USCYBERCOM hunt teams regularly deploy to DOD sites and partner nations to observe and detect malicious cyber activity; generate insights that bolster homeland defense
Mountain View, CA (March 20, 2025) - Lack of standardization among the current breed of defensive cyber hunt kits creates incongruencies and interoperability issues between operators and their equipment. In the fall of 2024, the Defense Innovation Unit (DIU), in partnership with USCYBERCOM, launched the Joint Cyber Hunt Kit (JCHK) project to leverage commercial solutions that standardize the industry's best cyber incident response kit across the coalition and joint forces.
“We curated and launched this project in response to the need for a unified, rapidly deployable cyber defense platform that eliminates the fragmentation and interoperability challenges faced by our hunt teams,” said Luke Travis, DIU program manager for this effort. “We saw a critical gap in having a standardized, scalable solution that could be quickly deployed to any environment, ensuring our operators have the consistent tools and capabilities necessary to effectively counter advanced cyber threats.”
The desired solution is best described as a mobile “security operations center (SOC) in a box” that can be transported by a nine-person team, anywhere in the world.
Selected from an initial 92 submissions, three prototype contracts were awarded in February 2025 to Omni Federal, Sealing Technologies, and World Wide Technology (WWT) to deliver a next-generation deployable Joint Cyber Hunt Kit that will help USCYBERCOM more efficiently conduct hunt operations to discover advanced persistent threats (APT), and analyze their tactics, techniques, and procedures (TTP) with cutting edge commercial off the shelf (COTS) and free and open source software (FOSS) capabilities.
“Working with DIU accelerated US Cyber Command’s ability to reach small and large vendors to solve cyber’s most challenging problem sets,” said Khoi Nguyen, Command Acquisition Executive and Director of the Cyber Acquisition and Technology Directorate (J9) at USCYBERCOM.
Given the importance of interoperability for allied cyber operations, the JCHK project team is also working with the United Kingdom’s Joint Defensive Cyber Unit and Australia's Joint Capabilities Group to share requirements and mission essentials. Both the UK and Australia sent two representatives to participate in Phase II down selects at USCYBERCOM. This particular partnership will allow for collaboration and continuity in testing, training, and cyber hunt operations across US, UK, and Australian forces, and allow our allies to take lessons learned and requirements back to their commands, ensure delivery of the same capability, and improve interoperability going forward.
This solution will be capable of standalone operation because it will most often operate in an environment where it is not permissible to connect to the internet, and not permissible to send data offsite for analysis.