The Cybersecurity and Infrastructure Security Agency is planning to contract with industry next year on a pair of projects that seek to further build out the government’s national, multi-stakeholder cybersecurity exercises, and to develop new analytic capabilities to predict vulnerabilities and threats to the global supply chain.
One of the contracts, managed by the agency’s National Risk Management Center, will develop a predictive analytics tool that can leverage artificial intelligence and machine learning to spot weaknesses in the information and communications technology supply chain. In a questions and answers document released to the public this month, the agency said it is planning to issue a bid for a contract to fulfill these services in Spring 2022.
Another project will seek to contract with one or multiple vendors to assist in the “planning, conduct, evaluation and management of a broad spectrum” of cyber and physical security exercises the agency hosts with public sector governments and critical infrastructure. The work will require a top secret clearance and agency officials are planning to issue a request for information early next year before awarding one or multiple contracts by the middle of 2022.
Both contracts will feed into larger cybersecurity initiatives already happening throughout the federal government.
The new predictive tool will help CISA officials further scope out the interdependencies of the software and technology supply chains. While researching such interdependencies has long been a priority for CISA, it has become an increasing focus for the Biden administration over the past year as incidents like the SolarWinds campaign, the Kaseya ransomware attack and the Log4j vulnerability all underscore the widespread damage malicious hackers can cause by corrupting code in a widely-used software product.
From the Shadows Emerges Knowledge