project spotlight | 26 October 2023

Capitalizing on Commercial Technology to Promote Cybersecurity Across the DoD

October 26, 2023 (Mountain View, CA) - October is Cybersecurity Awareness Month! We all know strong passwords, VPNs, and resilience  are important but at DIU, we also wanted to highlight the strategic relationships between commercial companies and the DoD. DIU continues to prepare military cyber operators and analysts for an evolving threat landscape and strengthening our nation’s digital defenses through these partnerships.

“DIU’s unique access to commercial cyber security solutions and the speed in which we can prototype and onboard them is critical to the DoD’s  strategic priorities. This year, we are highlighting a few recent projects as part of  Cybersecurity Awareness Month,” says Patrick Gould, Director of DIU’s Cyber and Telecoms (C&T) Portfolio. 

According to IBM, the estimated average cost of a cyber breach was $4.45M in 2023. To meet this growing threat vector, the cybersecurity solutions market has increased to more than $150B in recent years. 

"The extension of cyberspace to operational technology systems -- i.e. the instruments that run critical infrastructure -- means cyber events can now (and in fact have) lead to the physical destruction of property and loss of life,” says Christian Schnedler, Cyber Practice Lead at Westcap, a strategic operating and investing firm.

Below are a few examples of how DIU ‘s C&T  portfolio addresses this unique challenge of protecting critical infrastructure.

Commercial Cyber Expertise

Cybersecurity is an important frontline in national security.  

In its mission to secure and protect U.S. infrastructure from attacks, the DIU Cyber and Telecoms team provides DoD cyber operators and analysts unique and fast access to commercial solutions through its Commercial Solutions Opening process to help meet their many challenges.

“In today’s contested security environment, gray zone activities are occurring with unprecedented frequency. Gray zone operations, characterized by the ambiguity of objectives and participants involved, remain just below the threshold of armed conflict in the space between peace and war, ” according to Lynne Guey, Strategic Analyst (contractor) for DIU’s C&T  portfolio.

Success in this area of warfare requires seamless and rapid feedback to identify malign gray zone activities and contextualize them within a broader analysis of an actor’s intentions and strategy. Cyber warfare operations is a main line of effort for the team.  For example, as part of an ongoing series of projects that started with Commercial Threat Data in 2017 and 2019, DIU works closely with USCYBERCOM to maintain situational awareness of threat activity with technological solutions that augment threat intelligence feeds with non-traditional cyber data sets. With this enhanced set of commercial threat intelligence capabilities, DoD is able to gain previously unavailable context into cyber attacks against critical infrastructure while prioritizing responses in a more efficient manner. 

"The gray zone conflict the world is currently experiencing is being played out in cyberspace. This is spurring innovation in cybersecurity and better  collaboration between public and private sector participants securing critical infrastructure and enterprise networks,” continued  Schnedler.

Cyber Threat Telemetry

In today’s fragmented digital battlefield, governments often leverage non-state proxies to conduct cyber attacks. Historically, DoD has lacked visibility into such threat actor activity from both commercial telemetry data and non-traditional cyber data sources. Spycloud and CA Solutions are two recently-transitioned vendors from  DIU’s  Cyber Threat Telemetry project.

“For SpyCloud, DIU made the complex task of connecting with federal entities like USCYBERCOM remarkably easy. This allowed us the opportunity to prove that our unique collection of darknet intelligence data gives U.S. cyber forces a cyber advantage,” says Ted Ross, CEO of SpyCloud. “DIU has since supported us through a production contract transition with USCYBERCOM, so we can continually impact their offensive efforts to exploit key cyber terrain with  adversaries and defend U.S. interests. We look forward to providing other federal cyber forces the upper hand in cyberspace and on the ground.” 

Multi-Level Security and Data Federation

DoD operators often grapple with the challenge of preserving the privacy of sensitive data, without hindering data owners from being able to share information freely. This carries significant implications for critical national security missions. 

In an effort to shift away from a network-centric paradigm to one that is more data-centric, DIU, Naval Information Warfare Center (NIWC) Atlantic, and Navy PEO Digital and Naval Information Warfare Systems Command (NIWC) issued a solicitation in Fall 2022 for a fully distributed, trustless data execution model leveraging blockchain and other Web3 technologies. Boston-based company VIA was selected for its software-based solution that includes quantum resistant encryption and zero knowledge proofs, simultaneously enhancing security posture while enabling faster decision making by giving rapid access to essential data for all mission partners.

DIU Project Manager Jonathan Rogers sat down with Colin Gounden, CEO and Founder of VIA, for a quick Q&A on why and how blockchain, data security, and decentralization can be leveraged to ensure better cybersecurity. Ultimately, it’s about keeping data private and secure. Watch this video for more.

If you are a Cybersecurity and Telecommunications solution provider interested in learning more about national security and DIU, we look forward to hearing from you. Please reach out at info@diu.mil and stay tuned for the release of our FY 2023 Annual Report to learn more about how SpyCloud and CA Solutions is partnering with the DoD cyber operations community.

DIU has had eight cyber solutions successfully prototyped available for use across government. Visit our DIU Solutions Catalogue for more. You can also learn more about cybersecurity awareness month here.