A Request for Information (RFI) on methods of continuously authenticating user identity by a person’s distinctive characteristics using software-based biometrics or behavioral profiling is being sought by the Army Contracting Command-Aberdeen Proving Ground (ACC-APG), Huachuca Division, Fort Huachuca, Arizona.
Meanwhile, under a continuing Broad Agency Announcement (BAA), the US Special Operations Command’s (USSOCOM) Program Executive Office (PEO) for Special Reconnaissance, Surveillance, and Exploitation (PEO-SRSE) — a component of USSCOM Special Operations Forces Acquisitions, Technology & Logistics (SOF AT&L-SR) — has requested “White Papers” from the biometrics industry for a biometric product line of “technologies to collect, analyze, and distribute various physical parameters that can be used to identify personnel.”
Both actions are directly connected, though you wouldn’t necessarily understand the connection until both the RFI and the “White Paper” are viewed in the perspective and context of The US Army Concept for Cyberspace and Electronic Warfare Operations 2025-2040 strategy document.
Fort Huachuca is headquarters of the US Army Intelligence Center and Army Network Enterprise Technology Command (NETCOM)/9th Army Signal Command. It’s also headquarters of the Army Military Affiliate Radio System (MARS) and Joint Interoperability Test Command (JITC) and Electronic Proving Ground (EPG), as well as the Joint Interoperability Certifier and the only non-Service Operational Test Agency for Information Technology (IT)/National Security Systems. JITC provides risk based test, evaluation, and certification services, tools, and environments to ensure Joint Warfighting IT capabilities are interoperable and support mission needs.
There’s also the Army Information Systems Engineering Command (USAISEC), whose primary mission is system engineering and integration of information systems for the Army, which includes design, engineering, integration, development, sustainment, installation, testing, acceptance of information systems, and evaluation support for communications and information technology systems worldwide providing capabilities to Army organizations, combatant commanders, DoD agencies, and federal agencies in support of the warfighter. And, there’s also the Communications Security Logistics Activity and the Army Intelligence and Security Command Training and Doctrine Support.
USSOCOM’s PEO-SRSE is responsible for the acquisition, fielding, and sustainment of intelligence systems for Special Operations Forces (SOF) which “contribute directly to USSOCOM priorities to deter, disrupt, and defeat terrorist threats and sustain and modernize the force in persistent intelligence surveillance and reconnaissance.” It’s mission is also to discover, evaluate, and transition technologies to provide an asymmetric advantage for SOF.
The ACC-APG’s RFI’s “primary objective … is to provide methods of continuously authenticating user identity by the distinctive characteristics of the individual by using software-based biometrics or behavioral profiling. The capability should be accurate, robust, and transparent to the user’s normal computer operation.”
The RFI was “issued for the purpose of developing a viable RFP [Request for Proposal] that will best communicate the government’s requirements to industry through this exchange of information. Responses to this request are considered voluntary, and will not affect the contractor’s ability to submit a proposal if, or when, an RFP is released,” ACC-APG said.
However, “The requested information is for planning purposes only, and does not,” ACC-APG, said, “constitute a commitment, implied or otherwise, that a procurement action will be issued.”
The purpose of the ACC-APG RFI is to “conduct market research to gain knowledge and information on new and innovative capabilities, and to help identify potential parties capable to support these requirements in a global, integrated solution that supports and provides active, persistent monitoring and analysis of the enterprise network environment.”
Additionally, ACC-APG said it “would like to gain insight on the socio-economic possibilities that exist, and qualifications that exist of members of the business community capable in supporting this requirement.”
ACC-APG’s requirements are:
• Provide authentication (stand alone or composite) capability to the Department of Defense (DOD) Information Network-Army (DODIN-A);
• Detect unauthorized use of another’s credentials;
• Take automatic action to remove user network access upon failed authentication;
• Provide for continuous assurance of user authentication;
• Detect anomalies in users’ behavior;
• Allow multiple tiers of security granularity based on access privileges, risk policies, user status (VIP, etc.);
• Allow remote admins to authenticate to end-user devices;
• Be transparent to the user;
• Provide ability for admins to review logs and generate reports on a sufficient scale to support multiple tiers (strategic to tactical) of organizational views for +1 Million concurrent users;
• Provide advanced sorting, searching and alerting capabilities for current and past events
• Modular architecture;
• Internally tracked statistics and metrics of the system and of events;
• Ability to export metrics to other reporting/visualization systems;
• Allow for intuitive usability with training for users in order to use the system efficiently and effectively;
• Provide high availability capability as a system for network authentication; and
• Interoperate with existing and legacy Department of Defense systems to support dependable authentication.
While the RFI did not define DODIN-A, according to The US Army Concept for Cyberspace and Electronic Warfare Operations 2025-2040, DODIN-A’s “operations consist of actions taken to design, build, configure, secure, operate, maintain, and sustain communications systems and networks in a way that creates and preserves data availability, integrity, confidentiality, user/entity authentication, and non-repudiation.” DODIN-A was further described as “the baseline cyberspace platform for Army operations,” which includes “proactive measures such as configuration control, patching, information assurance measures and training, physical security, secure architecture design, operation of host-based security systems and firewalls, and encryption of data.”
The Army explained that Electronic Warfare (EW) consists of Electronic Attack (EA), Electronic Protect (EP), and Electronic Support (ES),” and that “when discussing the DODIN, this concept will address the Army’s portion of the DODIN as DODIN-Army.
But DODIN-A is much more. According to The US Army Concept for Cyberspace and Electronic Warfare Operations 2025-2040, it’s “an integral part of cyberspace and EW [electronic warfare] operations,” serving “as an operational warfighting platform that enables global collaboration, ensures access at the point of need, extends to the tactical edge, and can enable the full range of available cyberspace and EW options … DODIN-A enables maneuver from a strategic distance, using Army operational and institutional force capabilities to prevent conflict, shape outcomes, and ultimately win. DODIN-A capabilities allow Army forces to operate more dispersed over wider areas in support of joint combined arms operations. The convergence of disparate DODIN-A transport capabilities into a single transport backbone is a crucial component of operationalizing cyberspace.”
Cyberspace defense of DODIN-A is absolutely crucial, the RFI says, in order to provide “threat monitoring, detection, analysis, and response actions. Army systems provide autonomous detection and response capabilities. By building, operating, and defending cyberspace infrastructure, cyberspace operations forces enable commanders to conduct decentralized operations, enhance understanding of the operational environment, and transition rapidly between operations. A defended and resilient DODIN-A is essential in establishing and supporting multifunctional battle teams conducting disaggregated maneuver.”
The RFI says both, “Cyberspace and EW operations provide capabilities that enhance the impact to potential adversaries in both the physical dimension and cognitive functions creating multiple dilemmas. The Army uses cyberspace and EW capabilities to support information warfare. Information warfare fully encompasses and broadens current information operations and spans several capabilities and functions such as: military information support operations, military deception, operations security, EW, physical attack, special technical operations, information assurance, DODIN-A operations, public affairs, and civil-military operations.”
Army forces incorporate cyberspace and EW operations as essential and consistent components of its leader development, education and training effort to produce and maintain a highly capable military and civilian cyberspace operations workforce.
“The scope of cyberspace operations leader development, education, and training will change across all ranks, positions, and organizational command structures,” the RFI states, noting, however, that, “The Army uses a common baseline of training for personnel to reduce risk posed by the weakest link in cybersecurity, the user,” which is why the Army’s software-based biometrics behavioral profiling “capability should be accurate, robust, and transparent to the user’s normal computer operation,” but still be able to determine a baseline of normal user activities , and then to identify deviations, ACC-APG stated in its RFI.
To provide defensive cyber operation tools. the network must have the ability “to absorb the shock of a cyber-attack, identify adversary actions, respond with pre-determined actions, and ensure mission continuity. DODIN-A will assess, compose, and deploy cyber elements with known and predictable confidence in their identity, functionality, and content.”
The Army is leveraging both joint and holistic industry approaches to develop secure systems that are able to adapt and maneuver automatically to reduce, counter, and evade cyber-attacks.
Responses to the RFI “should reflect an understanding of applicable DoD, Army, and commercial industry standards and policies for confidentiality and integrity to provide appropriate security controls across the integrated capability. This will include enforcement of access controls and integration with existing enterprise resources for identity, authentication, and authorization,” the RFI stressed.
The SOF AT&L-SR’s BAA is for a biometrics product line that encompasses technologies used to collect, analyze and distribute various physical parameters that can be used to identify personnel, with a “particular interest in technologies with a small form factor that provide the capability to rapidly (under 2 min) identify personnel, reduce false alarm rates and/or offer novel approaches at short to long distances in all environmental conditions.”
The technologies of interest are:
• Touchless fingerprint capture for matching against authoritative databases and on-board watch lists;
• Facial and/or iris capture for matching against authoritative databases and on-board watchlists; and
• Rapid, portable DNA collection and processing for matching against authoritative databases and on-board watch lists
USSOCOM said, “Special Operations Forces require a content management system (CMS) for all employed advanced exploitation (biometric and Document and Media Exploitation (DOMEX)), and scientific instrumentation (latent print, chemical, DNA). The CMS must be able to operate stand-alone or as part of a network. The CMS must be capable of operating under multiple operating systems (iOS, Windows, Android). Content may consist of but not limited to video, interactive depictions, and literature which support operating procedures, routine hardware and software maintenance, trouble shooting and repair, and manufacture’s manuals and literature. While connected the CMS should recognize specific instruments and support routine hardware/software maintenance and update training aids. In addition, the CMS must have the capability to relay to a remote SME instrument maintenance history, software load, and other relevant device metadata.
DOMEX coordinates with multiple government agencies and has access to an unknown number of government data sources to develop case files and write Intelligence Information Reports (IIR) for prompt dissemination to SOF forces and Intelligence Community. It falls under the domain of USSOCOM’s Joint Intelligence Center, Special Operations Command, Identity Intelligence Operations Division (JICSOCi2O) within the J2 Directorate of Intelligence, which conducts Processing, Exploitation, and Dissemination (PED) of biometrics, forensics, and DOMEX intelligence for SOF commanders and national decision-makers. The USSOCOM J2 has major responsibilities in the areas of threat identification, Sensitive Site Exploitation (SSE), Weapons Technical Intelligence, Force Protection, SOF vetting of “Green Force” personnel, identity protection, and Blue Force biometrics.
USSCOM J2 also includes what are called Identity Intelligence Exploitation Cell (i2EC) analysts. “I2 is the collection, analysis, exploitation, and management of identity attributes and associated technologies and processes. The identification process utilizes biometrics-enabled intelligence (BEI), forensics-enabled intelligence (FEI), information obtained through document and media exploitation (DOMEX), and combat information and intelligence to identify a person or members of a group.”
“I2 fuses identity attributes (biological, biographical, behavioral, and reputational information related to individuals) and other information and intelligence associated with those attributes collected across all intelligence disciplines,” the doctrine stated.
According to IBM, “US ground forces handle a massive amount of information and data while working under unpredictable conditions. That means military intelligence analysts don’t always have a technologically reliable way to share and receive information. They must overcome both enterprise communication challenges, which force them to operate for periods with little to no access to data and information overload when connections are available.”
“Identity intelligence is a relatively new intelligence construct that refers to the analysis and use of personal information, including biometric and forensic data among others, to identify intelligence targets of interest and to deny them anonymity,” said Steven Aftergood, director of the Federation of American Scientists’ Project on Government Secrecy. He noted that the term first began to appear around 2012, “and was included, for example, in a 2012 Defense Intelligence Agency briefing package. Since then it has quickly propagated throughout US military and intelligence operations.”
I2 was included for the first time in US military doctrine in the October 2013 Joint Publication 2-0 on Joint Intelligence, which elaborated on the concept. I2 is used, JP 2-0 said, “to discover the existence of unknown potential threat actors by connecting individuals to other persons, places, events, or materials, analyzing patterns of life, and characterizing their level of potential threats to US interests.”
It was also described in a leaked Top Secret COMINT document, titled, Identity Intelligence: Image is Everything, which described IT “is exploiting pieces of information that are unique to an individual to track, exploit and identify targets of interest.”
I2EC analysts biometric related responsibilities include, but are not limited to:
• Performing all-source intelligence analysis, including producing reports based on identity intelligence submissions and writing intelligence information reports IIRs;
• Provide Processing, Exploitation and Dissemination (PED) for the I2 related modalities within biometrics, forensics, and DOMEX for global SOF;
• Provide analytical input during future requirements development, testing, evaluation, and training events for new biometric sensors, forensics, CELLEX (Cellular Phone Exploitation), DOMEX and SOFEX (the Special Operations Forces Exploitation) portal.
• Ensure production dissemination to appropriate i2 related data repositories, both current and future; for example, the DoD Automated Biometric Identification System (ABIS);
• Provide all necessary quantifiable i2 production statistics for the Management Monthly Status Report (MMSR) and any future requirements gathering and process development. Conduct briefings and prepare White/Information Papers;
• Provide nominations and support for management of Watchlists/Watchlist type products, including the Biometrics Enabled Watchlist (BEWL) and Digital Media Enabled Watchlist (DMEWL) for theater specific and comprehensive lists which provide a method for operationalizing the output of biometrics and forensics intelligence;
• Provide SOFEX-TEA i2 notional products to support JETC training PED requirements;
• Provide i2 temporary embedded PED support to deployed military units in accordance with guidance from the SOCOM Intelligence Community (IC) and theater i2 senior leadership both CONUS and OCONUS;
• Provide nominations to DoD BEWL for persons of interest IAW with all applicable SOPs;
• Manage DoD BEWL nominations with current theater BEWL IAW with all applicable SOPs;
• Coordinate with other theater elements and CONUS SOCOM reach-back BEI/FEI/DEI capabilities to provide support to theater i2 requirements; and
• Provide continuous professional development on new/emerging biometrics intelligence processes which supports worldwide operations, national and COCOM intelligence priorities, and other applicable intelligence topics.
CELLEX is a wireless remote document and media exploitation program using devices expected to be deployed in the next few years in tactical site exploitation environments which feed directly into DOMEX, as described this year by USSOCOM Sensitive Site Exploitation (SSE) Program Manager, Glen Cullen. Devices discussed include Cellebrite’s UFED 4PC, which “provides users with advanced capabilities to perform data extraction, decoding and analysis from the widest range of mobile devices, on a single platform,” the company says.
The SOFEX Exploitation Portal enables transmission (Tx) and receiving (Rx) of all SSE intelligence exploitation under the PEO/SRSE, including biometrics.
According to the program manager for SSE, SSE’s priorities include:
• On site collection of biometrics to verify/enroll subjects into DOD authorized biometric databases; and
• Provide actionable intelligence through the rapid detection, collection, and identification of physical and digital forensic evidence while on a sensitive site to enable identity operations.
SSE priority efforts at this time are:
• Procuring/fielding tactical biometric devices;
• Providing rapid DNA data collection capability; and
• Evaluating and deploying innovative DOMEX and forensic technologies.
Presumably, Green Force personnel man Green Force Tracker, the Army’s implementation of IBM Sametime, which provides secure, instant messaging, either via one-on-one chats or group chats.
Blue Force Tracking (BFT) is a key situational awareness network which is integrated on more than 120,000 platforms, and is fielded or authorized to every brigade combat team in the Army.
Blue Force biometrics, according to a variety of military and other documents, originally was the collection of physiological or behavioral data from US military troops that could help develop diagnostic applications to benefit individual service members. It may also have included a population group of trusted individuals including DoD personnel and family members, US persons, trusted allies, and coalition members.
But when 9/11 occurred, it was revealed that the US’s ability to identify enemy combatants contained a “weakness.” So, the “US military took what was once Blue Force biometrics—a measurement of human signatures like facial images, fingerprints and DNA (which are all a part of an enrolling military member’s record)—and flipped their use to track combatants rather than their own personnel. This shift led to record use of biometrics in Operation Iraqi Freedom and Operation Enduring Freedom to assist in green (partner), grey (unknown), and red (enemy) force identification,” wrote Sarah Soliman, in her 2017 paper, Options for Next Generation Blue Force Biometrics. Soliman is a technical analyst at the RAND Corporation who spent two years in Iraq and Afghanistan as a field engineer supporting ISR, biometrics, forensics, and sensitive site exploitation, including time with USSCOM. She also worked at the Department of Defense Biometrics Management Office.
“The US military became highly equipped for a type of identification that validates a person is who they say they are,” she added, which seems to comport with the USSCOM BAA, which states, “Responses should reflect an understanding of applicable DoD, Army, and commercial industry standards and policies for confidentiality and integrity to provide appropriate security controls across the integrated capability. This will include enforcement of access controls and integration with existing enterprise resources for identity, authentication, and authorization.”