The challenge

Context of the challenge

All organisations are aware of cybersecurity risks, with several recent high-profile cases. There are numerous online guidance and resource documents to help organisations protect themselves, notably published by the National Cyber Security Centre.

To protect the UK government against potential risks and new attacks, greater visibility and network testing are required. To enable this, the use of low size and cost network monitors is being explored. These would enable advanced penetration testing capabilities to be used against networks including packet manipulation as well as increasing network visibility.

The gap

There are some existing tools that can directly monitor network traffic, but these are typically targeted towards large operators and are scaled for much higher network volumes than is needed for this use case, resulting in higher price tags. There is a requirement to develop a low size, weight and power variant, which can operate within small data centres. It should also be low-cost to encourage wider adoption.

The critical technical requirement is a network pass-through (optical or copper) that allows the network to be unaffected by the network monitor, even if the network monitor were to fail in operation.

Example use case

To guard against potential hacking attempts, a security operations centre is working with a team to monitor network traffic to and from a government estate. As part of increased security, they also plan to carry out regular penetration tests on the network, to ensure it is protected.

Kay’s team is trialling a new network monitor to observe traffic at source. If successful, Kay will roll this out to other sites. Even though this is a test, it would cause serious impact if the network monitor disrupted internet connection.

Part of Kay’s team are specialist network engineers to ensure correct installation. They are working late at night to minimise disruption. The installation area is cramped for space, can get quite hot, but at least does have easy access to AC mains.

Once installed successfully the data link is passed to the security operations centre.

Kay’s team also has the option to inject modified packets to simulate malicious traffic. This penetration test is caught by the firewall, confirming a successful outcome for the security operations centre.

At some point during operation, the network monitor fails. It is later discovered that there was a minor manufacturing defect that only caused an issue after some time. However, this proved a successful trial as, during failure mode, the fail-safe pathway allowed data to bypass the network monitor without incident.

Project scope

Applicants should aim to deliver a demonstrator and report in this 12-week project. This is open to Technology Readiness Levels (TRL) from 5 – 9. It is recommended that proposals label both the existing TRL and the TRL expected by the end of the 12 weeks. Critical, essential and desirable requirements are listed, along with constraints and what is not required.

Critical requirement:

• Must incorporate an optical or copper pass-through, so if the device fails it does not affect normal network traffic.

Essential requirements:

• Deliver a physical demonstrator at the end of the project, for further testing by the sponsors.
• Operating temperature range of -10C to +60C.
• Low size, weight and power (SWaP) must be considered, and if not achievable in the 12-week project a roadmap must be presented to achieve this in the future. Ideal size is less than 1 litre.
• Ideal power is less than 45W, from mains AC.
• Processor must be capable of bi-directional 10Gb bandwidth.
• Copper network input or fibre network input.
• Multi-mode and single mode network.

Desirable requirements:

• Ideal Ingress Protection rating is IP66.
• Consider relatively low cost for final unit price, a price over £5,000 may be prohibitive.
• Consider the mechanism to program a unit. The sponsors of this challenge will work with the solution provider on preferences and software package trade-offs.
• Copper network input and fibre network input in the same unit.
• Consider robust and rugged used units, however this is largely out of scope for this phase of the project.

Constraints:

• Operation within a small data centre.

Not required:

• Horizon scanning only.
• Large bulky and high-cost units.
• Not just a passive tap or span.

Eligibility

This challenge is open to sole innovators, industry, academic and research organisations of all types and sizes. There is no requirement for security clearances.

Solution providers or direct collaboration from countries listed by the UK government under trade sanctions and/or arms embargoes, are not eligible for HMGCC Co-Creation challenges.

Invitation to present

Successful applicants will be invited to a pitch day, giving them a chance to meet the HMGCC Co-Creation team and pitch the proposal during a 20-minute presentation, followed by questions.

After the pitch day, a final funding decision will be made. For unsuccessful applicants, feedback will be given in a timely manner.

Clarifying questions

Clarifying questions or general requests for assistance can be submitted directly to cocreation@hmgcc.gov.uk and co-creation@dstl.gov.uk before the deadline with the challenge title as the subject. These clarifying questions may be technical, procedural, or commercial in subject, or anything else where assistance is required. Please note that answered questions will be published to facilitate a fair and open competition.