Risk
8/30/2012
03:47 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Air Force Seeks Offensive Cyber Weapons

Agency solicits proposals on capabilities ranging from attack to mapping networks.

Defense Tech: 20 War-Fighting Innovations
Military Transformers: 20 Innovative Defense Technologies
(click image for larger view and for slideshow)
The Air Force wants you to build it a cyber weapon. In a public procurement document released last week, the Air Force announced it was seeking concept papers to help it build offensive cyber warfare capabilities.

While the military has publicly discussed its desire to develop offensive cyber capabilities in the past, it has rarely outlined its needs for cyber weapons in such detail.

The procurement documents, released as part of a broad agency announcement on August 22, indicate that the Air Force is looking for a number of different capabilities, from attack to mapping networks to cyber warfare support.

The first item on the Air Force's list is "Cyber Warfare Attack" capabilities. For this, the Air Force is looking for papers detailing "the employment of cyberspace capabilities to destroy, deny, degrade, deceive, corrupt, or usurp the adversaries' ability to use the cyberspace domain to his advantage."

The fact that such capabilities have been under development is clear. DARPA, for example, recently detailed a project of its own to develop offensive cyber capabilities. Reports have also emerged that the United States played a role in the Stuxnet attacks, and carried out offensive cyber warfare in Afghanistan.

[ Could an international 'cyber arms' agreement forestall U.S. cyber warfare with China and other countries? See The Case For A Cyber Arms Treaty. ]

Among the technologies and capabilities in which the Air Force is interested include network mapping, ways to access networks, denial of service attacks, "data manipulation," and the ability to control "cyberspace effects."

Beyond attack techniques, the Air Force also wants papers about cyberspace operations, "situational awareness capabilities," technologies to assess and visualize the effects of cyber attacks, and technologies and methods to rapidly develop cyber capabilities.

It is unclear when the Air Force will actually turn these concepts into reality. The Air Force is not looking for explicit proposals, but rather for concepts. While prospective vendors are asked to include a "rough order of magnitude cost," they aren't asked to prepare cost proposals, and the Air Force makes it clear that those submitting concept papers are not being considered for any type of award.

However, the procurement documents indicate, "offerors whose concept papers are of interest may be invited to submit a formal proposal." Overall, the total value for all awards could reach up to $10 million.

While unclassified, the Air Force makes it clear that the procurement is still sensitive. "Every precaution must be taken to protect potentially sensitive or classified material," the announcement said. "Such material should not be transmitted across open-source media like public phone, fax, Internet, or email."

Cybersecurity, continuity planning, and data records management top the list in our latest Federal IT Priorities Survey. Also in the new, all-digital Focus On The Foundation issue of InformationWeek Government: The FBI's next-gen digital case management system, Sentinel, is finally up and running. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
8/31/2012 | 1:57:33 AM
re: Air Force Seeks Offensive Cyber Weapons
A good offense is a good defense, I donG«÷t know who said it but I think =the Air Force is following this old saying . It is surprising that they are going public with what exactly they are looking for. I though that the government had lists upon lists of private contract companies who do the direct bidding on these requests. On the other hand maybe they come to realize the large population of talent out in the public sector that they are not utilizing. Given the nature of the topic it and there advertising for concept ideas I donG«÷t see how sensitive the Air Force is being, but maybe that is part of the plan to make it publicly known that they are seeking an offensive as to encourage potential threats.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4403
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

CVE-2012-2930
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

CVE-2012-2932
Published: 2015-04-24
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

CVE-2012-5451
Published: 2015-04-24
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

CVE-2015-0297
Published: 2015-04-24
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.