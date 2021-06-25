



The Defense Innovation Unit has begun searching for new or innovative cyber technologies by considering 20 options.

DIU narrowed down the candidates to six and eventually decided to test two state-of-the-art cyber tools to improve the security of their endpoints.

Patrick Gould, Deputy Director of the Defense Innovation Unit’s Cyber ​​Portfolio, said the prototype is experimenting with two technologies that could be cyber game changers.

This technology is used to deploy protected asset lists within cyber operations. Looking at what essentially your crown jewels, cyber commands and cyber components want to protect most from malicious cyber activity in defense networks and defense weapons systems, we deploy deceptive elements around them. In essence, Gould describes pre-filtered sensors and pre-filtered data acquisition capabilities and devices at Ask the CIO. Now, if the defenders of these systems see an interaction with these decoys, they can consider that interaction and any of the telemetry and indicator data created by those devices to be bad. You need to know that they are there.

Gould tested the prototype to see if cyber defenders could move these fake devices to another protected landing or another weapon system, or if it would be better to leave them alone. I added that there is.

He said that each team type using this technology uses it in a slightly different way. Both vendors had a very specific set of issues. Companies have made more detections and responses, as seen on the commercial side. However, it was the cyber threat intelligence collectors and threat hunters who had pretty good results. They collect telemetry from their interactions and intelligence and tools, techniques and procedures from enemies interacting with these decoys. It had a much more military flair to the operation.

Big step forward

If these technologies are proven in the long run, according to Gould, the tools will revolutionize the way the Pentagon, and in fact any organization, protects networks and data.

I think it’s a big step forward. There are many detection and response tools out there, and the government makes them free to use. What we didn’t have until this prototype was to deploy these highly tuned, highly targeted decoys and endpoints for these very specific environments for information gathering purposes. It is a function. There was a very good tool for doing this on one of the DoD Information Networks (DoDIN), the Information Network on which DoD operates, or the Service Network. But now, in these very specific environments, you can deploy these fake devices with pre-filtered traffic and indicator data. This is not commonly done throughout the swath of the environment, but uses the indicators and characteristics of that environment. Part of the network or the entire network.

According to Gould, this allows cyber defenders to develop more specific protection and response plans tailored to specific parts of the Pentagon or organization, instead of trying to take a universal approach to cyber protection. Means

DIU has begun this path to rethink endpoint security in response to a request from one of the service operations cyber teams.

Deception is typically used for detection and response in the commercial world. It basically deploys fake artifacts, fake decoys, fake machines, honeypots, all these different fake computing infrastructures throughout the environment and someone interacts with these fake artifacts. This is a way to check if it is. Then, from there, can the security operations team determine who the enemies are interacting with them and what kind of malicious activity is interacting with them? Are Insider Threats External Threats? Then can you identify the best defense against it? Gould said. What we were trying to do, and what our customers were trying to do, was a deception to take it one step further, not only to detect and respond to the threat, but also to start tampering with the enemy. ?? Can this be deployed around the weapons system for protection and intelligence purposes? Can we really avoid the paranoia that most aggressive cyber operators have? In such a way as to question and question all the movements they are making as they are being seen? Is this a real environment, a real weapons system, a real government network?

20 to 6 to 2

DIU has released other transactional contract proposals to the industry for advanced endpoint detection and response capabilities. The office received short white papers from 20 companies, including 10 that they have never heard of or collaborated with, and selected 6 to provide face-to-face / virtual pitch.

From there, DIU chose two vendors to prototype the technology.

According to Gould, the prototyping period is nearing its end, and DIU will decide how to move the technology to longer-term, larger production OTAs.

According to Gould, DIU will have a cyber project slate scheduled for 2021 and an expanded partnership with the Department of Homeland Security’s cyber security and infrastructure security agencies.

We are seeking help with a hunt forward kit for the US Cyber ​​Command community. When it comes to collecting cyber threat intelligence, we are looking at some new ways to collect traditional telemetry types. This is not the traditional metric of breach-based metric, but other forms of data that can be used to create cyber images. Adversary, he said. We are investigating some industrial control systems and operational technology areas of some services and how to help them protect more power and embedded systems across different services. I am considering. Considering the COVID situation, which creates new demand for DoD as a whole for more remote-based protection and brings unique devices and zero trust type projects, we are doing more cloud and remote-based projects. I am. We have actually launched a telecommunications sub-team looking at projects with more radio spectra and 5G and radio intrusion detection system types.

