The U.S. Air Force has asked industry to provide information on technical concepts and approaches that might be used to automatically identify, map and perform security analysis of base control systems.
A request for information posted Monday says the Evaluation of Cyber/IoT Vulnerabilities of Department of Defense Critical Infrastructure program covers several base control systems including industrial control systems, supervisory control and data acquisition, airfield control systems, life safety, building automation and utility monitoring platforms.
Under ExCITe, the Air Force intends to come up with a “real-time situational awareness platform capable of determining a base's overall cyber threat surface in terms of control systems technology.“ The service believes an accurate inventory of control systems linked through serial connections and internet protocol plays a key role in assessing the overall cyber threat surface.
The service wants novel approaches that can help conduct analytics to identify critical threats and dependencies. It is also interested in data integration and data acquisition capabilities such as selective active scanning for appropriate systems and passive network packet capture and protocol decoding to support continuous monitoring.
The ExCITe initiative also sets technical objectives, including the applicability of technology stack to Air Force bases and ability to test, verify and validate platforms on ranges.
Interested stakeholders have until Jan. 31 to submit abstracts for the RFI.