THE DEPARTMENT OF HOMELAND SECURITY PHASE I PROGRAM SOLICITATION FY 13.1

H-SB013.1-001: Radio Frequency (RF) Sensing of Personnel in Wooded Areas

Description: DHS is seeking innovative solutions to detect, localize and track people in wooded terrain using mesh networks comprised of low power, covert, RF sensors based on standard, inexpensive commercial off the shelf (COTS) products used widely in wireless data networks. The RF system will be cued by an imaging system that initially detects the targets of interest in the open, and the imager cues may be used to assist in mitigating system false alarms. The RF sensor will be responsible for tracking the targets detected by the imaging system through the woods. The proposed system should be low cost, low power, capable of maintaining good detection and localization performance while minimizing false alarms due to moving foliage or variable multipath, and have a reliable method for data ex-filtration. The effort should provide a well-documented path to testing the system in a heavily wooded environment, with an emphasis on understanding the phenomenological factors that may limit performance. The mesh network system is intended to identify personnel that illegally cross the U.S. northern border in remote locations. This requires that the system is capable of working in a variety of foliated conditions (broad leaf forest, pine forests, high grass, etc.) and the range of environmental conditions that can be encountered on the U.S. northern border (temperatures, precipitation, and snow). The remote locations and weather conditions drive the need for a battery powered capability that can last for 1 year. Auxiliary power capability such as solar or wind are not deemed viable because the RF units are intended to be unobtrusive/covert so they are less susceptible to being damaged or removed by personnel who are transiting through the area. The frequency (s) utilized must be benign to humans, animals and the environment, and cause no interference with any local infrastructure. RF sensor networks have been used in other applications, however the environmental conditions that the RF sensor network must contest with in a Northern Border forested area are more severe, particularly with respect to multipath and false alarms from wind driven foliage. The proposed approach must address how these environmental issues will be mitigated, and the Phase I work must demonstrate the viability of the proposed approach. PHASE I: The Phase I effort will provide studies or engineering prototype data that show the feasibility of an RF network performing detection/tracking in heavily forested areas and an approach with that network for mitigating environmental factors that can cause false alarms (i.e., windblown foliage). The Phase I effort should also include RF measurements in a forested area that validate the selected approach. PHASE II: The Phase II effort will provide prototype sensors in a mesh network configuration that can perform detection/tracking of personnel in a 1 kilometer by 0.25 kilometer forested area. The prototype configuration should exhibit the desired 1 year battery lifetime and should be packaged to survive inclement weather. The Phase II effort should include a field demonstration of the prototype configuration and final plans for a data exfiltration methodology. PHASE III: COMMERCIAL APPLICATIONS: Refine the mesh-network prototype from the Phase II field test results. Ensure that system packaging can meet environmental conditions encountered by DHS and the military (U.S. Army and Marine Corps). Develop communications and network interfaces to DHS and military command and control capability. REFERENCES: N. Patwari and J. Wilson, “RF Sensor Networks for Device-Free Localization: Measurements, Models, and Algorithms”, Proceedings Of The IEEE, Vol. 98, No. 11, November 2010, pp. 1961-1973. M. Cover, K. Kanukurthy, and D. Andersen, “Microwave Tomography Using Dynamic 802.15.4 Wireless Networks”, eit2007 – Electro/Information Technology Conference Chicago, IL, USA, 17-20 May, 2007. M. Youssef, M. Mah, and A. Agrawala, “Challenges: device-free passive localization for wireless environments,” in MobiCom ’07: ACM Int’l Conf. Mobile Computing and Networking, pp. 222–229, 2007.

Keywords: ELECTROMAGNETIC, tracking, LOW POWER, mesh-network, sensing, foliage

H-SB013.1-002: Hybrid Analysis Mapping (HAM)

Description: The goal is to develop a risk management framework with security standards that normalize analysis from each tool, facilitate vulnerability correlation to provide a more simplified view of threats from both an architecture and system perspective, improving the completeness of vulnerability analysis and results. Using static analysis tools provides only a system view of vulnerabilities and weaknesses by scanning binaries and source code. Static analysis does not take into consideration architecture analysis using penetration tools that model threats and exposures from an attacker point of view. While open source security testing tools provide value, they lack common security standards to express risks, exposures and vulnerabilities in a meaningful way. No framework or standard exists that can map and correlate analysis from open source or commercially available static analysis tools, with open source or commercially available dynamic analysis tools. PHASE I: The Phase I effort will focus on leveraging the Hybrid Analysis Mapping (HAM) framework in use-case scenarios. A working prototype with documentation is expected. Required minimum deliverables as part of Phase I are: 1. Report documenting mapping standards and risk management framework for Hybrid Analysis Mapping (HAM) 2. Use-case scenarios to include 1 static analysis tool and 1 dynamic analysis tool – outlining feasibility, interactions, and high-level steps. In addition, the use-case scenarios should include the following: a. Technical explanation of how mappings will work b. Prototype to demonstrate capabilities of use-case scenarios PHASE II: Phase II continues the R&D and builds on the use-case scenarios in Phase I to demonstrate integration and execution of requirements; and continues the R&D aimed at a functional system suitable for integration into the Software Assurance Marketplace (SWAMP). Specifically, Phase II will include (but not limited to): 1. Inclusion and integration of 4 open source static analysis tools, and 4 open source dynamic analysis tools with adapters to ingest analysis and raw data. Tool must normalize, correlate, and enumerate vulnerability findings into HAM framework. 2. A merged tool report with simplified views into threats and vulnerabilities 3. Tool must show vulnerability overlaps 4. Tool must show vulnerability discrepancies and source of findings 5. Tool must integrate and refine CWE mappings (leveraging Software Fault Patterns definitions of clusters and patterns). 6. Tool must support mappings to other industry standards (i.e. OWASP top ten, DISA STIGS, Payment Credit Card Industry, and HIPAA Hitech). PHASE III: COMMERCIAL APPLICATIONS: The work performed in this SBIR will be an integral part of the Software Assurance Marketplace (SWAMP), extending the capabilities of SWAMP to provide compliance validation supporting the Whitehouse’s initiatives on Continuous Monitoring and Improvements. To a larger extent, the work performed in this SBIR will provide software assurance communities across the Homeland Security Enterprise (HSE), as well, as those who develop, produce and maintain software that support our nation’s critical infrastructure enhancements to software quality assurance techniques for more in-depth analysis of vulnerabilities in software. REFERENCES: Software Fault Patterns - http://cwe.mitre.org/data/definitions/888.html A RoadMap for Cybersecurity Research, US DHS, November 2009, http://www.cyber.st.dhs.gov/docs/DHS-Cybersecurity-Roadmap.pdf Information Assurance Technology Analysis Center (IATAC) – State of the Art Report (SOAR), July 2007, http://iac.dtic.mil/csiac/reports.jsp#SOAR

Keywords: static analysis, dynamic analysis, vulnerability correlation, normalization, common weakness enumeration, software fault patterns

H-SB013.1-003: Burn-Saver Device

Description: The goal is to develop a risk management framework with security standards that normalize analysis from each tool, facilitate vulnerability correlation to provide a more simplified view of threats from both an architecture and system perspective, improving the completeness of vulnerability analysis and results. Using static analysis tools provides only a system view of vulnerabilities and weaknesses by scanning binaries and source code. Static analysis does not take into consideration architecture analysis using penetration tools that model threats and exposures from an attacker point of view. While open source security testing tools provide value, they lack common security standards to express risks, exposures and vulnerabilities in a meaningful way. No framework or standard exists that can map and correlate analysis from open source or commercially available static analysis tools, with open source or commercially available dynamic analysis tools. PHASE I: The Phase I effort will focus on leveraging the Hybrid Analysis Mapping (HAM) framework in use-case scenarios. A working prototype with documentation is expected. Required minimum deliverables as part of Phase I are: 1. Report documenting mapping standards and risk management framework for Hybrid Analysis Mapping (HAM) 2. Use-case scenarios to include 1 static analysis tool and 1 dynamic analysis tool – outlining feasibility, interactions, and high-level steps. In addition, the use-case scenarios should include the following: a. Technical explanation of how mappings will work b. Prototype to demonstrate capabilities of use-case scenarios PHASE II: Phase II continues the R&D and builds on the use-case scenarios in Phase I to demonstrate integration and execution of requirements; and continues the R&D aimed at a functional system suitable for integration into the Software Assurance Marketplace (SWAMP). Specifically, Phase II will include (but not limited to): 1. Inclusion and integration of 4 open source static analysis tools, and 4 open source dynamic analysis tools with adapters to ingest analysis and raw data. Tool must normalize, correlate, and enumerate vulnerability findings into HAM framework. 2. A merged tool report with simplified views into threats and vulnerabilities 3. Tool must show vulnerability overlaps 4. Tool must show vulnerability discrepancies and source of findings 5. Tool must integrate and refine CWE mappings (leveraging Software Fault Patterns definitions of clusters and patterns). 6. Tool must support mappings to other industry standards (i.e. OWASP top ten, DISA STIGS, Payment Credit Card Industry, and HIPAA Hitech). PHASE III: COMMERCIAL APPLICATIONS: The work performed in this SBIR will be an integral part of the Software Assurance Marketplace (SWAMP), extending the capabilities of SWAMP to provide compliance validation supporting the Whitehouse’s initiatives on Continuous Monitoring and Improvements. To a larger extent, the work performed in this SBIR will provide software assurance communities across the Homeland Security Enterprise (HSE), as well, as those who develop, produce and maintain software that support our nation’s critical infrastructure enhancements to software quality assurance techniques for more in-depth analysis of vulnerabilities in software. REFERENCES: Software Fault Patterns - http://cwe.mitre.org/data/definitions/888.html A RoadMap for Cybersecurity Research, US DHS, November 2009, http://www.cyber.st.dhs.gov/docs/DHS-Cybersecurity-Roadmap.pdf Information Assurance Technology Analysis Center (IATAC) – State of the Art Report (SOAR), July 2007, http://iac.dtic.mil/csiac/reports.jsp#SOAR

Keywords: Fire protection, First responders, personal protective equipment, burn protection, Immediately Dangerous To Life or Health (IDLHs) values, early warning system

H-SB013.1-004: GPS Disruption Detection and Localization

Description: Firefighters oftentimes find themselves in situations where they are in danger of receiving burns to their bodies because the ambient temperature from a fire rises to an unsafe degree. This rise in temperature can be nearly instantaneous and can increase to a degree beyond the protective capabilities of the Self-Contained Breathing Apparatus (SCBA) and the Personal Protective Equipment (PPE) the firefighters wear. Moreover, although advances in material engineering have increased the ability of gear to withstand very high temperatures, the increased insulation has also decreased the body’s ability to dispense internal heat as well as the firefighter’s awareness of external temperatures. This can increase the body’s core temperature to unsafe levels. This is particularly likely during rapid increases in critical situations. In addition, the structural integrity of the protective gear begins to degrade as temperatures rise, further endangering the firefighter. Developing an early detection system that informs the firefighter of a rapid temperature rise, which might not be immediately evident inside the protective gear, would greatly benefit firefighter safety. Such a device should emit an audible, visual, or other recognizable alarm that warns the wearer of the presence of dangerous conditions. Ideally, the notification received by the firefighter in the critical incident situation will also be received simultaneously at the incident command center where the situation can be evaluated in real time resulting in decisions to withdraw or take other protective action. The device must be able to detect the changes as rapidly as possible and be an ultra-low power consumption device that is suitable for mobile electronics. The device, including the power source and all associated electronics, must be able to withstand high temperatures, high pressure water sources, and whatever other harsh environmental conditions that could be found in the vicinity of the critical incident. It is desirable that this power source be off when not in use to conserve battery power, but be ready to operate automatically when needed. The device needs to be manufactured with low thermally conductive materials, and should be of small size, shape, and weight. The device must be able to adhere to the helmet in a manner that will not interfere with the performance of the firefighter’s duty and so that the warning mechanism is recognized by the wearer. It must also be able to be certified to appropriate NFPA standards. PHASE I: The offeror should research the topic area and provide a detailed technical report covering devices that may be currently available in the market and the rationale outlining the proposed solution and why it would be more effective than anything currently available. The report must also identify how the proposed mechanism will operate, and any limitations to the proposed solution. Any test data available from previous research that supports the technical approach suggested should also be included. PHASE II: A prototype of the proposed solution will be developed that illustrates how the device will operate in fire incident scene conditions. The prototype will be built in accordance to the specifications outlined in the Phase I detailed technical report. A Final Report that details the work that was performed and contains test data that indicates that the device meets the performance/certification requirements established in Phase I have been met is also required. PHASE III: COMMERCIAL APPLICATIONS: A successful prototype(s) from Phase II is to be made available to DHS for selected first responder organizations for field testing under full operational conditions. REFERENCES: High-temperature warning unit, US-6075445-A, Athanasiades, Neocles G; McLoughlin, John E; Paris, Joseph Raymond; Toh, Kiam Meng, June 19, 1998. Fire Fighter’s Protective Clothing and Thermal Environments of Structural Fire Fighting, Lawson, Aug 1996, NISTIR 5804, http://fire.nist.gov/bfripubs/fire96/PDF/f96072.pdf. Fire Exposures of Fire Fighter Self-Contained Breathing Apparatus Facepiece Lenses, Mensch, Braga, Bryner, November 2011, NIST Technical Note 1724. Thermal Capacity of Fire Fighter Protective Clothing, National Institute for Occupational Safety and Health, The National Personnel Protective Technology Laboratory, National Institute of Standards and Technology, and North Carolina State University, October 2008.

Keywords: SURVEILLANCE, GPS jamming, GPS spoofing

H-SB013.1-005: Quick Disconnect Cables for Utility Power Distribution Systems

Description: Timing and position data from civil GPS receivers have become integral to the operation of many of the Nation’s critical infrastructures. Transportation, banking and finance, communications, and energy sectors have all leveraged the benefits of the open-access civil GPS signal to varying extents of dependence. Unfortunately, along with the benefits civil GPS brings to each of these sectors, it can also introduce dangerous sector vulnerabilities. By design, civil GPS signals are an open standard and detailed and accurate specifications of these clear access signals are readily available for both the legitimate technology developer and potential adversaries. Intentional, low-cost GPS signal disruption devices (GPS jammers), while illegal in the United States in most cases, are readily available at many internet store fronts. With some off-the shelf hardware costing a few more dollars and a couple experienced developer weeks of effort, a more sophisticated, software-configurable, intentional GPS signal manipulation device (GPS spoofer) can be home-grown and aimed at one of these critical infrastructure sectors. While civil GPS receiver-based mitigation techniques are under development or have been implemented in some cases, many are partial solutions to the potential vulnerability set. Thus, the capability to detect and localize the source of disruption remains a critical mitigation requirement across the critical infrastructure sectors. DHS desires to develop a suite of sensing and reporting technologies to quickly detect and localize intentional (jamming and spoofing) and unintentional civil GPS receiver disruption events to allow commercial and government entities to rapidly locate the disruption source(s). A key gap is our understanding of the level of reliance on GPS by various critical infrastructure sectors. In order to understand the vulnerabilities of a given sector, it is necessary to understand how, where and when the sector uses GPS in their operations and what receivers they rely on and hence what their vulnerabilities might be. Of particular interest are the energy sector, the communications sector, the transportation sector, and the emergency services sector. It is desired that the sensing system and/or reporting function of the solution leverage existing capabilities (i.e., low cost, easy integration into existing infrastructure) of one or more of the critical infrastructure sectors. PHASE I: Phase I will research and provide a detailed survey report of existing civil GPS receiver use within the energy sector, with an emphasis on GPS applications in the electrical transmission and distribution networks, as well as one of the other critical infrastructure sectors identified above. The survey will provide receiver characterization for the existing deployed GPS receivers within the sector. The survey must include how, where and when the sector uses GPS and what receivers they rely on within the sector including providing receiver characterization for the existing deployed GPS receivers within the sector. The survey will provide an analysis of the characteristics that influence sensor and reporting technology design, highlight leverage points of the critical infrastructure(s), and scope desired detection and localization methodologies. Based on the survey results, Phase I will also provide a design solution for a Phase II working prototype system as well as a concept of operations on how the solution would be used within the sector(s). PHASE II: Phase II will develop a scalable, working prototype that can be field tested and assessed for reliability and effectiveness at detecting, reporting and providing the timely localization of GPS disruptive events. Phase II will also examine how the design could be used by other critical infrastructure sectors. PHASE III: COMMERCIAL APPLICATIONS: The final developed suite of detection, reporting and localization technologies will be marketable to a wide variety of government and commercial critical infrastructure stakeholders and law enforcement. A secondary market will be commercial entities that depend on the civil GPS signals for their daily operations such as trucking and delivery companies and car rental agencies. REFERENCES: John Merrill - Patriot Watch – Vigilance Safeguarding America http://www.gps.gov/multimedia/presentations/2012/03/WSTS/merrill.pdf Todd Humphreys – Statement on the Vulnerability of Civil Unmanned Aerial Vehicles and Other Systems to Civil GPS Spoofing http://homeland.house.gov/sites/homeland.house.gov/files/Testimony-Humph... Todd E. Humphreys, Brent M. Ledvina, Mark L. Psiaki, Brady W. O’Hanlon, Paul M. Kintner, Jr. – Assessing the Spoofing Threat: Development of a Portable GPS Civilian Spoofer http://108.167.174.48/~ledvina/wp-content/uploads/2012/07/assessing_spoo...

Keywords: Utility power distribution, quick disconnect, distribution cables, splices, quick connect, power cables, breakaway cables