What we recommend you include when you submit a solution brief.

View Instructions

Work With Us - Open Solicitations - Commercial

Submit your commercial solutions to solve national security challenges with the help from DIU.

Transition of Quantum Sensors (TQS) Program

Responses Due By

2024-05-29 23:59:59 US/Eastern Time

DoD Problem and Background:

Denial or degradation of Global Positioning System (GPS) signals impact the effectiveness of U.S. forces’ position, navigation, and timing (PNT) capabilities, impeding key warfighting missions. These key mission areas include: precision weapon employment, position, navigation, and timing (PNT), communications, intelligence, surveillance, target acquisition, and reconnaissance (ISTAR), and electronic warfare. These critical Joint Force missions are currently assisted by classical sensors that observe changes in motion, electric and magnetic fields, and gravity. Driven by decades of technology maturation investments and systems engineering, these solutions provide exquisite performance in some respects. However, new innovative solutions are needed in the face of emerging competition.  


This solicitation focuses on demonstrating the military utility of quantum sensors as a critical emerging technology. Sensors designed at the atomic level offer the promise of significant improvements in precision, accuracy, and sensitivity compared to classical sensors. Specific areas of interest for this topic include: inertial measurement system sensors including gyroscope and accelerometer physics sensor packages, magnetometers for magnetic navigation and anomaly detection, and maturation of integrated photonic systems, laser components, and other enabling technology for improved quantum sensor performance and reduction of Size, Weight, Power, and Cost (SWAP-C).


Unlike satellite navigation, inertial measurement units (IMUs) and magnetic navigation (MagNav) provide navigation resilience through their inability to be jammed or spoofed. While all inertial sensors experience drift in their navigation solution, early quantum inertial sensors have demonstrated the potential to drastically reduce drift rate compared to those present in classical sensors. The result of reduced drift from quantum inertial systems is extended navigation solution holdover times, increasing mission effectiveness during absence of precision position updates from systems like GPS. Additionally, MagNav has demonstrated an ability to provide highly accurate position updates immune to external threats and is ready for additional maturation as an alternative to satellite navigation. MagNav can provide continuous, all-weather, unjammable position information to reduce navigation error when other navigation augmentation is unavailable, such as over water, when weather may obstruct celestial and terrain visibility, or during long missions when drift dominates the inertial nav solution. In general, improved quantum navigation sensors translate to enhancements across multiple PNT-dependent missions, such as dynamic space operations, precision pointing/knowledge missions, and reduces the impact from GPS navigation interference.  


In addition to navigation aiding, magnetometers are used to detect small fluctuations in the Earth’s magnetic field, addressing needs in geomagnetic surveying and magnetic anomaly detection (MAD) missions for submarines and explosive hazards (mines, unexploded ordinances, and improvised explosive devices). Atomic magnetometers have advanced to the point that sensor packages can be incorporated into Unmanned Aerial Systems (UAS) while maintaining the sensitivity required for magnetic anomaly detection missions.  


More broadly, quantum sensor technology has matured to the point that the DoD is ready for operational demonstrations in multiple DoD domains critical to the warfighter.  


Desired Solution Attributes Need Statement:

The Transition of Quantum Sensors (TQS) Program is an operational capability pathfinder conducted in concert with operational crews, acquisition teams, test and evaluation professionals, and interested allies to demonstrate advanced capabilities that leverage quantum sensors. The DoD seeks solutions to prototype and operationally demonstrate quantum sensors to address several warfighter needs. The intent is to have mid-course functional demonstrations of end-to-end solutions, followed by operational demonstrations within the next five years for relevant military applications and mission sets to conclude the prototyping program. The opportunity for design spirals, to include technical enhancement insertions, is expected during the program.


This multi-phase, multi-year initiative seeks to prototype mature technologies that will culminate in demonstrations of end-to-end DoD operational utility. As part of TQS, there are several lines of effort (LoEs) based on relevant quantum sensing phenomenology, with targeted use cases. These LoEs include: inertial sensing, magnetometers, and technology insertions for spiral enhancements to quantum sensing.   


A. Inertial Sensing:

The DoD is interested in three sectors that contribute to fielding operational quantum sensors: 1. gyroscope and accelerometer physics sensor packages, 2. inertial measurement system integrators, and 3. technical insertions to enhance performance and reduce SWAP discussed in the Technical Insertions Line of Effort (Section C).  


The DoD desires quantum inertial sensors to meet strategic PNT needs. Vendors may submit solutions for one or both driving use cases (see Table 1), but a technical solution is more desirable if it is modular and can lead to design iterations to address both missions with reduced non-recurring engineering.  


Compelling solutions address the following:

  • Near-term solution for a fully integrated atomic IMU with plan to achieve metrics in Table 1 at end of prototyping phase,  
  • Calibrated, 3rd party validated test data for existing sensors as foundation for technology solution, 
  • Detailed work plan for software/firmware updates to existing sensor performance metrics for trending to objective use case metrics. 


B. Magnetic Sensing:

The DoD seeks commercial solutions to prototype advanced magnetic sensing capabilities for both MagNav and magnetic anomaly detection (MAD) relevant missions. This includes: 


1. Development of prototype magnetic sensing systems designed to meet the application requirements in Table 2;

2. Low-impact magnetic calibration techniques to eliminate own-platform interference (e.g., munitions, UAS or manned platforms); and 

3. Detection, localization, and mapping techniques, and the resultant magnetic Earth maps, that are both cost- and time-efficient for generating reference magnetic model maps over large areas of interest, to include open ocean. 


Vendors may submit solutions for one or both driving use cases (see Table 2).


Solutions specific to MagNav will require the development and testing of real-time navigation algorithms on airborne platforms. Solutions specific to MAD will require techniques to sense and track anomalous magnetic signatures against the background of the Earth's field, as well as possible clutter.


Flight tests will occur throughout the duration of this program, to which the government team may support testing on DoD operational aircraft, munitions and UAS. Risk mitigation demonstration on commercial platforms is of interest when associated with a relevant DoD mission set to overcome schedule or cost limitations. To enable this testing, the integration lead will ensure the sensor packages meet Department of the Air Force (DAF) aircraft requirements and are approved for testing, when appropriate. Specific integration choices will be informed by stakeholders and performers in the Calibration, Navigation, and MAD efforts. The integrated package should enable independent sensing and navigation solutions to be tested with real-time navigation guidance updates provided to an appropriate platform.   


Test flight data is expected to be provided to the government, MagNav and MAD performers. Sensor packages are expected to evolve throughout the duration of the program to include sensor prototypes.


Compelling solutions address the following:

- For magnetometer sensor solutions:

  • Address both MagNav and MAD-based use cases as specified in Table 2,
  • Operate on munition, UAS and manned platforms within various thermal, vibrational and electromagnetic interference (EMI) environmental conditions.

 - For platform calibration and noise reduction techniques:

  • Can be realized without banking and turns that deviate significantly from nominal flight plans,
  • Persists from prior flights, are updated throughout flight, and do not fail when traversing significant changes in latitude,
  • Autonomously eliminates local interference not handled by conventional techniques. 

- For magnetic mapping techniques:

  • Can achieve significant reduction in integrated cost versus conventional techniques,
  • Enable rapid production of large-scale maps over open ocean that accurately account for temporal field variations. 

- For MavNag: 

  • Provides real-time position updates to navigation estimator using All Source Position and Navigation (ASPN) standards,
  • Algorithms that can be demonstrated on munition, UAS and manned platform use cases, 
  • Techniques that limit the need for additional sensors and hardware.

   - For MAD: 

  • Use case for air-launched expendable, low-cost, A-size sonobuoy UAS to autonomously detect, localize, and persistently track submerged targets,
  • Use case for ground launched recoverable UAS that addresses magnetic mine detection,
  • Use case for submarine launched expendable UAS for an organic self-signature measurement capability,
  • Sea floor arrays with autonomous noise reduction, target detection, and tracking capabilities,
  • Algorithms that adapt to changes in environmental clutter


C. Technology Insertions:

DoD seeks commercial technical solutions to advance quantum sensors performance and SWAP metrics that are achievable today. Majority of quantum sensing devices incorporate the use of lasers to manipulate atomic states to observe phenomenology. Maturation of integrated photonic systems and laser components is necessary for large improvements in SWAP when compared to what is achievable in existing efforts.    

  

Compelling solutions shall address the following:

  • Clear insertion pathway to quantum sensor technical solutions, which may occur in mid-course solution spirals 
  • Modular and broad applicability to more than a single sensor/vendor technical solution, but component or sub-system solution that boosts several quantum sensing solutions
  • Applicability to larger community outside the TQS performers


Shared AOI Objectives for all Bidders

  • Bidders may submit collaboratively or independently while addressing a subset of the problem statement. Each submitter must identify willingness to collaborate and partner with technical insertion, sensor, and integrator performers. 
  • Compelling solutions illustrate the maturity of the solution, to include existing hardware performance metrics and ability to scale an end-to-end system demonstration rapidly.
  • Unique domain requirements (e.g. radiation hardening, extensive space qualification) are not required and will be considered further into the prototype cycle if necessary. However, ruggedization and mission relevant environment qualification is expected.
  • International partners will be considered with prototypes meeting applicable International Traffic in Arms Regulations (ITAR).
  • Compelling solutions may include architectures, materials and radioisotopes that leverage extensive investment, maturity, and supply chain robustness. Additionally, approaches that lend towards manufacturability, sustainment, and operationally fielding in the applicable domains are desired.
  • Vendors are encouraged to incorporate PNT government-owned or open standards to support integration with other sensors, inertial measurement system integration packages, or alternative algorithms. Compatibility with existing standards is desirable.
  • Technical insertion bid submissions, may be submitted as a teaming arrangement and/or single integrator for sensor/primes, or incorporate technical proposals with interface definitions on these subsystems to allow for insertion of capability with solution providers. Compelling tech insertions will show clear on-boarding or enhancement opportunities for the sensor and integrator solutions.  
  • A vendor may have multiple submissions, either as part of a team, or independently for multiple LoEs. 



Appendix 1 – Inertial User Case Description:

 

The DoD use cases may be described by inertial operational metrics below.  The metrics listed correlate to the desired prototype end state.

 

Table 1 - Quantum Sensing Inertial Mission Use Cases

Metric

Use Case 1

 System Objectives

Use Case 2

 System Objectives

Gyro ARW

< 250 μdeg/h1/2

< 100 μdeg/h1/2

Gyro Bias Instability

< 250 μdeg/h

< 100 μdeg/h

Max Rotation Rate

300°/s

20°/s

Max acceleration

4g

 

Scale Factor Instability

1 ppm

0.5 ppm

Accel Sensitivity

4 μg/Hz1/2

1 μg/Hz1/2

Accel Bias Instability

1 μg

< 1 μg

Sensor Bandwidth

250 Hz

100 Hz

Projected Nav Error

30 m/hr

20 m/hr

SWAP

10 L / 50 kg / < 100 W

120 L / 53 kg / 200 W

End State

Higher dynamic environment,

 > SOTA Ring Laser Gyro performance,

drive down SWAP

Lower dynamic environment, >> SOTA maritime FOG, margin for SWAP

 

Appendix 2 – Magnetometers User Case Description:

 

The DoD inertial use cases may be described by operational metrics below.  The metrics listed correlate to the desired prototype end state.

 

 

Table 2 - Quantum Sensing Magnetometer Mission Use Cases


Metric

MagNav

 System Objectives

MAD

 System Objectives

Magnetometer Sensitivity

< 1nT RMSE

from 1mHz to 100 Hz

< 10 pT/Hz1/2 from 1 mHz to 100 Hz

Dead Zone

None

None

Heading Error

< 1 nT

< 100 pT

Vector Drift

< arcsec

< arcsec

Mag Mapping Errors

< 2nT from all sources  

 

Residual platform noise

< 1nT

< 50pT

SWAP (sensor and payload electronics)

< 150 cm3 / < 3 kg/ < 20 W

<40 cm3 / < 0.1 kg/ < 2 W

Shock Survivability

20g

100-700g’s for 1mS, for air and submarine launched use cases 





 

FAQs

1. Question: As a non-US company, are there any restrictions in us submitting to your solicitations? Do we need a US based partner?


1. Answer: DIU accepts submissions from companies outside of the United States. A company need not be based within the United States of America to submit a response to a DIU Area of Interest (AOI). 



2. Question: Can you please confirm if XXXXXX would need to partner up with a US SME for this opportunity? We have been informed that the Canadian Commercial Corporation could be an option. Would that be an acceptable partnership to participate?


2. Answer: DIU accepts submissions from companies outside of the United States. A company need not be based within the United States of America to submit a response to a DIU AOI. Companies may submit solutions independently; or, as teaming/partnership arrangements, prime/subcontractor relationships, if they so desire.



3. Question: Requesting assistance with PROJ00538 - Transition of Quantum Sensors (TQS) Program - We are interested to discuss aspects with the DIU Program Manager? Is it possible to contact them for discussion?


3. Answer: The Government will not engage in one-one discussions, given the competitive nature of the AOI. Vendors whose solutions meet the criteria within the CSO and AOI for Phase 1, will be required to participate in exchanges, as part of Phase 2, Pitches.



4. Question: Of the 3 Phases, is Phase 1 (Solution Brief) the only one due by 29 May 2024? If so, can you please advise when the RFIQ/RFP for Phase 2 (Pitch Session) and Phase 3 (Proposal), respectively, will be released? How much time will be provided between release of the RFIQ for Phase 2 and the due date for Phase 2? Likewise, how much time will be provided between release of the RFP for Phase 3 and the due date for Phase 3? Thank you.


4. Answer: DIU uses a competitive, Commercial Solutions Opening (CSO) process to select solutions. Please refer to CSO HQ084520SC001, posted to https://SAM.gov in March 2020. 



5. Question: Do we have to address both the PNT and the Magnetometer use cases at the same time or addressing one of the use cases is ok? These have very different requirements and will need complementary efforts.


5. Answer: The magnetometer line of effort is broken out into three functional components (provided below), addressing two use cases (MagNav and MAD). Vendors may address partial/complete functional components of the magnetometer line of effort. Compelling solutions for magnetic sensing packages address both use cases (MagNav and MAD), however solutions that address one use case will also be considered.


1. development of prototype magnetic sensing systems designed to meet the application requirements in Table 2, 2. low impact magnetic calibration techniques to eliminate own-platform interference (e.g. munitions, UAS or manned platforms), and 3. Detection, localization and mapping techniques and the resultant magnetic Earth maps that are both cost and time efficient for generating reference magnetic model maps over large areas of interest, to include open ocean.



6. Question: In reference to magnetic sensing solutions, the project description mentions atomic magnetometers explicitly. Are solutions leveraging other quantum sensing magnetometers encouraged?


6. Answer: The narrative describes the prior development of commercially available sensors, however this call does not discriminate between atomic and atom-like approaches as long as they are referencing discrete quantum states.



7. Question: We are wondering if we are eligible to apply for your accelerator programs. We are developing long range wireless technology and smart energy storage systems.


7. Answer: The Transition of Quantum Sensing (TQS) solicitation seeks relevant technical solutions in quantum sensing that may address relevant military applications and mission sets. As stated in the posting,   


“initiative seeks to prototype mature technologies that will culminate in demonstrations of end-to-end DoD operational utility. As part of TQS, there are several lines of effort (LoEs) based on relevant quantum sensing phenomenology, with targeted use cases. These LoEs include: inertial sensing, magnetometers, and technology insertions for spiral enhancements to quantum sensing.”



8. Question: Can a company who participated in the SBIR program relevant to the AOI provide a response or solution to CSO? 


8. Answer: Yes a company with prior/existing SIBR projects relevant to the AoI can submit a technical solution to the CSO.



9. Question: Is there a gravity navigation aiding line of effort included in TQS AoI? 


9. Answer: The USG needs being considered at present are articulated in the TQS AoI.



10. Question: SWAP - does this include compute and all sensors or is this just referring to the main (scalar or vector) magnetometer? And is there a maximum dimension or is it only the total volume that matters?


10. Answer: SWaP is for sensor head (physics package) and all associated readouts from the sensor package. It is expected that dimensions would be refined in concert with integration and navigation partners throughout the duration of the effort. SWaP metrics in the table are given as guidelines.



11. Question: Mag Mapping Errors - Do all solutions / use cases need to address magnetic mapping solutions to this level of accuracy (e.g. sensor payload, operational MagNav?) or would these other non-mapping focused use cases be permitted to assume a certain level of generalized accuracy to this requirement / assume maps given as inputs have this accuracy?


11. Answer: Mag mapping error requirements are only associated with the map making component of MagNav LoE.



12. Question: Mag Mapping - Does this include solar weather and core field effects or just crustal anomaly fields?


12. Answer: Table 2 in the solicitation states <2 nT error from all sources.



13. Question: Mag Mapping Errors - Can DIU clarify what this means, or refers to? Standard geophysical mapping procedure (dedicated survey aircraft with a boom) already allows for this level of accuracy on commercial systems, albeit with limitations. What specific mapping situation is the DIU interested in?


13. Answer: As stated in the solicitation, map solutions that can achieve significant reduction in integrated cost versus conventional techniques and enable rapid production of large-scale maps over open ocean that accurately account for temporal field variations. 



14. Question: Does the Government have any specific platforms in mind? If so, are they prioritized?


14. Answer: The call acknowledges use cases in manned, UAS, and munition platforms. Compelling solutions should be able to be applied broadly within these platform classes.



15. Question: Does open ocean entail underwater, surface, or airborne or ALL 3?


15. Answer: Mapping techniques should be able to be lower cost and more scalable than current aerial mapping techniques.



16. Question: Does the following imply predicted positioning": Provides real-time position updates to navigation estimator using All Source Position and Navigation (ASPN) standards?

16. Answer: A navigation source needs to provide real time navigation updates.



17. Question: Does the following imply that the MagNav solution cannot use the platform's current capabilities, such as the IMU and Edge Computing?: 


17. Answer: A final solution is envisioned to provide updates to ASPN should limit the need for redundant onboard sensors.



18. Question: Per the online topic area titled: Compelling solutions shall address the following: Will the Government clarify who this implies?: Applicability to larger community outside the TQS performers.


18. Answer: Dual use solutions that provide value to systems and applications external to the quantum sensing performers within TQS. 



19. Question: Will the Government please clarify what is meant by: Compelling solutions address the following: Autonomously eliminates local interference not handled by conventional techniques." What types of interference does this refer to? (Ex. regular EMI noise, jamming, etc?)


19. Answer: Any sensed magnetic signature where the platform is the source. 



20. Question: Is this solicitation attempting to utilize cross-platform usability for targeting and navigation?


20. Answer: Target platforms would include manned, UAS and munition platforms.



21. Question: Is DIU considering multiple form factors in addition to the desired miniaturized version, if other sizes or weights improve technical performance?


21. Answer: Refer to the SWaP specifications in Table 2 or the solicitation for both use cases.



22. Question: May vendors assume that maps of desired quality will be furnished as GFE for sensor vendors?


22. Answer: Navigation performers can presume maps are provided as GFE.



23. Question: Residual platform noise - Does residual platform noise" refer to the ability to clean external noise from data in software-only for a MagNav system? Or does it mean that the physical device itself should only emit a 1 nT field (i.e. for clandestine applications, e.g. physical de-Gaussing)?


23. Answer: Residual platform noise is the removal of any sensed magnetic signature where the platform is the source.



24. Question: Mag Mapping - what environment(s) does the DIU desire magnetically mapped? Airborne, ocean surface, underwater, urban, etc?


24. Answer: Enable rapid production of large-scale maps over open ocean that accurately account for temporal field variations.



25. Question: Mag Mapping - What sort of timescale, altitude, and spatial resolution is required?


25. Answer: The map should be sufficient to provide accurate navigation guidance.



26. Question: Should the proposed technical solution include a navigation demonstration in the field, or only aim for a sensor performance characterization in an inertial test laboratory (with a navigation demonstration in the field reserved for a future effort)?


26. Answer: It is anticipated that performers in the inertial line of effort would present a program plan building on proposed/existing calibrated sensor data through utility of the IMU in practical and operational environments during the prototype period.  Performers are expected to present a multi-phase approach for their technical solution to address the solicitation needs.  



27. Question:  Is there a link or resource that you can point us toward to learn more about the solicitation and potentials for proposing?


27. Answer: Please refer to CSO HQ084520SC001, posted to https://SAM.gov in March 2020. This outlines our competitive process. The TQS solicitation is posted to https://www.diu.mil/work-with-us.  



28. Question:  What is the anticipated budget and duration for Phase 3?


28. Answer: The budget for Phase 3 is dependent on a finalized, negotiated Statement of Work and the vendors submitted proposal. As a reminder, vendors should review the evaluation criteria stated within the CSO for Phase 2, as to ensure their submitted ROM is competitive/realistic, for the solution they are proposing to the Government. The duration of Phase 3 will depend upon a vendor's ability to participate in fruitful discussions/negotiations with the Government. 



Submit Your Solution

Joint Cyber Hunt Kit (JCHK)

Responses Due By

2024-06-14 23:59:59 US/Eastern Time

Joint Cyber Hunt Kit (JCHK)


Problem Statement and Concept of Operations


The Department of Defense (DoD) conducts hunt operations on DoD and international or domestic partner networks in order to discover advanced persistent threats (APT), and analyze their tactics, techniques, and procedures (TTP). These hunt operations require a next-generation deployable Joint Cyber Hunt Kit (JCHK) with cutting edge commercial off the shelf (COTS) and free and open source software (FOSS) capabilities.


The desired JCHK solution is best described as a mobile “security operations center (SOC) in a box” that can be transported by a nine person team, anywhere in the world. This hunt kit must be capable of standalone operation because it will most often operate in an environment where it is not permissible to connect to the internet, and not permissible to send data offsite for analysis. The hunt kit must also be capable of performing all hunt operation activities without requiring additional processing or storage resources from a partner’s on-premise infrastructure. Furthermore, the hunt kit must be transportable as carry-on luggage, meeting weight and dimension limitations on international commercial airlines, and be compatible with the limited wattage and poorly conditioned power available in developing nations. In addition to the described “SOC in a Box” capability, the JCHK shall also be a modular system that allows for additional processors, storage, software, and capability packages, as future requirements are realized.


Key hunt activities include: determining the best locations to place network sensors; determining all possible paths to sensitive information; validating and augmenting the network map using network traffic files; scanning the network for software, firmware, and configuration vulnerabilities; determining possible attack vectors and their likelihoods; analyzing PCAP files to determine normal behavior patterns; determining the causes of anomalous behaviors; discovering the TTPs APTs used to gain access to a network; discovering the TTPs APTs used to move within a network; discovering the infrastructure that APTs prepared within a network; discovering the TTPs APTs used for the Command and Control (C&C) of infrastructure; discovering and analyzing the TTPs APTs used to attack a target; discovering the TTPs APTs used to exfiltrate data, or deny critical services within a network; discovering the TTPs APTs used to defend their infrastructure or activities from detection or degradation by network defenses; and determining TTPs that network defenders could use to deter, disrupt, and defeat APT activities.


The hunt kit needs to be able to perform any and all activities related to discovering APT activities and analyzing their TTPs. This includes all of the functions typically included in extended detection and response (XDR) applications, including both endpoint detection and response (EDR) and network detection and response (NDR) functions. It also includes many of the functions typically included in case management and workflow management applications, including managing all of the hunt activities across the team as they investigate issues and piece together TTPs, write reports, and communicate with their leadership and other stakeholders. While the teams are on-mission, the hunt kit also provides all of the team’s information technology (IT) resources, including desktop IT resources for communication and report development.


Finally, while there are several security-related requirements related to the hunt kit’s ability to operate on DoD networks, such as United States (US) Trade Agreement Act (TAA) compliance, DoD also desires a hunt kit whose components have no International Traffic in Arms (ITAR) or Export Administration Regulations (EAR) export restrictions so that foreign governments that partner with the US on hunts can procure the same hunt kits if they desire.


Schedule, Execution Details, and Quantity


The vendor must be capable of completing a prototype hunt kit for government testing within four months of receiving an Other Transaction (OT) award.


During the prototype phase of this acquisition, the vendor will deliver a fully integrated hardware / software solution, configure the software to best use the hardware resources, and integrate the software in order to improve workflows, dataflows, and the user experience (UX). The requirements for software integration and improvements will not be specified by the government, and are up to the vendor to choose as part of their strategy. The government’s hunt kit currently uses a mix of COTS software and FOSS, and the government will evaluate alternative software loads during the prototype phase of this acquisition. However, during any follow-on production phases of this acquisition, the government may choose to procure only hardware, software integration, and sustainment services if no compelling software solution is bid.


The vendor’s installation scripts or images will need to be compatible with the Joint Cyber Warfare Architecture (JCWA) software provisioning solution (JSPS), which uses infrastructure-as-code (IaC) technologies. IaC is defined as any software provisioning / software deployment mechanism that is automated, does not require a human with administrative rights to be involved, and can be stored in a repository. This includes Ansible deployment scripts, VMware deployment scripts, Kubernetes deployment scripts, and similar technologies. For the purposes of the prototyping efforts, the vendor may provision the software onto their hardware using any method they desire. Note that if the vendor demonstrates a provisioning solution in the prototyping phase that has sufficient merit, and is in the best interest of the government, there is a possibility that it could be added to the JSPS trade-studies.


If the government determines the prototype project to be successfully completed and decides to award a production OT or contract, the following may apply:


  • United States Cyber Command (USCYBERCOM) and the Service Cyber Components (SCC), including Army Cyber Command (ARCYBER), Fleet Cyber Command/Tenth Fleet (FCC/10F), Air Forces Cyber/16th Air Force (AFCYBER), Marine Corps Forces Cyberspace Command (MARFORCYBER), and Coast Guard Cyber Command (CGCYBER) may procure hunt kits on an indefinite delivery, indefinite quantity (IDIQ) basis.
  • The final quantities are unknown, but for design and production feasibility analysis purposes should be assumed to be approximately 100 hunt kits per year, with the ability to scale to approximately 250 hunt kits per year, upgrade critical technologies as necessary throughout a kit’s lifecycle, replace entire systems every 3-5 years, and be able to stock or procure parts to repair and refurbish systems as required within a 2-4 week time period.
  • The government will purchase the software licenses and supply them to the vendor as government furnished equipment (GFE). It is also likely that the government will provide a small number of government off the shelf (GOTS) applications as GFE. The vendor will be responsible for integrating and sustaining all software. However, the government will own all licenses, control the distribution / prioritization of licenses, and bear all software end user license agreement (EULA) enforcement risk.


Desired Product Specifications


The DoD’s requirements are listed in 5 sections: minimum hardware requirements, optional hardware preferences, minimum software requirements, optional software preferences, and vendor support requirements. The government may further refine or elaborate on any specifications during future phases.


Minimum Hardware Requirements


The hardware solution MUST be one that:

  • Can be deployable within stacked transport cases; and be deployable within a top-of-rack, or rack-mounted manner, without experiencing any degradation from electromagnetic interference or signal cross talk.
  • Can operate on international power sources ranging from 100 VAC to 240 VAC and 50 to 60 Hz.
  • Has the ability to operate in hot indoor temperatures, poorly conditioned power, frequent brown-outs, and occasional power surges.
  • Has the ability to be easily scaled up or down to the size of the network being hunted on, as well as the ability to be connected to to-be-defined (TBD) capability expansion packages that will extend the DoD’s hunt capabilities into areas such as industrial control systems (ICS) / supervisory control and data acquisition (SCADA) systems, internet of things (IOT), wireless, and cloud, or extend the JCHK’s capabilities with artificial intelligence / machine learning (AI/ML), storage, or out-of-band (OOB) communication solutions. Proposals for COTS capability expansion packages available within the JCHK prototype and production timeline may be submitted with the JCHK proposal, as separately priced options. Capability package equipment is not part of the nine person transport limit, but carry-on transport on international airline flights is still required.
  • Has all the equipment needed to tap and process all PCAP, logs, and metadata across a minimum of three “hunt sites” that each have a 1x 10 Gbps full duplex ingest line, or 2x 1 Gbps full duplex ingest lines. The hunt kit must be capable of processing this data 24x7, at fully saturated data rates, as a stand-alone system, without utilizing SPAN ports on tapped network devices. 
  • Has all equipment needed to enable a minimum of nine total host analysts and/or network analysts to perform hunt activities at an “analyst site”. This equipment must include laptops with approximately 17” screens; RJ45, HDMI, USB-A and USB-C connection ports. Any wireless communication, recording, or camera capabilities present must be able to be disabled via hardware, and not be capable of being enabled via software or network communications.
  • Has all equipment needed to connect all three hunt sites and the analyst site with whitelisted internet protocol (IP) addresses and virtual private network (VPN) encrypted communications. The connections must also be capable of supporting remote management of all network taps and firewalls using OOB channels; and must be able to connect to another access layer switch at the analyst site. The equipment must be able to meet all three of these conditions concurrently. 
  • Has all equipment needed to perform digital forensic analysis of drives and memory, including the equipment needed to clone drives and memory, and the equipment needed to prevent write-back.
  • Has the ability to use all common VPN protocols, including internet protocol security (IPsec), OpenVPN, and WireGuard.
  • Network taps must be both passive and regenerative so as to not interfere with normal operation of the network it is connected too, and can operate using only an on-board battery for at least 1 hour.
  • Has sensors, servers, and laptops that will allow all DoD standard hunt software loadset applications to be installed on virtual machines (VM) with their original equipment manufacturer’s (OEM) recommended resources, with no more than 75% processor utilization, 75% memory utilization, and 50% storage utilization at the sensor, server, and laptop level. For sizing purposes, assume the DoD standard hunt software loadset can be either a Splunk or Elastic based loadset, with approximately 25 total applications.
  • Has the ability to store at least 7 days of PCAP collected off a minimum of 3x 10 Gbps full duplex lines, and 90 days of logs and metadata on each server.
  • Supports RAID 1, 5, 6 or 10; to manage OS data using RAID 1; and to not lose queued mission data for at least 1 hour in the event of a site-power failure.
  • Has all equipment to allow the hunt kit to be connected to a site network using copper, multimode fiber, or single-mode fiber transmission lines.
  • Uses copper cabling with RJ45 connectors between all the stand-alone components that comprise the hunt kit, wherever feasible, to allow custom length cables to be easily created in the field. Where this is not feasible, the hunt kit must include the splicing tools needed to make the custom cable lengths.
  • Has a capability that aggregates all data from all network taps, making it available for analysis by any sensor or server. The load balancing functions typically included in a packet broker are not required.
  • Has network taps and firewalls without any type of in-band management capability, or the ability to turn it off.
  • All transport cases and stand-alone hunt kit components should be able to be secured in a way that makes physical tampering evident by casual inspection. At a minimum, the DoD requires that all transport cases and stand-alone components have the ability to be easily secured with wire ties and/or 2.5”x9” tamper evident tape, during both transportation and operation. Alternative solutions with the same or better tamper detection abilities are acceptable.
  • Has only self encrypting drives (SED) that comply with the latest version of the Federal Information Processing Standards (FIPS) specification 140, at Security Level 2 or greater, for all drives involved with processing mission, networking, or security data.
  • Has a trusted platform module (TPM) with a cryptographic module that is certified by the National Information Assurance Partnership (NIAP) for each stand-alone assembly involved with processing mission, networking, or security data.
  • Has all electronic subassemblies involved with processing mission, networking, or security data produced in countries that are members of the US TAA.
  • Has only stand-alone assemblies that are available for purchase as COTS items without any ITAR or EAR export restrictions for TAA designated countries.
  • Has an extremely high level of reliability, a high level of repairability, and good parts availability.
  • Has wheeled travel cases for all equipment that allows a 6-foot-tall person to walk comfortably while towing a case and rolls easily over cobblestone streets; except for laptops, which may have backpack style travel cases that fit under an airline seat.
  • Has a tool kit that contains all the tools needed to: remove all drives that process mission, network, or security data; configure the hunt kit for travel or different deployment options (top of rack, rack mounted, case mounted); and maintain or perform repairs and/or component replacements in the field. 


Optional Hardware Preferences


The most preferred hardware solution would be one that:

  • Packs the greatest amount of throughput speed, processing power, and storage capacity into a form factor that is transportable by nine personnel as carry-on luggage on standard international airline flights.
  • For all drives that store mission, network or security data: has only drives that are easily removable without tools.
  • Has the ability to purge non-volatile memory (NVM) in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-88 using ATA, SCSI, NVMe, TCG Opal, or TCG Enterprise cryptographic erase commands; or the ability to easily replace non-purgeable NVM using commonly available memory cards.
  • Has the ability to automatically detect tampering while deployed, and to alert network defenders.
  • Has the ability to automatically detect tampering during transport, and to alert network defenders, using wireless technologies that can be easily removed prior to deployment, and easily replaced for transport at the end of the mission.
  • Has the ability for all small form-factor pluggable (SFP) transceivers to be replaced with multi-source agreement (MSA)-compliant SFPs without any loss of functionality.
  • Requires the least number of spares and repair tools to ensure a 95% field availability level.
  • Has at least 50% empty space in the laptop backpack when the hunt kit is fully packed.
  • Has hard-sided travel cases that stack on their wide face in a stable manner that resists tipping over.


Minimum Software Requirements


The software solution MUST be one that: 

  • Has the ability to ingest data from Splunk security information and event management (SIEM) software and forwarders, and to feed data to Splunk SIEMs.
  • Has the ability to ingest data from Elastic SIEMs and forwarders, and to feed data to Elastic SIEMs.
  • Has the ability to actively (ie: via interrogation or scanning techniques that are detectable by network monitoring / log analysis tools) detect network vulnerabilities, known malware, and signs of intrusion.
  • Has the ability to correlate network maps, configuration data, vulnerability scans, and sensitive information locations, and to determine likely attack paths and how an attacker would prioritize them.
  • Has the ability to automatically ingest NetFlow, log and metadata data from network devices and hosts, and determine what is normal versus an anomaly with very good detection and low false alarm rates.
  • Has the ability to automatically ingest and incorporate cyber threat intelligence (CTI) and indicators of compromise (IOC) from a wide variety of data sources into vulnerability, threat and attack analyses.
  • Has the ability to process analytics that are distributed across a set of sensors.
  • Has the ability to automatically link, correlate, compare, timeline, trend, and display NetFlow, log and metadata data from network devices and hosts, in ways that make it very effective for analyzing attacker TTPs.
  • Has the ability to coordinate incident analysis data and activities across a hunt team in a manner that allows team members to collaborate on analyses using teleconferencing and multi-user editable files.
  • Has the ability to query any data within any hunt application, or to write a trigger that results in an action within any hunt application, using Structured Query Language (SQL) or similar.
  • Has the ability to automate workflow and dataflow across hunt applications, or to call queries or triggers using only the application programming interfaces (API) for the hunt applications.
  • Has the ability to create custom network topology maps that combine subsets of level 2 and level 3 topology maps, and incorporate evidence of attacker TTPs as annotations and links to the SIEM data.
  • Has the ability to easily create a virtualized environment that is a digital twin of the IT environment being analyzed at the partner site, for testing purposes.
  • Has the ability to automatically validate files against known hashes, of any common hash type.
  • Has the ability to detect malware within files, binaries, and addressable memory, with high levels of detection but low levels of false alarm.
  • Has the ability to perform malware analysis activities, including identification, triage, static analysis, dynamic analysis, and reverse engineering, all performed in a sandboxed environment.
  • Has the ability to perform cyber threat emulation (CTE) activities, including probing, penetration, pivoting, evasion, and coordinated attacks, that can be packaged to simulate a particular APT’s TTPs.
  • Has the ability to insert links to data, analyses, notes, dashboards, tables, charts, or graphs in a hunt application into a Microsoft (MS) Word, MS Excel, MS PowerPoint, MS Visio, or Adobe PDF document.
  • Has the ability to function without needing a connection to the external internet.
  • Has the ability to function in Linux, VMware, or Docker / Kubernetes environments.
  • Has the ability to function using only the processing and storage resources within the hunt kit.
  • Has the ability to be configured quickly and easily in a way that meets all the security control requirements for operating on a DoD network, that are applicable to software.
  • Has a licensing model that allows the government to pay a fixed cost per hunt kit license per year, and allows the hunt kit to be used to hunt on networks with an unknown quantity of devices and dataflow.


Optional Software Preferences


The most preferred software solution would be one that:

  • Has the ability to detect malware within unaddressable memory, firmware, and integrated circuits (IC) with high levels of detection, but low levels of false alarm.
  • Has the ability to passively (ie: without performing any outgoing communications) detect network vulnerabilities, known malware, and signs of intrusion.
  • Has automations or wizards / work-aids that allow a basic level analyst to perform malware analysis activities as thoroughly as an intermediate level analyst. 
  • Has automations or wizards / work-aids that allow a basic level analyst to perform CTE activities as thoroughly as an intermediate level analyst.
  • Has the ability to search information from the malware and CTE analyses from the SIEM and integrate information from the malware and CTE analyses into the network maps.


Vendor Support Requirements


The DoD requires a hunt kit vendor who:

  • Has the ability to support the prototype and production contracts using only personnel who are US Persons as defined by the US Immigration Reform and Control Act (IRCA) of 1986 as amended, and using only facilities, IT equipment, and personnel located in the US.
  • Has the ability to deliver the quantities of hunt kits desired, within the desired timelines, with high levels of quality assurance, and low levels of cost, schedule, and hunt kit performance risk.
  • Has the ability to provide software integration, configuration, and optimization services in a fast-paced user-driven DevSecOps environment, including developing dataflow scripts and plugins, and productivity enhancement tools.
  • Has the ability to provide 24x7 help desk support in the areas of hardware configuration, software configuration, hunt software usage, site-integration troubleshooting, and dataflow troubleshooting.
  • Has the ability to provide system refurbishment services, including NIST SP 800-88 compliant NVM sanitization, hardware repairs, upgrades, and performance testing. 
  • Has the ability to provide system logistical services and inventory management for hardware components located in sites throughout the US.
  • Has the ability to provide systems engineering support in the areas of deployment technical planning, hardware/software system optimization, software suite improvement, and failures / root cause analysis.
  • Has the ability to provide the security engineering and system documentation required to attain an authority to operate (ATO) to connect a system to DoD networks, including classified networks, and to support site-specific security inquiries.
  • Has the ability to develop training materials including: hardware configuration and administration manuals, software configuration and administration manuals, and activity-based software usage videos.


Awarding Instrument


This Area of Interest solicitation will be awarded in accordance with the Commercial Solutions Opening (CSO) process detailed within HQ0845-20-S-C001 (DIU CSO), posted to SAM.gov on 13 Jan 2020, updated 02 Oct 2023. This document can be found at: https://sam.gov/opp/e74c907a9220429d9ea995a4e9a2ede6/view


Vendors are reminded that in order to utilize an Other Transaction (OT) agreement the requirements of 10 USC 4022 must be satisfied. Specifically reference 10 USC 4022(d), which requires significant contribution from a nontraditional defense contractor, all participants to be small business concerns, or at least one third of the total cost of the prototype project is to be paid out of funds provided by sources other than the federal government.


Follow-on Production


Companies are advised that any prototype OT agreement awarded in response to this AOI may result in the award of a follow-on production contract or transaction without the use of further competitive procedures. The follow-on production contract or transaction will be available for use by one or more organizations in the Department of Defense and, as a result, the magnitude of the follow-on production contract or agreement could be significantly larger than that of the prototype OT. As such, any prototype OT will include the following statement relative to the potential for follow-on production: "In accordance with 10 U.S.C. 4022(f), and upon a determination that the prototype project for this transaction has been successfully completed, this competitively awarded prototype OT may result in the award of a follow-on production contract or transaction without the use of competitive procedures.”


FAQs

1. Your storage specifications seem high and will be expensive. Is that what you want?

We're not focused on cost at this stage. We're looking for the best solution that meets the specification.

2. For the minimum software specifications provided in the solicitation, will any be satisfied by GOTS or other government provided software?

No.

3. Can you provide additional information on the Joint Cyber Warfare Architecture (JCWA) software provisioning solution (JSPS)?

No.

4. Can you provide a list with the DoD standard hunt software load set?

No.

5. Can you provide a list of GOTS applications the government is likely to provide for the prototype project?

No. There aren’t any for this prototype.

6. What types of files will need to be automatically validated against known hashes, of any common hash type?

Files of all types will need to be validated against known hashes, of any common hash type.

7. What is the goal of the hash validation process?

The goal of validating file hashes is both to discover known malware files, and to validate that infrastructure-related files, such as operating system (OS) or firmware files, have not been modified.

8. What types of files would need to have a hash comparison?

Files of all types will need to be compared against known hashes, of any common hash type.

9. Would the customer provide the known good hash or would this need to be provided by the company developing the JCHK?

For each application in the software load set the vendor supplies as part of their prototype, the vendor must supply a hash value and its hash type.

10. Can you specify the storage requirements in terabytes for the ability to store at least 7 days of PCAP collected off a minimum of 3x10 Gbps full duplex and 90 days of logs and metadata on each server? This number varies greatly depending on the assumptions used in the storage calculation.

The storage requirement is not stated in terabytes because vendors may employ different data compression strategies in their storage designs. However, proposed designs must be capable of meeting all storage and processing specifications when all incoming data links are fully saturated. Log and metadata loads will vary depending on the infrastructure used by each mission partner. However, proposed designs must be capable of meeting all storage and processing specifications when hunt sites are large enterprises with numerous network and host logging functions enabled.

11. Is there an expectation for a "management approach" to be addressed in the Phase 1 response or will this be addressed later?

No. This effort is only for the delivery of a prototype. Management approach will be addressed at a later time.

12. We believe the software specifications section may be in conflict with an earlier section. Is the government providing us all licensed software as GFE?

The software statements identified in the “Minimum Software Requirements” and “Schedule, Execution Details, and Quantity” sections are not contradictory because they are referencing different phases of the acquisition process. The minimum software requirement is a prototype provision while the software licensing in the quantity section speaks to what may apply to a production contract.

13. Can the government clarify if the requirement for the JCHK is to provide both TAPs which are "passive" as well as TAPs that are "regenerative" or if the intent is to provide a TAP which is both "passive and regenerative"?

Using the following definitions they could reside in the same device:

Passive TAP - There is no data originating from the TAP to the tapped devices. The TAP device should only forward information that was originally intended for the network devices, and should not be detectable, negotiate communications with the tapped devices, nor interfere with the network being tapped.

Regenerative TAP - The TAP device negates the signal loss over long network runs that would cause a loss of communications.

14. What product certifications are required for submissions on this prototyping effort? (e.g., TAA, IPv6, FIPS, APL, etc.)

This is a Phase 1 submission for a solution response based upon the Commercial Solutions Opening (CSO). Provide any information your company deems necessary to allow the government to evaluate your solution.

Submit Your Solution