The federal government has awarded a contract to CounterCraft for a new deception platform that will be deployed throughout the Department of Defense.
The contract, which was awarded through the General Services Administration and could be worth up to $26 million, will give DoD component agencies access to the vendor’s proprietary deception platform in order to detect and monitor network traffic produced by malicious hackers targeting defense networks.
According to federal procurement records, the contract is designed to serve three purposes: provide deception capabilities that can detect unauthorized breaches or access to U.S. government networks, alert agencies and study attackers; support integration of the solution into U.S. government networks with the ability to add new components or scale the platform over time; and train agencies on how to set up and deploy the platform to bolster threat intelligence on the tactics, techniques and procedures of different threat actors.
The deception tech is needed, the government claims, because DoD cybersecurity officials “currently lack the technological platform and capabilities to withstand and gather intelligence from an ongoing cyber-attack." The current response involves turning off connected systems, something that prevents them from learning more about the behaviors of adversaries targeting defense networks.
“The current preferred defensive action is to disconnect an internet or network connected system during an attack. Disconnecting stops the ability of network operators from being able to gather telemetry data and characteristics of the attack,” the award justification states. “Cyber operations must leverage purpose-built and shaped terrain – decoy endpoints, networks, and artifacts – to deceive, disorient, and disrupt malicious cyber actors and impose cost and risk on our adversaries. CCSI’s software/licenses are intended to leverage cyber deception methodologies and capabilities to address these concerns.”
The contract is an outgrowth of a project that initially began under the Defense Innovation Unit, an office housed within DoD that acts as an incubator for emerging IT and cybersecurity technologies for the government and partners with Silicon Valley startups and other nontraditional contractors.
The underlying technology was part of a $679,000 prototype platform developed by CounterCraft and DIU for the Air Force in 2021, creating sophisticated deception environments that detect malicious cyber activity. According to DIU, it was tested in military wargames with national and NATO-level red teams.
Patrick Gould, deputy director of the DIU’s cyber portfolio, told SC Media earlier this year that the office is often able to shepherd prototype technologies from the design stage to broader adoption throughout federal agencies in such a short time largely due to a unique acquisition process that eschews many of the traditional bureaucratic requirements that dominate contracting in other parts of the federal government.
“We try to make it as commercially friendly as possible, so we try to mirror what those vendors are seeing specifically in the security realm, like if any other CISO was coming to them and saying ‘hey I want to use your capability,’” said Gould.
The contact was awarded on a sole-source basis, meaning it was not competitively bid. The GSA claims that the government conducted extensive research and no other vendor is capable of providing these services, largely because CounterCraft’s platform is proprietary, has already been highly modified and other vendors would be restricted to operating the commercial-off-the-shelf version of the software.
The agency also said they published a pre-solicitation synopsis of the requirements on federal contracting sites in August but have not received any responses from other vendors indicating they can meet the requirements.