Problems

Problems for 2021 Cohort

Apply to one of our list of curated problems or bring your own tech!

We continue to curate the problems for the Hacking for Defense 2021 cohort from across the U.S. Department of Defense and Intelligence Community. Check back in for updates as we add more problem statements!

#1 Teaming for the Win
#2 Next Generation of Cybersecurity
#3 Combatting Malicious Cyber Actors’ Use of Disposable Infrastructure
#4 Open Source Cybersecurity Tools
#5 Sorry, You Just Don’t Meet My Standards
#6 Replacing Radios
#7 In the Red Zone
#8 Indo-Pacific Strategy
#9 Radicalization Inoculation

Problem Description

#1 Teaming for the Win

CHALLENGE
Platoon Radio Control Operators need effective ground to air asset autonomous teaming in order to improve platoon situational awareness and maneuvering in cluttered, urban environments.

BACKGROUND

Army platoons leverage autonomous ground and air assets to provide surveillance of targeted areas. Autonomous ground assets such as robotic dogs and autonomous air assets such as unmanned aerial vehicles (UAVs) cannot currently communicate to provide a full panorama of urban, cluttered environments. If they could effectively communicate and team together, UAVs could guide ground assets to sense or observe potential threats such as people, objects, or smoke that UAVs cannot. Inversely, ground assets could push UAVs to provide overhead surveillance of an area ground assets cannot reach.

The Army recently released guidelines stating that in a future operational environment, ground to air asset teaming could improve situational awareness and maneuvering by a factor of 10x. To address that potential improvement, the Defense Advanced Research Projects Agency and the Army Research Laboratory are investing in autonomous teaming projects. However, neither of those efforts addresses the difficulties of teaming in a cluttered, urban environment.

OPERATIONAL CONSTRAINTS 
• Teaming should allow for 2-3 air assets to communicate with one ground asset
• Communications must be secure and low signature

PROBLEM SPONSOR
Army Research Laboratory

#2 Next Generation of Cybersecurity

CHALLENGE
Cybersecurity analysts need an efficient tool to identify and remediate cyber vulnerabilities in order to keep systems more secure and reduce the human time spent on vulnerability management.

BACKGROUND

Modern warfare has largely moved out of the in-person theatre and into Cyberspace. Day-to-day  operations of the Department of Defense (DoD) networks and systems face challenges from scanning,  probing, and possible penetration of these systems vital to the nation and our defense. As a result, the  DoD has named Cyberspace as the 5th domain of war.  

Within the Defense Logistics Agency (DLA), the current cyber vulnerability management process is: (1)  Receive vulnerability notifications from the DoD Computer Emergency Response Team (CERT); (2)  Scan for and catalog vulnerabilities; (3) Submit scan results to system owner for remediation; (4) Enter  change requests to test patches; (5) Deploy patches in test environments; (6) Test patches; (7) Enter  change requests for production patching; (8) Deploy patches in production; (9) Rescan for  vulnerabilities; (10) Verify vulnerabilities remediated, and finally; (11) Close out change requests. 

This linear process can take on average 9 months and leave systems with publicly known open  vulnerabilities. At any given time, there may be thousands of open vulnerabilities across a system before  patches can be deployed through current processes. In addition, there may be unknown vulnerabilities on  the system that are not found by scanning. Therefore, DLA cybersecurity analysts need an efficient and  fast tool to identify and remediate cyber vulnerabilities in order to keep systems more secure and reduce  the human time spent on vulnerability management. 

OPERATIONAL CONSTRAINTS 
Automated management systems exist for scanning and patching vulnerabilities

PROBLEM SPONSOR
Defense Logistics Agency

#3 Combating Malicious Cyber Actors’ Use of Disposable Infrastructure

CHALLENGE
Cyber defenders need new techniques to quickly identify and dismantle disposable infrastructure used by malicious cyber actors in order to protect national security cyber operations.

BACKGROUND
Malicious Cyber Actors (MCAs) use “disposable infrastructure” based on commercially available Virtual Private Server (VPS) offerings. Disposable infrastructure is easy and cheap to spin up and easily destroyed when MCAs have completed their intentions or activities. Using many servers, each for only a short interval, MCAs can hinder efforts to detect and disrupt their operations, making it incredibly difficult to be caught. By the time cyber defenders can identify attacker infrastructure by traditional forensic analysis, the MCAs have already moved on.

Cyber defenders from within the national security ecosystem have successfully disrupted malicious cyber campaigns by identifying persistent infrastructure used by multiple malware installations. However, the process often takes too long (approximately two days), which means that when the MCA’s are using disposable infrastructure, they are long gone by the time their infrastructures are discovered. Therefore, cyber defenders need new techniques to quickly identify and dismantle disposable infrastructure.

OPERATIONAL CONSTRAINTS 
• Solution should be scalable. 
• Solution should consider needed speed to catch a malicious cyber actor while they are still online. 
• Team should explore all potential data sources. 

PROBLEM SPONSOR
National Security Agency

#4 Open Source Cybersecurity Tools

CHALLENGE
National Security Agency Center for Assured Software personnel need to identify the optimized combination of open source cybersecurity tools in order to ensure organizations with limited resources are performing security assurance during development.

BACKGROUND
When cybersecurity analysts are doing an analysis, they use a number of automated analysis tools. The more tools used, the better coverage they get, as each tool provides different advantages. However, these tools are costly, ranging from $50,000 to a million dollars each, and often with additional maintenance fees around 15 to 20% of the purchase price. Not all organizations have the budget to purchase multiple tools to get the coverage they need. In these cases, the organizations will often reach out to the Joint Federated Assurance Center (JFAC), looking for free solutions. JFAC routes these requests to the National Security Agency Center for Assured Software, who responds with known open source software such as Flawfinder, PMD, Bugcheck, etc. However, this is time intensive, and does not necessarily consider the overlap in capabilities between the open source tools or ways to tweak existing tools. Organizations with limited resources need a recommended list and combination of free and open source tools to increase the security of software source code under development.

OPERATIONAL CONSTRAINTS 
• None

PROBLEM SPONSOR
National Security Agency

#5 Sorry, You Just Don’t Meet My Standards

CHALLENGE
Air Force Fleet Management and Analysis personnel need a way to quickly and easily ascertain the functionality of vehicles across their fleet in order to better prioritize resources and manage maintenance workflows.

BACKGROUND
Seymour Johnson Air Force Base vehicle maintenance personnel are responsible for maintaining over 550 vehicles. Managing the repairs for all of these vehicles requires the easy collection and analysis of repair data, such as when a vehicle was sent in for maintenance, what repairs are needed, and where the vehicles are in the maintenance pipeline. Currently, this information is spread out across different databases and sources. Because of this, every Air Force base maintenance team has different work-arounds to pull and showcase data more easily, such as rudimentary pivot tables into Microsoft Excel and Access.

At Seymour Johnson Air Force Base, personnel must pull data from DPAS (Defense Property Accountability System) where work orders and vehicle maintenance histories are kept and from ETIC (Estimated Time for Completion) which has records of what maintenance work needs to be done and what parts are needed. They then input this data into an excel sheet, and manually compare different metrics of the vehicle to a list of vehicle operation standards known as the MEL (Mission Essential Level). This process is very time consuming and has many different manual entry moving parts that leave it vulnerable to human error issues.

Knowing how usable a vehicle is, through MEL evaluation, is essential to prioritizing maintenance jobs and is a major pain point in the current manual process. For example, if a certain type of truck breaks down and is in need of a replacement, it is important to know what similar trucks are in the maintenance pipeline and can receive prioritized service to fill this gap for critical missions. Fleet Management and Analysis personnel need a capability that allows them to easily access the MEL of vehicles in their pipeline, enabling maintenance personnel to more quickly and efficiently perform their jobs and meet the needs of the base.

OPERATIONAL CONSTRAINTS 
• Tool should use DPAS inquiry pulls
• Tool must utilize Microsoft programs such as Access or Excel, as the team cannot purchase new programs

PROBLEM SPONSOR
U.S. Air Force

#6 Replacing Radios

CHALLENGE
United States Air Force Combat Rescue Officers need an improved communication tool when conducting Personnel Recovery in order to enhance situational awareness and streamline mission execution.

BACKGROUND
When an Air Force pilot goes down, several factors must be communicated to conduct a successful recovery. Combat Rescue Officers and mission planners in a Joint Operations Center need to know where the pilot is, their physical condition and treatment needed, infiltration routes, enemy location, how they get the pilot ready for pickup, and more.

In one potential scenario, Pararescue teams to parachute to the pilot and provide care based on the information communicated to them. This team must get to the site, find and package the pilot, call in a rescue helicopter, communicate landing or rendezvous points, and move to the location where it can land. In order to get the information needed, this process typically requires communication up, down, and across the team and levels of command.

Currently, nearly all communication is done manually via radio. There are two types of radios used to communicate this, a survival radio used by the pilot and tactical radios used by the operators. Both radios are both cumbersome to carry and require the user to actively convey the required information – which may not always be possible throughout the particular scenario. Even more, radios must function consistently when moving through different conditions and locations, such as in the helicopter, free falling, in water, or on land. Meanwhile, on the other side, the operations center is attempting to track everything communicated via radio as the mission is playing out. Over the last number of years, communication technology has vastly evolved, but this communication method for situational awareness has not drastically changed.

OPERATIONAL CONSTRAINTS 
• DIU is considering smart garments and emerging personal body wireless networks, but has not yet pursued a particular combination or configuration of tools for this mission area.

PROBLEM SPONSOR
In-Q-Tel and Defense Innovation Unit (DIU)

#7 In the Red Zone

CHALLENGE
Military officers need a way to regulate their stress levels while making high-stake decisions in order to reduce critical mistakes and potential lasting trauma.

BACKGROUND
Military officers and enlisted soldiers must make split-second high-stake decisions under extreme stress, which can result in critical mistakes as well as prolonged mental trauma such as PTSD. Research has shown impaired judgement and tendency towards higher-risk decision making while under extreme stress.

However, this relationship between stress and decision-making can be managed by creating and adaptive response mitigating these effects. Physiological indicators, such as heart rate, blood pressure, body temperature, eye movement, hormone levels (e.g. cortisol) and immunological functions can be used to assess stress. Behavioral patterns, such as fidgeting, pacing, sleep patterns, impulsivity, and more can be another way to indicate stress in the individual.

The Army Research Laboratory has been building a neuroscience based smart biofeedback device that monitors physiological and behavioral states and alert users to self-regulate when they are in the “red zone”. Use of this device during training and real-life will optimize officer decision making and reduce prolonged stress.

OPERATIONAL CONSTRAINTS 
• None

PROBLEM SPONSOR
Army Research Laboratory

#8 Indo-Pacific Strategy

CHALLENGE
The United States Navy needs new operational concepts to incorporate emerging technologies in order to successfully compete and deter aggression in the Indo-Pacific.

BACKGROUND
The character of naval warfare is changing thanks to emerging technologies. Adversaries have rapidly modernized their military and have demonstrated increased willingness to take risks. Factors such as missile threats increase the distance of war away from the hotzone. Future war will require close collaboration between services as well as across domains- including unmanned aerial, surface, and undersea. In order to efficiently improve capabilities, more agile procurement
and approval processes need to be examined.

The ability of the U.S. and our allies to successfully compete against great power rivals hinges not only on our ability to develop new technologies, but more importantly, to incorporate them into new doctrines and operational concepts. The United States Navy needs to develop operational strategy to incorporate emerging technologies with regards to the Indo-Pacific region, where tensions have escalated between our allies and adversaries across domains in recent years.

OPERATIONAL CONSTRAINTS 
• None

PROBLEM SPONSOR
Office of Naval Research

#9 Radicalization Inoculation

CHALLENGE
Army Commanders need to understand the factors influencing extremism in the military community in order to maintain a ready force.

BACKGROUND
Given the media identification of several individuals with military ties in the January 6, 2021 events at the U.S. Capitol, the DoD has recently publicly recommitted to countering domestic violent extremism (DVE) within their ranks. However, there are a few factors that make this challenging.

While the Army prohibits participation in extremist organizations and activities (Army Regulation 600 – 20, Army Command Policy dated 24 July 2020, Chapter 4-12) it does not have a system in place to identify in real time the on line attempts to influence service member to join prohibited groups. The regulation prohibits actions by Soldiers involving extremist organizations and establishes that violations of the prohibitions are punishable under the Uniformed Code of Military Justice. This regulation addresses the responsibilities of commanders after they have identified extremist behavior, but does not address the indicators or methods extremist groups may use to recruit or radicalize service members.

Current efforts to prevent extremism in the ranks focus on education of service members at all levels. The most recent example of this the training directed by the Secretary of Defense on February 5, 2021. Leadership currently lack the ability to identify ongoing efforts to recruit or radicalize individual service members outside of observed or reported activities. It is also unknown whether those who participated in the January 6th events that have previous military experience were radicalized while in the service or subsequent to their time on active duty.

OPERATIONAL CONSTRAINTS 
• None

PROBLEM SPONSOR
US Army