Securing the SCIF of the Future

The Intelligence Advanced Research Projects Activity (IARPA) seeks information regarding highly innovative approaches to securing Sensitive Compartmented Information Facilities (SCIFs). One area of interest is advanced materials or techniques to fully shield SCIFs from unintended radio frequency (RF), optical, magnetic, or acoustic transmissions. Second, we seek novel approaches or technologies enabling more effective and reliable technical surveillance countermeasures (TSCM) to detect and monitor surveillance attacks against existing and future SCIFs. Finally, we must both detect and secure the operation of wireless devices and networks near and within sensitive areas and prevent the unauthorized entry and operation of a variety of portable electronic devices.

This request for information (RFI) is issued solely for information gathering and planning purposes; this RFI does not constitute a formal solicitation for proposals. The following sections of this announcement
contain additional details of the scope of technical efforts of interest, along with instructions for the submission of responses.

Background & Scope

Our adversaries continue to develop advanced tools and methods to enable technical surveillance attacks against sensitive U.S. facilities and personnel. These attacks are increasingly sophisticated and
may exploit a variety of different sensors and data exfiltration paths. It is imperative that we are able to detect the operation and location of any adversarial sensors, whether concealed or hidden in plain sight,
and eliminate all possible transmission paths for exfiltration of data. This requires that all structural components of the SCIF have highly effective shielding to a broad spectrum of energy and a variety of
waveforms; it also requires that we have an advanced understanding of the ways in which adversarial sensors can be concealed and detected whether they are active or passive. We anticipate that modern
SCIFs and their surrounding facilities are likely to be constructed with smart-building management systems having both wired and wireless sensors; we must prevent such systems from leading to
additional means for data exfiltration. We also anticipate that greater use of wireless networks and portable electronic devices in and near secure areas will demand greater protection of SCIFs from a
variety of wireless exploitations. In addition, mobile communications devices and portable memory storage devices have become so ubiquitous that we seek improved means to detect the entry, presence
and use of these devices in sensitive areas where such means are not harmful to human health. Finally, given the vulnerability of computer information technology (IT) to a variety of malware and other
attacks, we anticipate blended attacks where cyber-attacks of implants on IT equipment will work in conjunction with other sensors or data exfiltration paths.

SCIFs, now and in the future, must be fully protected from RF transmission. Radio transmitters, both standalone and embedded within wireless networks, can create opportunities for surveillance when RF
(U) RFI: Securing the SCIF of the Future transmissions can pass into and out of secure areas; therefore, robust attenuation of RF and other electro-magnetic (EM) carriers is desired using techniques that may go beyond the capabilities of our current standard, certified shielded enclosures. The types of RF threats that should be considered include signals associated with wireless networking, commercial communications, extremely low power signals, spread spectrum, burst and frequency hopping transmission, various modulation formats with and without encryption, etc. In addition, we must attenuate both RF/EM and optical propagation in the windows of our secure facilities. This can present an even greater challenge; current RF window technologies sometimes over-attenuate visible light transmission. Future windows need designs that both match the shielding performance of surrounding materials and still allow at least 90% of the visible light to be transmitted. Window concepts for new construction and retrofitting proposals for windows in existing buildings, such as a window films, are both of interest.

In the future, we may explore the authorized operation of wireless networks in or near sensitive areas; it is imperative that we develop appropriate technologies and methods to both secure these networks and prevent them from being exploited. Therefore, we strongly seek advanced concepts for securing wireless networks at the physical layer in addition to encryption used at the logic and application layers.

The modern surveillance environment will also be challenged by the use of highly distributed consumer electronics both within and beyond secure perimeters; these can be vulnerable to sophisticated
adversarial attacks that are difficult to detect or intercept. Given the abundance of such signals, and as the “Internet of Things” continues to grow, we believe that automated approaches to wireless signal
detection and classification will become critical to successful monitoring and effective countermeasures in the future. The automated approaches that could be considered include machine learning for signal
detection and classification, spectrum-analysis, integration of RF signal data with building management and security systems data, etc.

Current policies greatly restrict the use of most personal portable electronic devices in secure areas; however, we seek novel means, not harmful to human health, to detect the unauthorized presence or
use of non-emitting personal electronic devices, such as thumb drives, flash drives, and other memory devices to ensure policy compliance. Incidents of bulk exfiltration of U.S. government data via portable
storage devices have been widely publicized. In addition, there is growing commercial availability of USB and other audio recording devices in a variety of household and office concealments. We must
have reliable ways to detect these devices both on personnel entering facilities and in their personal effects. Speed and ease of detection is a key factor to ensure that a screening process does not create
unreasonable delays at access control points of buildings, offices, and SCIFs. Two scenarios of interest include detecting device(s) on a person (with no health risk), and detecting device(s) within other items
such as purses, briefcases, folios, etc.

The literature offers examples of attacks against facilities where RF, optical, or acoustic energy is reflected from or directed into facilities so that the modulated energy can be analyzed for useful data.
For example, there is growing commercial availability of laser microphones with advanced capabilities that are reasonably simple to operate. Therefore, advanced countermeasures could include means to
detect and mitigate or attenuate laser beams, RF flooding or beaming, sonic beams, etc.

In summary, this RFI has multiple specific objectives; it seeks advanced approaches to greatly improve the attenuation of RF and other signal carriers propagating into and out of SCIFs and surrounding areas
and highlights windows as a significant priority. It seeks novel approaches to further secure authorized wireless networks. It seeks automated approaches to detecting, characterizing, monitoring, and
potentially countering a variety of wireless signals in a complex RF environment where many consumer devices and smart building devices may also be in operation. It seeks safe approaches to detecting
personal, portable recording and storage devices. In addition, it seeks ways to detect and mitigate energy directed against or into facility for the purpose of surveillance. Finally, this RFI welcomes new
approaches to significantly automate or improve any aspect of TSCM across the spectrum of anticipated surveillance attacks.

Responses to this RFI can address any or all of the above objectives:

  1. Describe your approach to achieving the objective(s).
  2. Quantify the improvement in your proposed approach over state-of-the-art:
    a. Your proposed approach should be suitable for standalone buildings as well as retrofit inside existing buildings
    b. For window design, improvement in RF attenuation and visible light transmission
    c. For technical surveillance detection, show improvement in both detection capability and the manpower savings.
  3. Identify all research challenges relating to the proposed approach(es).

Preparation Instructions to Respondents

IARPA requests that respondents submit ideas related to this topic for use by the Government in formulating a potential program. IARPA requests that submittals briefly and clearly describe the potential approach or concept, outline critical technical issues/obstacles, describe how the approach may address those issues/obstacles and comment on the expected performance and robustness of the
proposed approach. If appropriate, respondents may also choose to provide a non-proprietary rough order of magnitude (ROM) estimate regarding what such approaches might require in terms of funding
and other resources for one or more years. This announcement contains all of the information required to submit a response. No additional forms, kits, or other materials are needed.

IARPA welcomes responses from all capable and qualified sources from within and outside of the U.S.

Because IARPA is interested in an integrated approach, responses from teams with complementary areas of expertise are encouraged.

Responses must meet the following formatting requirements:

  1. A one page cover sheet that identifies the title, organization(s), respondent's technical and administrative points of contact - including names, addresses, phone and fax numbers, and email addresses of all co-authors, and clearly indicating its association with RFI-19-03;
  2. A substantive, focused, one-half page executive summary
  3. A description (limited to 5 pages in minimum 12 point Times New Roman font, appropriate for single-sided, single-spaced 8.5 by 11 inch paper, with 1-inch margins) of the technical challenges and suggested approach(es);
  4. A list of citations (any significant claims or reports of success must be accompanied by citations);
  5. Optionally, a single overview briefing chart graphically depicting the key ideas. 

Submission Instructions to Respondents

Responses to this RFI are due no later than 4:00 p.m., Eastern Time, 31 December, 2018. All submissions must be electronically submitted to dni-iarpa-rfi-19-03@iarpa.gov as a PDF document. Inquiries to this RFI must be submitted to dni-iarpa-rfi-19-03@iarpa.gov. Do not send questions with proprietary content. No telephone inquiries will be accepted.

Disclaimers and Important Notes

This is an RFI issued solely for information and planning purposes and does not constitute a solicitation. Respondents are advised that IARPA is under no obligation to acknowledge receipt of the information received, or provide feedback to respondents with respect to any information submitted under this RFI. Responses to this notice are not offers and cannot be accepted by the Government to form a binding contract. Respondents are solely responsible for all expenses associated with responding to this RFI. IARPA will not provide reimbursement for costs incurred in responding to this RFI. It is the respondent's responsibility to ensure that the submitted material has been approved for public release by the information owner. The Government does not intend to award a contract on the basis of this RFI or to otherwise pay for the information solicited, nor is the Government obligated to issue a solicitation based on responses received. No proprietary and no classified concepts or information shall be included in the submittal. However, should a respondent wish to submit classified concepts or information, prior coordination must be made with the IARPA Chief of Security. Email the Primary Point of Contact with a request for coordination with the IARPA Chief of Security. Input on technical aspects of the responses may be solicited by IARPA from non-Government consultants/experts who are bound by appropriate
non-disclosure requirements.

Contracting Office Address:

Office of the Director of National Intelligence
Intelligence Advanced Research Projects Activity
Washington, District of Columbia 20511
United States

Primary Point of Contact:

Mr. Manfai Fong
Intelligence Advanced Research Projects Activity
dni-iarpa-rfi-19-03@iarpa.gov

IARPA-RFI-19-03  OPEN

Posted Date: November 1, 2018
Responses Due: December 31, 2018