SBIR-STTR Award

The most direct way to meet the technical objectives for the Secure Virtual Environment (SVE) for Cyber Resiliency Validation would be to replicate the missile defense system’s tactical hardware, software, and network. However, this is cost prohibitive due to the amount of hardware procurement required for the Cyber test environment. Luckily, with the exception of supply chain threats, firmware, and SATCOM jamming/spoofing threats the majority of cyber vulnerabilities that require testing are in the operating systems, software applications, and network configurations as opposed to the physical hardware. As a result, a cyber environment that provides simulated hardware and network devices hosting tactical operating systems, software application, and network configurations is the most cost-effective approach to meet the technical objectives for the SVE for Cyber Resiliency Validation. Gray Analytics shall architect a proof-of-concept architecture for a fully automated SVE incorporating DoD Enterprise DevSecOps Reference Design and the DoD CIO cloud strategy in conjunction with the hardware virtualization work from Oak Ridge National Labs on previous efforts. This Continuous Integration/Continuous Deployment (CI/CD) pipeline architecture is capable of rapidly creating cyber test environments by using virtual emulations of missile defense systems and will include automated cyber resiliency validation regression testing and analysis capabilities. Approved for Public Release | 20-MDA-10398 (2 Mar 20)

Gray Analytics and the Oak Ridge National Laboratory (ORNL) propose to design a prototype environment for a fully automated Secure Virtual Environment (SVE). The objective of the Gray Analytics methodology is to create an architecture dedicated to persistent cyber testing that utilizes modern technologies/methods and divorces the dependencies between Hardware and Software. The most significant identifiable hurdle is the changing of culture and moving from a traditional Hardware In the Loop (HWIL) approach, to a robust Continuous Integration and Continuous Deployment or Delivery (CI/CD) pipeline-based architecture, capable of rebuilding within hours as opposed to months. The adversary is not limited to time or restricted by test constraints. It is vital to create a test environment for Cyber testing that lifts all constraints. Gray Analytics and ORNL believe a CI/CD pipeline utilizing Hardware virtualization will provide this unconstrained environment. Approved for Public Release |21-MDA-10789 (21 Apr 21)