Sealing Technologies — a Parsons company — World Wide Technology and Omni Federal were tapped to develop prototypes for the Joint Cyber Hunt Kit, self-contained “fly away” technology that provides a security operations center in a box, according to DIU and budget documentation.

DIU is running the acquisition on behalf of Cybercom.

The effort is significant because the new kits will, for the first time, create a baseline standard for the gear cyber protection teams use for both the traditional defensive missions of the network as well as hunt-forward operations performed by the Cyber National Mission Force, Cybercom’s elite unit tasked with protecting the nation against significant digital threats. Hunt-forward operations, conceptualized over five years ago, involve physically sending defensively oriented CPTs to foreign countries to hunt for threats on their networks at the invitation of host nations.

Since Cybercom’s inception, there has never been a standardized defensive cyber kit for cyber protection teams — groups that hunt for malicious activity on Pentagon networks and respond to incidents — despite efforts in the past to create them. Those systems, referred to as Deployable Mission Support Systems (DMSS), varied across all the services.

Cybercom’s forces are constructed such that each of the services are responsible for providing a set number of offensive and defensive teams to the command to conduct operations. In many cases, the kits across each service varied despite cyber protection teams being largely trained to the same missions and standards, albeit with some variation.

As currently planned, the JCHK kits will provide a baseline of standardization across all the types of defensive CPTs, but offer a level of customization and tailoring for specific purposes and missions.

“The big thing is that flexibility and that modularity and the scalability, just to have the ability to tailor what they’re taking to the mission at hand. Whether that mission is going out and doing a vulnerability assessment or whether it’s a onboard mission where you’re looking for bad guys on an active network, being able to dial your kit into exactly what you’re going to do just makes things much easier and the outcomes from the missions are much better,” Brad Hatcher, chief product officer for SealingTech, said in an interview. “Sometimes what they need might be constrained by their space and how many people they can take to a location. Sometimes it will be more driven by the size and the volume of a network. And we build a kit that lets them tailor it specifically to each mission and take what they need and get there quick and do their mission and report back.”

According to budget documents, the forthcoming JCHK kits will be used by CPTs to secure and protect DOD networks and data centers by hunting, clearing and assessing in friendly, neutral and adversary cyberspace.

“Definitely a step forward in that it’s the latest and greatest technologies that we can put into a kit to run their missions faster to give them the ability to pull in more data, do more analytics — bigger, better everything than previous versions,” Hatcher said. “One of the bigger requirements and what can often be a limitation is the storage space that you’ve got. You’re hooking these kits up to networks and you’re trying to pull in all the traffic that’s flowing across that network to do analysis, to see what should be there, what looks odd. And those bigger storage capacities really allow the teams to really get in there and analyze as much as possible to find any anomaly on a network.”

Omni Federal’s offering, dubbed REDHOUND, provides proactive threat detection, comprehensive network analysis, threat intelligence integration, scalable investigation tools, incident response support and behavioral monitoring. The technology also boasts fast speeds leveraging a modular ARM processor architecture augmented with NVIDIA GPUs for low power for high compute in edge environments to provide flexibility, the company said in a statement.

The companies that were awarded deals will develop their prototypes between now and this summer. They’ll be tested in a lab-based environment with actual users for a period of time, and the government will eventually select one vendor to move on to the next phase of the program.

The post DIU awards prototype deals for next-generation defensive kits for Cybercom appeared first on DefenseScoop.

That effort will now also combine the equipment cyber protection teams use with the kit for hunt-forward operations performed by the Cyber National Mission Force, Cybercom’s elite unit tasked with defending the nation against significant digital threats. Hunt-forward operations, conceptualized over five years ago, involve physically sending defensively oriented cyber protection teams to foreign countries to hunt for threats on their networks at the invitation of host nations.

Since Cybercom’s inception, there has never been a standardized defensive cyber kit for cyber protection teams — the teams that hunt for malicious activity on Pentagon networks and respond to incidents — despite efforts in the past to create them. Those systems, referred to as Deployable Mission Support Systems (DMSS), varied across all the services. The way Cybercom’s forces are constructed, each of the services are responsible for providing a set number of offensive and defensive teams to the command to conduct operations.

Those DMSS kits are self-contained systems consisting of hardware and software capable of surveying, securing and protecting military networks as well as performing vulnerability analysis and incident response. They are designed to be taken to an incident with little to no notice to connect to the network in order to locate, contain and defeat malicious cyber activity that is either attempting to or has breached Department of Defense systems, according to budget documents.

Despite being designed to be joint in nature with the same training and equipment to operate on the DOD Information Network for defensive teams and the same training for offensive teams, each service provided slightly different DMSS systems to their respective cyber protection teams — creating incongruencies with equipment and forces as well as interoperability issues.

The closest the DOD came was a few years ago, requiring a set of basic tools be included across all DMSS kits provided by the services.

Now, there is an effort to standardize those efforts.

A solicitation from DIU issued Monday aims to combine the DMSS kit with the hunt-forward equipment, to create a singular standardized defensive cyber hunt system across the entire force.

The new Joint Cyber Hunt Kit (JCHK), as it is known, will be a mobile “security operations center (SOC) in a box,” DIU said. It must be portable by a nine-person team anywhere in the world and fit in a suitcase for easy air travel.

“Like the DMSS and HFO kits, the JCHK will be a self-contained flyaway capability utilized by the Cyber Protection Team (CPT) Mission Elements to secure and protect military networks and data centers by conducting Hunt, Clear, Enable Hardening, and Assess missions in blue, gray, and red cyberspace,” fiscal 2025 budget documents state. “The dynamic nature of CPT defensive cyberspace operations driven by the adversary’s rapidly evolving offensive cyber tactics, techniques and procedures require the [Budget Activity-8] flexibility as JCHK evolves. The merging of capabilities will facilitate the standardization of training, maintenance logistics, and force protection and will promote efficient execution of resources based on economy of scale.”

For hunt-forward operations, national cyber protection teams travel to other nations and plug into their network. Most prominent were the ops that took place in Ukraine ahead of Russia’s 2022 invasion, which both governments credit for helping harden Ukraine from potential Russian cyber onslaught. These differ from the tasks that cyber protection teams perform on the DOD’s network.

The new system must be flexible in order to perform standalone operations, given it will most often operate in an environment where it’s not permissible to connect to the internet or send data offsite for analysis.

The solicitation said the kits must to be able to perform any and all activities related to discovering advanced persistent threat activities and analyzing their tactics, techniques and procedures.

DIU has been working to equip Cybercom for many years. Additionally, the commmand awarded a contract worth almost $60 million in 2022 to provide equipment for hunt-forward operations.

Previewing the idea of standardizing the DMSS kits, Cybercom’s top acquisition executive noted that the services will have two years to maintain their separate service kits while the competition is underway.

“We’re going to go out with an RFP and a way of contracting for a common kit, at a minimum at the hardware level and then some layer of software, common software, that will be common across all the services. Then services’ unique needs can be added on top of that,” Khoi Nguyen, who is also the director of the cyber acquisition and technology directorate (J9) at Cybercom, said at a conference in January.

At the time, he said the command wants feedback from industry in a collaborative effort to deliver the best system possible.

“The goal is to get this industry day out there and then we’re looking to do aggressive prototyping. We’re probably going to award two or three more prototyping contracts, give the team [some] amount of time to do the prototyping and then deliver the hardware. Then three months for us [and] the force to play around with it. And then we’ll pick a winner,” he said. “My intent is to, like truly do a competition, allow competition, and that’s why we’re going to give … a decent amount of time for a new vendor or new team of vendors to build a new kit, versus having a prototype period very small, where the incumbent has a higher chance of winning. That’s the goal. We’re going to lay that out as an RFP or RFI. Please come back and tell us if I’m unrealistic or whatever else. We need to know that. But the goal is to get the best kits for the users that we can.”

According to fiscal 2025 budget documents, Cybercom and DIU will be relying on other transactional authority to award a prototype agreement to support the rapid development of a JCHK prototype, with the objective of transitioning cyber protection teams to the new system at the beginning of fiscal 2026.

The post Cybercom looking to combine and standardize defensive cyber kits; solicitation issued appeared first on DefenseScoop.

The global operation, which took place during the Oct. 3-14 timeframe, looked for potential malware on internal networks and was intended to improve processes and identify current defensive best practices to further integrate across various Department of Defense networks, a spokesperson said.

Cybercom took the lead working alongside combatant and component commands as well as interagency, international industry and academic partners, the spokesperson said.

The operation was described as a continuous effort as part of Cybercom and DOD’s push to be vigilant in identifying malicious cyber activities, strengthen capabilities and enhance the consistency of information sharing with partners.

Cybercom started the operation by looking for publicly known malware, which allows operators to improve processes and coordination and share insights.

“Under this framework, the operation was a continuous activity designed to strengthen the resiliency of the Department of Defense Information Network (DODIN) and other supporting systems,” Navy Rear Adm. Matthew Paradise, deputy director for operations, J-3, at Cybercom said in a release. “Defensive Cyberspace Operations helps CYBERCOM meet its mission responsibilities by enabling and improving mission assurance of the joint force, as well as our allies and partners, by maintaining reliable and defensible networks.”

Officials were careful to note that the operation was not indicative of a new concept, but rather a new implementation of defensive cyber operations.

Cybercom has a dedicated cadre of defensive cyber teams — which act more like digital SWAT teams that come in as opposed to the local network owners — to actively hunt on the network for malicious activity and respond to breaches to kick out intruders.

These cyber protection teams, which make up the majority of Cybercom’s personnel and teams, assist combatant commands and the services to help defend their networks against threats. Additionally, there are cyber protection teams that work to defend the nation from significant cyber activity as well as teams assigned to Joint Force Headquarters-DODIN, which is responsible for operating and defending the DODIN globally.

The post Cybercom conducts wide-ranging global defensive operation appeared first on DefenseScoop.