Notice

Competition document: understand and interact with cyberspace

Updated 4 September 2015

1. Understand and interact with cyberspace

Through this CDE themed competition we’re looking for novel approaches to human interaction with cyberspace to increase military situational awareness.

This competition was briefed at the CDE Innovation Network event on 9 July 2015 in London and at a webinar on 16 July 2015.

Centre for Defence Enterprise themed competition: understand and interact with cyberspace

Proposals must be received by 5pm on Thursday 3 September 2015. Submit your proposal using the CDE online portal.

2. Background

The Ministry of Defence (MOD) cyber science and technology (S&T) programme aims to enhance the UK’s operational freedom of action and satisfy national security objectives (see the UK National Security Strategy) in a more effective and affordable way. This is achieved by exploiting the cyberspace environment through the development, test and validation of cyber capabilities to identify new tools and techniques that improve visualisation and perception, decision making, and communication.

Current military information processing and sense-making in the cyber domain is a human-intensive process with a high cognitive burden. This process doesn’t scale easily with increased data volume. With the arrival of ‘big data’ techniques to address the growing data analysis burden, the traditional human-computer interface (monitor, keyboard and mouse) remains a bottleneck in analysis throughput.

In the context of MOD, decision making is supported by understanding. Understanding is defined as ‘the perception and interpretation of a particular situation in order to provide the context, insight and foresight required for effective decision making’ (see Joint Doctrine Publication JDP 04).

Within cyberspace, understanding cyber activity and its relevance to military operations or processes enables MOD to defend its digital assets and ensures freedom of manoeuvre in, or through, cyberspace. Cyber activities alone may not easily be recognised as threats but in combination, or in specific context, the relevance of the activity may be better understood, resulting in effective action being taken.

Timely and effective decision making is critical to operational success, but some decision making will need time (see Joint Doctrine Publication JDP 01). A large number of cyber activities and their possible outcomes have the potential to produce vast amounts of data and information. Being able to rapidly convey the cyberspace situation and associated analysis to the military commander, analyst and decision maker becomes a real challenge. Dstl is seeking approaches to improve the analysis and presentation of large volumes of data and information to support decision making.

Communication is an important part of the decision-making process. Common methods of communication to achieve understanding include visual, verbal and written presentation, or military orders. The creation of a clear vision and intent (the ability to create a mental image of the future with imagination and wisdom) can be a method of sharing foresight, which is the primary outcome of understanding. At the strategic and operational level, vision determines the design of a military campaign, including how resources are allocated and the operational priorities. At the tactical level, vision provides the ability for local commanders to make decisions without constantly referring to seniors for approval; this in turn improves the speed of operation.

Military decision makers need to make timely and proportionate decisions, so new ways are needed to quickly understand what relevant cyber activity is taking place and why it’s happening; the context of this activity in relation to missions; and the potential impact on military operations. Ideally we need to be able to project into the future (to achieve foresight), to understand what will happen next and what the impact will be in the real world.

Good cyber defence relies fundamentally on good cyber understanding.

3. Technology challenge

This is not the first cyber-based CDE themed competition, or the first that supports military decision making. For this competition our specific interest is in the way that cyber activity is presented in context, and how the relevant information, analysis or intelligence in cyberspace is conveyed to support and improve military decision making.

We’re looking for innovative proof-of-concept research proposals, based on approaches to human interaction with data, to increase understanding in cyberspace.

Analysts need to have access to tools and systems tailored to the function they’re performing; the decision they’re supporting; and the conditions they’re in. To avoid overloading military commanders with data and information, which can reduce their decision making effectiveness rather than strengthen it, we need to identify revolutionary approaches rather than evolutionary upgrades and gradual developments.

To provide the best support for these decisions, the Dstl research programme is looking for the best techniques, software and technology to allow MOD to defend its digital assets and ensure freedom of action (see the cyber primer).

Capability providing cyber understanding should allow a military commander to:

• understand the impact of cyberspace activity on MOD’s mission
• understand the status and critical points of our own or adversary’s military cyber-dependent systems
• direct the collection and analysis of intelligence on critical systems
• make effective decisions with analytical evidence to provide greater assurance of mission success

However, there are gaps in our ability to link cyber activity, data and information, physical military systems and military missions together and present this information to military decision makers in a clear and efficient way. For example, relevant questions to this CDE themed competition are:

• how is my mission being supported by cyberspace?
• how is my mission affected by activity in cyberspace?
• can I understand the important risks in cyberspace as they apply to my mission so that I can take proactive steps to avoid them?
• are all my systems operating at full capacity?
• can I rely on all my assets?
• do I need to start remedial action in anticipation of potential loss or degradation of capability?

To put this challenge into context, we’re dealing with a large and varied range of digital systems in cyberspace, with many business functions. The systems range from office-like computer infrastructure to large, complex platforms, often heavily dependent on legacy systems, and constrained bandwidth communications with high latency.

We’re looking for visualisation of data within cyberspace including virtual data manipulation and augmented reality. This may be supported by technologies that allow the military user to interact with the dataset in real time and manipulate the complete dataset and raw, unstructured data through customising the visualisation functions as required. Ideally, solutions will allow an operator to engage with and manipulate vast volumes of data with multi-media human-machine interfaces.

We’re also looking for user interfaces that have user-centred design at their core. They should provide support to decision making through automated techniques that help the operator take in and understand fully the relevant cyber information. Solutions should provide the commander with the context of the cyber activity in relation to a mission process or supporting capability. The context could be tactical, operational or strategic (see Allied Joint Doctrine AJP 01).

Visualisation techniques and tools may be applied to many parts of this problem to communicate the information in a clear and effective way. Your solution should describe how it addresses one of more of the challenges.

Your proposal should demonstrate how your techniques and processes will lead to:

• increased speed of military responses to cyber activity
• assessment of evolving risk to the success of the mission and opportunities for mitigation
• optimised cyber response actions supported by visualisation of a situation as it develops over time, enabling likely projections of the future situation and assessment of future impacts on military assets and missions

Dstl won’t provide data sets or hardware for the proposed research or demonstrations. The specific cyber events or activities themselves are not the primary concern of the challenge area, although mixed-source data (such as SCADA instructions with system status logs and communications traffic) is more desirable than established computer network defence activity.

4. What we want

We’re looking for proof-of-concept technology developments, at a low technology readiness level (TRL) of 2 to 4 that demonstrate the highest quality and align with the challenge stated above.

Successful proposals will demonstrate a solution that can tackle the scale and breadth of the problem. In particular by providing cyber understanding to decision makers and users that include non-technical generalists (eg administrator, technical staff officers, intelligence specialists and cyber defence analysts).

We want a successful proposal to clearly describe how the new techniques and methods proposed improve on current techniques and what military cyber problem they address.

We’re looking for outcomes that include a demonstration and a realistic exploitation route, rather than just a written report.

The skilled resources we expect you to apply include mathematicians and statisticians, probabilistic modellers, computer scientists, and systems analysts with expertise in heuristic and deterministic methods, information/data fusion and decision support, and human factors expertise including cognition, learning and socio-cultural understanding.

We’re also interested in proposals that look to collaborate and partner with other like-minded organisations. While a proposal can be from a single small and medium-sized enterprise (SME) or academic institution, we encourage collaboration among parties who may have similar ideas and also collaboration with, but not limited to, existing MOD suppliers to increase the likelihood of exploitation.

5. What we don’t want

We don’t want proposals:

• with no clear benefit of visualisation to the decision maker, eg solutions that don’t scale for large volumes of data, or information that creates other data-overload problems
• where there’s no clear evidence explaining how the proposed solution will add significant value to the decision-making process
• that restrict their scope to a small sub-section of cyberspace, eg intrusion detection systems or data mining

6. Exploitation

Cyber understanding is a recognised MOD requirement managed through the C4ISR (MOD Capability Branch for Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance) capability. We expect innovative concepts funded through this CDE phase-1 competition to be exploited through this route and aligned to the generation and delivery of defence capability.

We hope to exploit successful outputs from phase-1 projects as part of wider cyber situational awareness and understanding capability through broader collaboration. This collaboration will take account of the full and limited rights access to underlying intellectual property of the contributors under DEFCON 705.

A small number of successful phase-1 proposals will be taken forward as an integrated component of wider cyber understanding capability. Only bidders funded at phase 1 will qualify for entry into phase 2 of this competition. At phase 2 additional funding of up to £500,000 will be made available. Funding allocation will be determined through a Dstl decision conference following the phase-1 demonstrations and receipt of a fully costed phase-2 proposal.

7. Important information

Suppliers should note that Dstl will not provide data or infrastructure to support the development, testing or refinement of proposed projects.

Due to the timescales of this competition (all phase-1 projects must complete by 31 March 2016), proposals should be structured so that ethical approval isn’t necessary at phase 1, as this could take several months.

Phase-1 suppliers will be required to participate in 2 important events. At the first event in November 2015, the suppliers will be required to share highlights from their planned outputs with Dstl and all the other phase-1 suppliers. The format will be an initial presentation from each supplier followed by time for networking and exploring potential future collaboration. The event will take place at or near a Dstl site and will last for 1 day.

Shortly before the end of phase 1 (February 2016), suppliers will be required to demonstrate their project outputs to only Dstl and MOD stakeholders, prior to formal delivery to Dstl. The emphasis at this 1-day event will be on demonstration and not presentation. Suppliers will need to provide all the tools and data necessary to do the demonstration. The event will also take place at or near a Dstl site.

You should include attendance at these events in your proposal document as costed deliverables.

This competition was supported by presentations given at the Innovation Network event on Thursday 9 July 2015.

Proposals for funding must be submitted by 5pm on Thursday 3 September 2015 using the CDE online portal.

You must mark all proposals for this themed competition with ‘understand and interact with cyberspace’ as a prefix in your title.

The total funding available for phase-1 of this 2-phase competition is £500,000.

While there is no cap on the value of a phase-1 proposal, it is significantly more likely that at this stage a larger number of lower-value proposals (eg £50,000 to 100,000) will be funded than a small number of higher-value proposals.

Read important information on what all CDE proposals must include. Proposals that don’t include the required information are unlikely to be successful.

Phase-1 proposals should focus on a short, sharp, proof-of-concept stage typically, but not exclusively, 3 to 6 months in duration. All research for this phase must be completed by 31 March 2016.

Proposals must include a descriptive scoping for a longer programme of any duration but the proposal should be clearly partitioned with a costed phase-1 proof-of-concept stage. Within your project plan you must also include a costed proposal for phase-2 as a deliverable at the end of phase 1. Proposals for further work beyond phase 1 will only be considered after the proof-of-concept stage has delivered, using the understanding gained to make an informed decision.

Proposals will be assessed by subject matter experts from MOD and Dstl using the MOD Performance Assessment Framework. Deliverables from contracts will be made available to technical partners and subject to review by UK MOD.

Dstl will be available to provide advice and/or guidance via an appointed technical partner throughout the project and provide the interface with MOD and wider government stakeholder community.

8. Important dates

9 July 2015	Competition briefing at Innovation Network event
16 July 2015	Webinar
3 September 2015	Competition closes at 5pm
mid October 2015	Contract placement initiated and feedback provided
November 2015	Supplier presentation day
February 2016	Demonstration day
31 March 2016	Proof-of-concept research complete
mid May 2016	Phase-2 funding decisions made

9. Queries and help

While you’re preparing your proposals, you can contact us if you have any queries:

Technical queries about this competition should be sent to DSTLCysa@dstl.gov.uk

Capacity to answer these queries is limited in terms of volume and scope. Queries should be limited to a few simple questions or if provided with a short (few paragraphs) description of your proposal, the technical team will provide, without commitment or prejudice, broad yes/no answers. This query facility is not to be used for extensive technical discussions, detailed review of proposals or supporting the iterative development of ideas. While all reasonable efforts will be made to answer queries, CDE and Dstl reserves the right to impose management controls when higher than average volumes of queries or resource demands restrict fair access to all potential proposal submitters.

General queries (including how to use the portal) should be sent directly to CDE at cde@dstl.gov.uk