The Homeland Security Department is thinking beyond continuous monitoring and the Director of National Intelligence wants help forecasting cyber attack vectors.
These are two interesting cybersecurity-related requests for information that may have been overlooked in December, but due dates for responses are coming soon.
Let’s start with the Intelligence Advanced Research Projects Activity’s (IARPA) RFI for its CAUSE program.
Through the Cyber-attack Automated Unconventional Sensor Environment (CAUSE), IARPA wants vendors to develop software that will forecast methods and detect emerging phenomena to help cyber defenders against potential attack paths.
“The CAUSE Program aims to develop and validate unconventional multi- disciplined sensor technology (e.g., actor behavior models, black market sales) that will forecast cyber-attacks and complement existing advanced intrusion detection capabilities,” the notice in FedBizOpps.gov stated. “Anticipated innovations include: methods to manage and extract huge amounts of streaming and batch data, the application and introduction of new and existing features from other disciplines to the cyber domain, and the development of models to generate probabilistic warnings for future cyber events. Successful proposers will combine cutting-edge research with the ability to develop robust forecasting capabilities from multiple sensors not typically used in the cyber domain.”
IARPA says the program will include unclassified and classified research activities, and it expects the teams working on the program to be multi- disciplinary, consisting of computer scientists, data scientists, social and behavior scientists, mathematicians and statisticians, and other cyber and computer experts.
IARPA is holding an industry day Jan. 21, in Washington in anticipation of a new solicitation. Deadline to register for the industry day is Jan. 14.
DHS, meanwhile, issued an RFI for its EASE program, which is a concept focused on automated and dynamic cyber defense capabilities.
DHS wants vendors to view the Enterprise Automated Security Environment (EASE) concept through three paths: Cyberspace, cyber-relevant time and critical infrastructure.
DHS says this RFI will be one of several coming over the next year or so.
“Recognizing current security practices are insufficient to prevent successful attacks, respond to attacks and remain resilient during attacks, DHS first promulgated ‘the idea of a healthy, resilient — and fundamentally more secure — cyber ecosystem of the future. In this cyber ecosystem, cyber participants, including cyber devices, are able to work together in near-real time to anticipate and prevent cyber attacks, limit the spread of attacks across participating devices, minimize the consequences of attacks and recover to a trusted state,'” the RFI stated. “DHS recognizes that achieving this level of advancement and coordination cannot be accomplished in a single step by any single party, but requires an evolutionary, federated approach with extensive community collaboration involving all stakeholders.”
And speaking of DHS cyber, the Office of Personnel Management re-approved the Schedule A hiring authority for 1,000 cyber positions at DHS.
In the Dec. 30 Federal Register notice, OPM says DHS has until Dec. 31, 2015, to use this authority to hire experts in cyber risk and strategic analysis, incident handling and malware/vulnerability analysis, program management, distributed control systems security, cyber incident response, cyber exercise facilitation and management, cyber vulnerability detection and assessment, network and systems engineering, enterprise architecture, intelligence analysis, investigation, investigative analysis and cyber-related infrastructure interdependency analysis requiring unique qualifications currently not established by OPM. The employees will come in at GS-9-to-15 levels.