The Homeland Security Department’s innovation unit is seeing how open-source technology can defend from emerging threats.
The Homeland Security Department wants to help protect financial institutions—designated as part of the nation’s critical infrastructure—against emerging cyber threats.
The DHS Science & Technology Directorate awarded Delaware-based Cyber 20/20 with a $200,000 contract to demonstrate whether its open-source technology will help the financial services sector better defend against emerging threats from nation-states, hackers and other bad actors.
Cyber 20/20’s tech is called Trained Using Runtime Analysis from Cuckoo Outputs, or TURACO. According to DHS, it “expands the capabilities of Cuckoo, an open-source sandbox, to better detect and analyze malicious attacks.” TURACO combines open-source sandbox technology with machine learning that can “anticipate, analyze and respond” to malware.
A sandbox is a term used to describe a virtual container segmented off from an operating system whereby analysts can force applications to run in isolation to better analyze malware or attacks in a controllable setting.
“As malware evolves, so must the technology we use to defend financial services networks,” said Greg Wigton, program manager for the Next Generation Cyber Infrastructure Apex program, said in a statement. “Using sandboxes to predict and prevent attacks increasingly has become popular over the past decade. Cyber 20/20 plans to create a next-generation open-source sandbox that leverages machine learning to adapt to evolving threats.”
The contract was awarded through an other transactional authority by DHS S&T’s Silicon Valley Innovation Program under its Cyber Security Active Defense solicitation. The solicitation seeks to “develop technologies to counter emerging cyber threats that impact the critical infrastructure.”
Companies that win phase-one contracts from SVIP are eligible for up to $800,000 over four total phases.