The Defence and Security Accelerator (DASA) has launched a new competition looking for novel approaches to predictive cyber security. The competition runs until the 5th November 2018. There is £1 million available for phase 1 of the competition which will fund 5-10 projects for up to six months. Although originally launched in August, there has been little coverage of the competition.
The competition is targeting solutions that can: “Predict future threats to aid our defence strategies in preventing them.” It is asking for proof-of-concept (PoC) solutions that are Technology Readiness Level (TRL) 2 or above. It means that it wants more than just an outline proposal. There must be analysis and experimental evidence that can be used to assess submissions.
DASA has six key areas of interest
There are six key areas where DASA is looking for solutions. These are a mix of detecting offensive attacks and predicting optimal defensive actions. It lists the six areas as:
- adapt and implement predictive approaches from other industries to the cyber security domain.
- create and implement novel predictive analytics specific to the cyber security domain.
- exploit empirical observation-based models of attackers to make predictions (for example of adversary tactics, techniques and procedures; of kill-chains; of attacker competency levels).
- automate the assimilation of (text-based) knowledge collected for many systems (such as known risks or vulnerabilities), and transfer that knowledge to new systems that have the same (or similar) components and operating procedures.
- develop approaches to recognise patterns of life that are not time-based, but sequence based.
- build on alerts from reactive methods to forecast future offensive cyber events, and thereby predict optimal cyber defences.
When designing a solution, competitors will need to think about what data they need. DASA has said that use of Open Source Datasets is a good idea. It is also encouraging the use of traditional data gathering such as network traffic capture, vulnerability scanning and attack signatures.
The competition also suggests some other data sources. Among these are the use of honeypots, kill-chains, network meta-data and security intelligence. Solutions that are able to draw on Artificial Intelligence solutions to collect and assess very large data volumes are likely to get more attention.
What will competition winners get?
Money, fame, opportunity. Well maybe not fame but there is money on offer for anyone who gets through phase 1. DASA is offering between £100,000 and £300,000 per proposal for 5-10 projects. It has said that projects can seek money elsewhere. This means that organisations with existing product plans can join the competition with some restrictions. The key one being that any potential solution must not be an existing prototype. DASA wants new thinking.
Among the long list of things for submitters to include are other potential benefits. For example, Government Furnished Assets (GFAs). These are access to data, equipment, materials and facilities. While not guaranteeing them, it does suggest that money is not everything.
Those that are able to move into future phases and get to a deliverable quickly are likely to win big. Governments and especially the military around the world are spending big on cyber security. They are looking at both defensive tools and those that can be used in an offensive capability as well. This means that success here could lead to contracts with other countries and, for smaller organisations taking part, a significant acquisition opportunity.
What does this mean
Once again, the UK Government has appeared to botch a cyber security competition. The big defence contractors will know about this via their normal bidding channels. However, without anyone monitoring the Government Announcements pages, they will have missed this.
The UK has a fast growing cyber security industry with lots of small companies beginning to appear. Many of these are linked to universities and need access to these competitions to give them a boost. The scope of this competition is interesting. Those with AI experience will almost certainly have a head start, at least in the predictive area.
It is also interesting that the competition mentions offensive capability. This is something that governments have tried to play down and are sending mixed messages around. Tools that are good at defence are typically not as good at offensive. This means that we should see a wide variety of solutions in phase 2.
For now, anyone who thinks that they can deliver a good idea should read this document carefully. It gives a good idea of what is wanted and what will be rejected.