DoD seeks cyber threat intelligence support

On June 25, the Department of Defense posted a request for information (RFI) for Cyber Threat Intelligence (CTI) Aggregation enterprise (cloud-based). Responses are due by 11:59 a.m. Central on July 25.

Joint Force Headquarters-Department of Defense Information Network (JFHQ-DODIN)/J4 is seeking information from industry to assist with the development and planning of a potential new requirement.

The primary role of joint intelligence is to provide information and assessments to facilitate mission accomplishment. This role is supported by a series of specific responsibilities to guide the intelligence directorate of JFHQ-DODIN and supporting organizations. These include the following: Inform the commander, describe the operational environment (OE); identify, define, and nominate objectives; support planning and execution of operations; counter adversary deception and surprise; support friendly deception efforts; and assess the effectiveness of operations.

JFHQ-DODIN is seeking information from industry regarding CTI Aggregation enterprise (cloud-based) capability that can ingest multiple third-party CTI feeds and external threat data. JFHQ-DODIN reviews and analyzes classified and open-source threat intelligence to identify attack indicators, mitigate identified threats, establish threat data feeds, and share advisories with DODIN customers and other federal specialists.

A critical mission of JFHQ-DODIN is to conduct defensive cyber operations (DCO) consisting of passive activities intended to preserve the ability to utilize DoD cyberspace capabilities and to protect DoD data, networks, and systems. As cyber threats proliferate – both in terms of numbers and sophistication – the ability of JFHQ-DODIN to successfully perform the CTI role in defensive cyber operations becomes more and more challenging. We are interested in identifying a commercial solution capable of aggregating and correlating cyber threat intelligence information. We are interested in solutions that provide Artificial Intelligence (AI) to help our analysts identify common patterns of information across multiple sources of information.

The analyst requires an ability to ingest the current CTI Feeds into a single solution, to correlate and validate each Indicators of Compromise (IOC) as they are being processed in automated fashion. The capability shall include ingest from both existing Data/Application Programming Interfaces (APIs) as well as multiple cyber intel feeds that will be aggregated and analyzed in single interface. In addition, the capability shall provide the ability to manually upload data from spreadsheets and documents; ingest from existing DoD cyber repositories, have the processing power to ingest multiple feeds at the same time, and be powered by AI and Machine Learning (ML) for the purposes of conducting queries, analysis, and alerting.

Review the DoD cyber threat intelligence RFI.

Source: SAM

The right opportunity can be worth millions. Don’t miss out on the latest IC-focused RFI, BAA, industry day, and RFP information – subscribe to IC News today.