The Federal Aviation Administration (FAA) is looking to protect critical infrastructure and seeking more information on securing and monitoring data flows in a large enterprise environment like its own, according to a request for information (RFI) posted to Beta.SAM.gov.
Specifically, the FAA is looking to have its questions about the availability and integrity of potential solutions, as well as their ease of use, improved security, enhanced management and security, architecture, and scalability. FAA also is looking to learn how potential solutions would support multiple active links and increase network performance.
“The increase in nationally impacting cyber threats and Emergency Directives is incentivizing the FAA to be more aggressive in its pursuit of protection capabilities. Recent advances, including but not limited to, Zero Trust Architectures and Software Defined Networking have provided opportunities to address these concerns,” the RFI says.
The RFI focuses on gathering information for its National Airspace System (NAS) environment, but the agency also supports two other large-scale enterprise environments with its Mission Support and Research and Development environments.
According to the RFI, the NAS environment currently supports over 100 interconnected systems in a net-centric environment. It has been considered a key Critical Infrastructure since 2013 when it was identified as a system with potentially catastrophic economic and national defense implications if it were to be penetrated in a cyberattack.
To protect this critical system the RFI says the FAA is looking for potential solutions that would provide:
- “Secure communications between trusted endpoint devices;
- Application performance monitoring;
- Dynamic path selection where available;
- In-depth visibility into end-to-end network and application performance;
- The ability to implement granular security policies;
- Protection from Distributed Denial of Service;
- Threat intelligence with a unified threat management; and
- Next-generation firewall and intrusion detection/prevention capabilities.”
Potential partners have until May 17 to respond, and the FAA intends to use any responses to help evaluate and build FAA’s future acquisition strategy.
