks.

Defense Tech: 20 War-Fighting Innovations
Military Transformers: 20 Innovative Defense Technologies
(click image for larger view and for slideshow)
The Air Force wants you to build it a cyber weapon. In a public procurement document released last week, the Air Force announced it was seeking concept papers to help it build offensive cyber warfare capabilities.

While the military has publicly discussed its desire to develop offensive cyber capabilities in the past, it has rarely outlined its needs for cyber weapons in such detail.

The procurement documents, released as part of a broad agency announcement on August 22, indicate that the Air Force is looking for a number of different capabilities, from attack to mapping networks to cyber warfare support.

The first item on the Air Force's list is "Cyber Warfare Attack" capabilities. For this, the Air Force is looking for papers detailing "the employment of cyberspace capabilities to destroy, deny, degrade, deceive, corrupt, or usurp the adversaries' ability to use the cyberspace domain to his advantage."

The fact that such capabilities have been under development is clear. DARPA, for example, recently detailed a project of its own to develop offensive cyber capabilities. Reports have also emerged that the United States played a role in the Stuxnet attacks, and carried out offensive cyber warfare in Afghanistan.

[ Could an international 'cyber arms' agreement forestall U.S. cyber warfare with China and other countries? See The Case For A Cyber Arms Treaty. ]

Among the technologies and capabilities in which the Air Force is interested include network mapping, ways to access networks, denial of service attacks, "data manipulation," and the ability to control "cyberspace effects."

Beyond attack techniques, the Air Force also wants papers about cyberspace operations, "situational awareness capabilities," technologies to assess and visualize the effects of cyber attacks, and technologies and methods to rapidly develop cyber capabilities.

It is unclear when the Air Force will actually turn these concepts into reality. The Air Force is not looking for explicit proposals, but rather for concepts. While prospective vendors are asked to include a "rough order of magnitude cost," they aren't asked to prepare cost proposals, and the Air Force makes it clear that those submitting concept papers are not being considered for any type of award.

However, the procurement documents indicate, "offerors whose concept papers are of interest may be invited to submit a formal proposal." Overall, the total value for all awards could reach up to $10 million.

While unclassified, the Air Force makes it clear that the procurement is still sensitive. "Every precaution must be taken to protect potentially sensitive or classified material," the announcement said. "Such material should not be transmitted across open-source media like public phone, fax, Internet, or email."

Cybersecurity, continuity planning, and data records management top the list in our latest Federal IT Priorities Survey. Also in the new, all-digital Focus On The Foundation issue of InformationWeek Government: The FBI's next-gen digital case management system, Sentinel, is finally up and running. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
8/31/2012 | 1:57:33 AM
re: Air Force Seeks Offensive Cyber Weapons
A good offense is a good defense, I donG«÷t know who said it but I think =the Air Force is following this old saying . It is surprising that they are going public with what exactly they are looking for. I though that the government had lists upon lists of private contract companies who do the direct bidding on these requests. On the other hand maybe they come to realize the large population of talent out in the public sector that they are not utilizing. Given the nature of the topic it and there advertising for concept ideas I donG«÷t see how sensitive the Air Force is being, but maybe that is part of the plan to make it publicly known that they are seeking an offensive as to encourage potential threats.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2014-2640
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2014-2641
Published: 2014-10-01
Cross-site request forgery (CSRF) vulnerability in HP System Management Homepage (SMH) before 7.4 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.