IARPA wants cybersecurity software for ‘deception’
In warfare — both physical and cyber-based — the act of deception can be at times more useful than an outright attack. Or at least that’s what the Intelligence Advanced Research Projects Activity is thinking, based on a call that its contracting officers put out this week.
IARPA may soon be in the market for a piece of cybersecurity technology that uses “denial and deception,’ or D&D, to protect Federal data assets, according to a recent request for information. This technology is expected to confuse and otherwise deceive a would-be hacker before a breach can occur.
The RFI published by the agency earlier this week titled “Deception for Cyber Defense Research” notes that while this nascent technology is available in the private sector it requires additional research to become effective at scale.
Responses to the RFI are due on July 1.
“Adapting D&D to support the engagement of cyber adversaries is a concept that has been gaining momentum, although, the current state of research and practice is still immature: many techniques lack rigorous experimental measures of effectiveness, information is insufficient to determine how defensive deception changes attacker behavior or how deception increases the likeliness of early detection of a cyber attack,” the RFI reads.
More specifically, the RFI hopes to answer a series of current questions surrounding the technology, including: what are the existing products, who are the available vendors, what are the metrics by which to judge this technology’s effectiveness and which techniques are most effective.
Dependent on the volume and quality of responses, the RFI states, IARPA may ultimately hold a one-day workshop on deception tactics — which could potentially lead to investments at a later date.