CCDC, C5ISR Cybersecurity Defense Operations and Research (CDOR)
The United States (U.S.) Army Combat Capabilities Development Command; Command, Control, Communication, Computers, Cyber, Surveillance, and Reconnaissance (C5ISR) Center; Space & Terrestrial Communications Directorate; Cybersecurity Defense Operations and Research (CDOR) Branch is a recognized leader in the cyber community for providing innovative research and development in near-term Defensive Cybersecurity Operation (DCO) services to its U.S. Army, Department of Defense (DoD), and non-DoD subscribers and successfully transitioning its research and development (R&D) solutions into cyber operational practice within the cyber warfighting domain. This branch was previously known as Army Research Lab (ARL) Sustaining Base Network Assurance Branch.
The CDOR objectives are addressing today's cyber threats by designing and deploying game-changing cyber defense capabilities that allow organizations to defend better, react faster, coordinate rapidly, prioritize efforts, and respond smarter to security events, increased risks or operational directives. The Government will continue to advance and further the cyber research mission by conducting research and developing solutions to enhance the dynamic cyber-defense domain through operational provisioning of 24/7 cyber defense operations and services within the DoD Information Network environment.
The Branch is focused on research, development, and deployment of capabilities that support the DoD imperatives for cyber operations and security. These include, but are not limited to:
Battlespace Awareness: Activities to combine intelligence related to threats, adversaries, technology, and environmental information relative to the status and disposition of friendly forces and capabilities. The Government's efforts are focused on innovative support that enhances battlespace awareness to provide friendly forces the information required for decision-making that gains or maintains an advantage over an adversary.
Secure Operating Area: Activities and deployment of capabilities to secure cyberspace operating areas, the commander's assessment of operational risk, and support agile/dynamic shaping of the environment in response to indicators & warnings. Furthermore, continuous hardening and proactive measures for enhanced cybersecurity posture coupled with battlespace awareness supports both persistent engagement efforts and the ability for commanders to defend forward.
Command and Control (C2): Activities and deployment of capabilities to posture cyber forces/resources in a manner most advantageous to mission accomplishment and command and control the use and protection of DoD information for the purposes of managing operational risk, countering adversary threats, and achieving mission objectives.
Defense: Activities and deployment of capabilities to disrupt adversary's ability to take action to disrupt, degrade, or deny achievement of DoD mission objectives. As a mission enabler, defense of DoD information is critical; therefore, commanders must be able to deliberately counter and mitigate adversary exploitation of cyberspace terrain provisioned by Enterprise Information Technology (IT) vendors/contractors.
ANTICIPATED PERIOD OF PERFORMANCE: The period of performance shall include a 12 month base period, and four (4) 12 month option periods.
RESPONSE DUE DATE: Interested parties should submit responses electronically by 19 August 2019 no later than 3:00pm Eastern Standard Time via e-mail to usarmy.apg.ccdc-c5isr.mbx.stcd-amt@mail.mil
DISCLAIMER: THIS SOURCES SOUGHT ANNOUNCEMENT IS FOR INFORMATIONAL PURPOSES ONLY. THIS IS NOT A REQUEST FOR PROPOSAL. IT DOES NOT CONSTITUTE A SOLICITATION AND SHALL NOT BE CONSTRUED AS A COMMITMENT BY THE GOVERNMENT. RESPONSES IN ANY FORM ARE NOT OFFERS AND THE GOVERNMENT IS UNDER NO OBLIGATION TO AWARD A CONTRACT AS A RESULT OF THIS ANNOUNCEMENT. NO FUNDS ARE AVAILABLE TO PAY FOR PREPARATION OF RESPONSES TO THIS ANNOUNCEMENT. ANY INFORMATION SUBMITTED BY RESPONDENTS TO THIS TECHNICAL DESCRIPTION IS STRICTLY VOLUNTARY.
CONFIDENTIALITY: No classified, confidential, or sensitive information should be included in your response. Proprietary information is acceptable but must be marked as proprietary. The Government reserves the right to use any non-proprietary technical information in any resultant solicitation(s).
QUESTIONS TO THIS ANNOUNCEMENT: All questions pertaining to this announcement are due within 30 days after release. Only one (1) set of questions per company will be accepted via e-mail. Telephone requests will not be accepted.
PROGRAM BACKGROUND:
The mission of the C5ISR Center CDOR provides America's soldiers and our operational partners with the technology edge through a broadly based, multidisciplinary program of research, exploratory development, analysis, and operations with the critical mass, synergy, and flexibility to satisfy the future technological needs. Research and technology development is the primary business of the C5ISR Center, and the Center provides scientific and technological innovation in a variety of technical disciplines to identify and defend against active capable adversaries and need world-class capabilities to protect, monitor, detect, analyze, diagnose, respond, and effectively manage the cyber-attacks and exploitation activities.
A second major area is to protect information systems and networks and increase resiliency in the face of advanced and persistent cyber warfare capable adversary which could disrupt, deny, degrade, or destroy information system resources or the information itself and/or interfering with the delivery of essential mission services upon which we depend, and set the stage for more destructive cyber-attacks.
Finally, the Branch's cyber mission uniquely derives its strength from the close synergy between research and the technical services answering operational necessities. Our unique DCO mission allows us to focus and guide cyber defense R&D reliant on native or raw data, containing vital evidence of the threats perpetrated by hostiles, collected from real world networks and continuously refreshed from active sensing environments. The extensive network traffic monitored by the Cyber Security Service Provider (CSSP) provides this current, real-world context, including attack data, unavailable in test or development networks. The fruits of R&D efforts are then rapidly incorporated into the CSSP environment to improve the defensive capability and to validate the R&D. The ability to improve attack detection accuracy and timeliness is intrinsically coupled to analysis of the traffic and the agile development of new tools and techniques to combat adversaries. These activities demand skilled, forward-thinking staff at every position.
PROGRAM OBJECTIVE:
This provides the approach to achieve the strategic thrusts to advance the C5ISR Center cyber mission through research, development, testing, and implementation based on the conduct of; and the operational data gathered through our 24/7/365 cyber defense operations and services. Strategic thrusts provide a methodical framework for prioritizing cybersecurity R&D activities and expediting the infusion and implementation of research accomplishments to support our defensive cyber operational priorities. The key to the requirement is to investigate methods to overcome the lack of models, theoretical foundations, and empirical data for both defenders and adversaries and to investigate methods to quantify information systems security status, in particular, risk and resilience status, of both wired and wireless networks by developing metrics, models, and algorithms validated by operationally grounded experiments.
INSTRUCTIONS TO RESPONDERS:
Firms are encouraged to engage in a team approach to support these requirements. Small business teams are also encouraged to respond. Please respond only if you can support the entire engineering/technical services requirement or operations services requirement, or both.
Responses shall be submitted via e-mail. The size per e-mail cannot exceed 10MB. Respondents are permitted to provide ONLY ONE (1) response package. Submissions shall be compatible with the Windows 10 operating system and be made, as appropriate, in Microsoft Office 2003 or more recent versions [Microsoft Word, Microsoft Excel (data file should be .xls file format), Microsoft Project and Microsoft PowerPoint]. Excel files shall not contain any hidden cells, hidden sheets, locked formulas, or access data from any files that are not included with the response package.
The response package shall not exceed 30 pages and shall be sectioned as described below. Pages containing text shall be typewritten on standard letter 8.5x11 quote mark size paper. Each paragraph shall be separated by at least one (1) blank line. Drawings or other graphics shall be reduced only to the extent legibility is not lost. Each page shall be single spaced with a minimum of 12-point Arial font and no less than one (1) inch margins/borders. Any table or graphic shall utilize a minimum of 10-point Arial font and may be landscape.
REQUIREMENTS:
Respondents are asked to provide an approach for the following requirements that includes a summarization of past experience. When responding please retain the outline structure identified below. Responses will be limited to 30 pages.
Mission. The C5ISR Center CDOR is a certified DoD Tier-2 CSSP that develops tools and techniques, deploys customized sensing, and monitors various hardware and software cybersecurity solutions operating in UNIX and Windows based environments of our subscriber networks to maintain our excellence within the Government. Our coverage currently ranges across DoD Non-classified Internet Protocol Router Network, Secret Internet Protocol Router Network, Defense Research and Engineering Network (DREN), Secure DREN, U.S. Government approved commercial Internet Service Provider connections, U.S. Government approved Commercial Cloud, and U.S. Government Closed Restricted Networks. The C5ISR Center CDOR utilizes a combination of government off-the-shelf (GOTS), commercial off-the-shelf (COTS), custom tools and DoD-mandated commercial tools that provide a comprehensive defensive cyber operations service.
Operations Question #1: Describe your approach to research and develop solutions for Defensive Cyber Operations, by leveraging real time operational data through the application of innovative technologies and advanced analytics to confront the most sophisticated and damaging cyber threats.
Operations Question #2: Describe your approach to conduct 24/7/365 continuous monitoring of our customers through our GOTS IH/IR framework supporting reporting and protection services to a multitude of DoD subscribers, and maintaining accessibility and transferability of a large dataset of subscriber network data for collaboration with C5ISR Center partners and peer organizations.
Operations Question #3: Describe your approach to performing DCO services in a cloud computing environment and investigating new methods, tactics, tools, techniques, and technologies to address Defensive Cyber Operations including, but not limited to system compliance and integrity, multi-tenancy, cloud native cyber defense initiatives, desktop-as-a-service, encryption, and file management.
Operations Question #4: Describe your approach to recommended solutions to enhance operational processes through automation in reducing manpower and workloads.
Operations Question #5: Describe your approach to continue a Government-owned, Contractor operated arrangement. Include a list of top-level policies, guidance, and other relevant documentation and or recommendations for operator programs, such as; manuals, documentation, training aids that your company uses to certify Contractor operators.
Innovation Question #6: Describe your approach to investigating emergent and innovative advancements within cyber defense research; advanced detection methods; sensor structure, data optimization, sensor architectures; intrusion detection innovations, evaluation methods, attack behaviors, insider threat, and adversarial threat predictions that will enhance existing capabilities and mitigate future risks and threats rapidly.
Innovation Question #7: Describe your approach to investigating research and recommended solutions to expand current capabilities and establish new methods, tactics, tools, techniques, and technologies to help security analysts de-conflict, correlate, understand, and present large volumes of data to support informed decision making at different operational levels, with diverse, divergent, or emergent data never analyzed nor which a profile of content exists, most notably the design for the human-computer interfaces to portray many aspects of situational awareness to fit analysts' cognitive processes, and rapidly respond to aggregated information.
Innovation Question #8: Describe your approach to emergent research and recommended solutions to establish new methods, tactics, tools, techniques, and technologies to address the challenges of mobile devices, operationally embedded platforms and SCADA (Supervisory Control and Data Acquisition) systems for device integrity, isolation, and protective measures as well as integrating into enterprise DCO situational awareness platforms.
Innovation Question #9: Describe your approach to emergent research and recommended solutions to establish methods, tactics, tools, techniques, and technologies to facilitate the collecting, organizing, analyzing, measuring, understanding, and visualizing extremely large amounts of cybersecurity data to uncover hidden patterns, unknown correlations, and other useful information to support the desired implementation and execution of capability with an focus in leveraging Automation, Machine Learning, and Artificial Intelligence.
Question #10: Provide a notional organizational staffing chart and you staffing approach as part of your discussion that supports the CSSP/DCO mission areas IAW DoDI 8530.1 and the Evaluators Scoring Metrics VER 9.2 constructs.
General Engineering Tasks: Our environment includes, RHEL and OS X based servers; RHEL and Windows based operating systems, virtualized infrastructures, with Amazon Web Services, Microsoft Azure, and MILCLOUD 2.0 cloud compute and storage support. Additionally we have require software development and sustainment that includes applications or tools using core programming languages (Python, PHP, JavaScript, C/C++, Java). Applications include leveraging COTS tools such as Tableau and open source tools such as, but not limited to Elastic and Kibana.
Question #11: Describe your approach to provision knowledge and experience as a product and solution developer to produce computing solutions derived from DoD security policies and regulations to ensure that the product design complies with applicable standards identified (e.g., safeguarding personal and private information, data protection laws).
Question #12: Describe your approach to provide operational and technical engineering support to include design, implementation, testing, integration, interoperability, life cycle, and sustainment of information technologies comprising enterprise capabilities, hardware, software, and initiatives supporting a CSSP.
Question #13: Interrogator is the GOTS network intrusion detection architecture developed by C5ISR Center CSSP. Describe your approach to maintain and enhance a GOTS framework that is designed to ingest and analyze network information (raw network traffic, network artifacts, and network flows) and relevant artifacts produced within this system for relevant DoD mandated reporting and tracking.
Question #14: Describe your approach to RMF compliance, cost control, cost avoidance, as well as innovative approaches to automating and confirming RMF procedures. Discuss any software tools or other techniques you may have used successfully in past applicable efforts, most notably those leveraging GOTS or open-source environment.
Supply Support Question #15: - Identify your procurement process to include major suppliers and expected timelines to support the purchase of hardware, software, and Cloud Service Offerings.
Operation Management Question #16: - Describe your technical approach to operator and manpower requirements needed to sustain systems to include staffing requirements, training, rotation and attrition for Top Secret, Secret, Special Access classified and sensitive operations.
COMPANY INFORMATION:
1. Please provide the following Point of Contact information:
Company:
Address:
Point of Contact:
Phone Number:
Fax Numbers:
Email Address:
2. Please identify your company's small business size standard based on the primary NAICS code of 541715. The small business size standard for this NAICS code is 1,000 employees. For more information refer to http://www.sba.gov/content/table-small- business-size-standards.
Small Business (SB) Concern 8(a)
Small Disadvantaged Business (SDB) Woman-Owned Small Business
Historically Underutilized Business Zone (HUBZone) Veteran-Owned Small Business
Service-Disabled Veteran-Owned Small Business
3. If you identify your company as a Small Business or any of the SB subcategories as stipulated in Question #2, than is your company interested in a prime contract for the CDOR requirement?
4. Under the current SB recertification regulations, do you anticipate your company remaining a small business, under primary NAICS Code of 541 -- Professional, Scientific, and Technical Services? If you are a SB please answer questions 4a & b. All others skip to Question #5.
a. What percentage of this requirement do you plan to perform in house (not sub-contract out)? Also indicate (with supporting rationale) if/how your company would be compliant given the restrictions identified in the Defense Authorization Bill 2013, which states that at least 50 percent of the total contract cost will be performed by the small business prime contractor or small business similar situated entities.
b. If you are a small business, does your company have adequate resources, financial or otherwise, to perform the requirement?
5. Please provide details regarding any anticipated teaming arrangements, strategic alliances, or other business arrangements to satisfy the CDOR requirements. Respondents are requested to identify teams, indicating each team member's size status based upon the NAICS code of the work that the team member may be doing. Please list the process used in selecting the teaming members.
6. Is your company currently providing similar services to another government agency (you may also include contract #s for government) or other non-government customer? If so, please identify the agency or non- government customer. If you are unwilling to share your customer's identity, please address whether your company offers the same or similar services commercially.
7. Please identify your company's past and current customers to which you provided this type of service or similar services, including a customer/company name and point of contact, phone number and address/e-mail where they can be contacted.
8. Does your company have a Defense Contract Audit Agency approved accounting system?
9. Please identify the company's facility clearance level. Also indicate the number of company employees who currently possess or are eligible for SECRET and TOP SECRET clearances.
Contracting Office Address:
ACC-APG - Aberdeen Division A , 6565 Surveillance Loop, Aberdeen Proving Ground, MD 21005-1846
Place of Performance:
The Contractor shall perform the CSSP DCO services required under this PWS primarily at:
• U.S. Army Combat Capabilities Development Command (CCDC) - ARL / Adelphi Laboratory Center (CCDC-ARL-ALC) Adelphi, MD (Branch Headquarters)
• U.S. Army Combat Capabilities Development Command (CCDC), C5ISR Center - Aberdeen Proving Ground (APG), MD (Branch Support Staffing)
• U.S. Army Garrison, FT Belvoir, VA (DCO Analysts)
• 24th Air Force / Joint Base San Antonio, San Antonio, TX (Support and DCO Analysts)
• Schriever AFB, Colorado Springs, CO (DCO Analysts)
• Cheyenne Mountain Air Force Station (CMAFS), Colorado Springs, CO (DCO Analysts)
The Contractor shall be prepared to work at additional sites in the District of Columbia metro area with one (1) week of advanced notice or as directed in support of continuity of operations or emergency response activities approved by the COR. The Contractor shall be prepared to work at additional sites identified through CSSP operations supporting subscribers outside C5ISR Center facilities with one (1) month of advanced notice, or as designated by the Government; and shall be prepared to work with one (1) week advance notice at temporary duty locations, both contiguous U.S. and outside the contiguous U.S.
Brian Holman, Contracting Officer, Phone 4438614612, Email Brian.J.Holman2.civ@mail.mil
