Novel approaches to predictive cyber-security to counter cyber-threats in defence and security are being sought by the Defence and Security Accelerator (DASA). In phase one £1 million is available to fund proof-of-concept technologies above Technology Readiness Level (TRL) 2.
Additional funding is anticipated to be available for future phases to move towards a deployable solution. The competition will close at midday on 5 November 2018. Further details about the competition are provided in a summary document.
This document notes how forecasting of future events is common in many sectors, yet most current cyber-defence is reactive, with limited effort spent on predicting events related to a cyber attack (prior to, or during the attack) and that very few fully-developed and deployable tools exist with predictive capability.
What is sought via the competition is novel approaches to cyber-security that can predict the most likely offensive cyber-events and/or predict optimal defensive cyber-actions, to enable proactive defence in a hostile and contested cyber-environment.
This competition is anticipated to:
adapt and implement predictive approaches from other industries to the cyber-security domain
create and implement novel predictive analytics specific to the cyber-security domain
exploit empirical observation-based models of attackers to make predictions (for example of adversary tactics, techniques and procedures; of kill-chains; of attacker competency levels)
automate the assimilation of (text-based) knowledge collected for many systems (such as known risks or vulnerabilities), and transfer that knowledge to new systems that have the same (or similar) components and operating procedures
develop approaches to recognise patterns of life that are not time-based, but sequence-based
build on alerts from reactive methods to forecast future offensive cyber-events, and thereby predict optimal cyber-defences
Proposals that are not in scope include: those that focus on theoretical models, or that lack implementation to real data, and those that ingest social media feeds or other public data of a personal nature.
Predicting vulnerabilities in hardware/software, and monitoring the 'health’ of a system are only acceptable if used as components in a larger predictive engine.
Proactive intelligence gathering via the use of honeypots is in scope.
Proposals that make use of open-source data formats (for example, threat intelligence reporting, sharing and ingesting) are encouraged. Preference may be given to proposals that forecast future events, rather than predict past events that were overlooked.
Collaboration is being promoted between academia and industry to develop novel cyber-security prediction tools.
All proposals should highlight how subsequent phases will build on the initial phase of development and all phases should include a demonstration as a deliverable. The initial phase may make use of data from enterprise systems (such as standard office equipment) but subsequent phases should show capability when using data from military operational technology.
The initial phase may be demonstrated within a representative business enterprise system but subsequent phases should be applicable to the unique systems, circumstances, threats and opportunities that MOD faces.
Some five to 10 proof-of concept research projects are expected to receiving funding for up to six months, with additional funding potentially available for future phases.
Details on how to apply will be available shortly from firstname.lastname@example.org.