Risk
8/30/2012
03:47 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Air Force Seeks Offensive Cyber Weapons

Agency solicits proposals on capabilities ranging from attack to mapping networks.

Defense Tech: 20 War-Fighting Innovations
Military Transformers: 20 Innovative Defense Technologies
(click image for larger view and for slideshow)
The Air Force wants you to build it a cyber weapon. In a public procurement document released last week, the Air Force announced it was seeking concept papers to help it build offensive cyber warfare capabilities.

While the military has publicly discussed its desire to develop offensive cyber capabilities in the past, it has rarely outlined its needs for cyber weapons in such detail.

The procurement documents, released as part of a broad agency announcement on August 22, indicate that the Air Force is looking for a number of different capabilities, from attack to mapping networks to cyber warfare support.

The first item on the Air Force's list is "Cyber Warfare Attack" capabilities. For this, the Air Force is looking for papers detailing "the employment of cyberspace capabilities to destroy, deny, degrade, deceive, corrupt, or usurp the adversaries' ability to use the cyberspace domain to his advantage."

The fact that such capabilities have been under development is clear. DARPA, for example, recently detailed a project of its own to develop offensive cyber capabilities. Reports have also emerged that the United States played a role in the Stuxnet attacks, and carried out offensive cyber warfare in Afghanistan.

[ Could an international 'cyber arms' agreement forestall U.S. cyber warfare with China and other countries? See The Case For A Cyber Arms Treaty. ]

Among the technologies and capabilities in which the Air Force is interested include network mapping, ways to access networks, denial of service attacks, "data manipulation," and the ability to control "cyberspace effects."

Beyond attack techniques, the Air Force also wants papers about cyberspace operations, "situational awareness capabilities," technologies to assess and visualize the effects of cyber attacks, and technologies and methods to rapidly develop cyber capabilities.

It is unclear when the Air Force will actually turn these concepts into reality. The Air Force is not looking for explicit proposals, but rather for concepts. While prospective vendors are asked to include a "rough order of magnitude cost," they aren't asked to prepare cost proposals, and the Air Force makes it clear that those submitting concept papers are not being considered for any type of award.

However, the procurement documents indicate, "offerors whose concept papers are of interest may be invited to submit a formal proposal." Overall, the total value for all awards could reach up to $10 million.

While unclassified, the Air Force makes it clear that the procurement is still sensitive. "Every precaution must be taken to protect potentially sensitive or classified material," the announcement said. "Such material should not be transmitted across open-source media like public phone, fax, Internet, or email."

Cybersecurity, continuity planning, and data records management top the list in our latest Federal IT Priorities Survey. Also in the new, all-digital Focus On The Foundation issue of InformationWeek Government: The FBI's next-gen digital case management system, Sentinel, is finally up and running. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
PJS880
50%
50%
PJS880,
User Rank: Ninja
8/31/2012 | 1:57:33 AM
re: Air Force Seeks Offensive Cyber Weapons
A good offense is a good defense, I donGÇÖt know who said it but I think =the Air Force is following this old saying . It is surprising that they are going public with what exactly they are looking for. I though that the government had lists upon lists of private contract companies who do the direct bidding on these requests. On the other hand maybe they come to realize the large population of talent out in the public sector that they are not utilizing. Given the nature of the topic it and there advertising for concept ideas I donGÇÖt see how sensitive the Air Force is being, but maybe that is part of the plan to make it publicly known that they are seeking an offensive as to encourage potential threats.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7052
Published: 2014-10-19
The sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application 2.4.9.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7056
Published: 2014-10-19
The Yeast Infection (aka com.wyeastinfectionapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7070
Published: 2014-10-19
The Air War Hero (aka com.dev.airwar) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7075
Published: 2014-10-19
The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7079
Published: 2014-10-19
The Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.