In another indication of the growing market for offensive security software, the Navy is in the market for a suite of tools that will scan and assess security holes in networks and exploit unknown glitches in computer programs, contract documents indicate. The Pentagon’s goal is to use the technology to teach personnel how networks are breached so they can better defend military computers.
The Naval Postgraduate School is seeking price quotes for a penetration testing kit that will simulate malicious attacks to networks by assessing vulnerabilities in systems and launch zero-day attacks -- the exploitation of previously unpublished vulnerabilities. The solicitation highlights a more aggressive push to train military officers how to play both defense and offense in cyber operations.
The Navy wants to use the tools in a newly designed course that will teach officers and students how to respond to hostile computer attacks.
“The chosen tool will be used by students to assess and gain entry into a network established by other students,” a contracting notice says. The course “explores the development of cyber-orientated war games and exercises from the perspective of maintaining a high state of readiness in the face of state-sponsored cyber attacks,” it adds.
The tools must be able to check for known vulnerabilities on major operating systems such as Windows, Linux, Sun, Macintosh and Cisco, as well as applications run on the operating systems, such as chat clients, video programs, and media players. The tools also should integrate with and import results from other known open-source tools such as penetration testing software Metasploit, security scanner Nmap, and password cracker Ophcrack. “Product should include no less one 0-day (unpublished) exploit per month in its updates,” the notice adds.
The request for quotes, which closes September 11, is the latest in a series of newly-issued procurement notices highlighting the Pentagon’s interest in deploying offensive tools to test and protect its networks. The Defense Advanced Research Projects Agency plans to fund the development of new tools that will lay the foundation for launching malware and other computer espionage tools as part of a funding initiative called Plan X, NextGov reported. The Air Force also is anticipating a push in “developing capabilities associated with cyberspace warfare attack,” documents indicate.