Banks would be able to hide, move or encrypt their internal IT systems, network traffic and data to hide them from hackers and cybercriminals if technology the Department of Homeland Security is seeking from Silicon Valley startups comes to fruition.
At a Dec 5 industry day in Menlo Park, California, officials from DHS’s Science and Technology Directorate will roll out the latest offering from their $20 million innovation acquisition program — aimed at startups and other innovative companies that don’t traditionally do business with the federal government.
Unveiled last year, the program uses a special procurement tool called an Other Transaction Solicitation, or OTS, to dole out up to $800,000 in four-phase funding to startups that successfully apply.
The latest offering, dubbed Financial Services Cybersecurity Active Defense, or FSCSAD, asks companies to develop technologies for cybersecurity in banks and other financial institutions.
“Conducted in collaboration with the U.S. Department of the Treasury, the program identifies and evaluates tools that can help the financial services sector defend itself from [cyber]threats,” states the FSCSAD call paper.
Companies must apply to be part of the four-phase procurement process the FSCSAD OTS lays out by Nov. 21 next year and will get a response within 30 days. Each phase — prototype development, further prototype development, pilot testing and operational field testing — will last three to six months and be worth $50,000 to $200,000 to each awardee.
The call offers three areas in which DHS hopes to develop cutting-edge new technologies:
INTRUSION DECEPTION. “While attackers have made heavy use of deception for many years, defenders have typically focused instead on detecting and blocking inbound attacks,” states the call. “Use of deception in cyber defense is desired to misdirect, frustrate, slow down, and/or expose attackers and attack methodologies.” It adds that suitable technologies will use deceptive tactics including obfuscation, decoys, concealment, feints or providing misinformation.
“Deception techniques may target any portion or phase of an attack’s operations, to include reconnaissance, propagation, exploitation, command and control, data manipulation, exfiltration, etc. Technologies may focus on deception for networks, endpoints, applications, or data,” states the call, adding the techniques should “leave little-to-no detectable fingerprints, as their discovery can be used to circumvent and void the solution.”
It gives as an example a technology that would provide “falsely marked credit card data that can later be used to track the movement of the data through and out of the enterprise, and ultimately in the sale of the data in the Darknet.”
MOVING TARGET DEFENSE. MTD technologies cause “controlled change across multiple network and system dimensions in order to increase uncertainty and complexity for attackers, reduce their window of opportunity, and increase the costs of their probing and attack efforts,” the call says, adding that the changes must be “unpredictable by adversaries.”
The call states DHS is interested in several kinds of MTD: “Networks — changing the network topology, including IP-hopping, randomly changing port numbers, and similar capabilities; Hosts (Platforms) — changing host and OS level resources, naming and configuration; and Applications (Run-time) — changing the application environment, including randomly arranging memory layout (e.g., ASLR), changing the application type / versioning, and routing through different hosts, or changing settings, thereby altering the source code at every compilation.”
ISOLATION AND CONTAINMENT. These technologies segment unfamiliar or malicious code before it reaches enterprise systems and study the behaviors to prevent future breaches. This technology attempts to force nefarious software to execute in an isolated, contained environments.”