Network Security, Security Program Controls/Technologies

Feds ink $26 million contract for deception platform for defense agencies

The Defense Innovation Unit is looking for a new director, one with both “extensive” industry and private sector backgrounds developing innovative new technologies as well as experience navigating the Pentagon’s procurement and acquisition process for science and technology. (Air Force Staff Sgt. Brittany A. Chase/DoD)

The federal government has awarded a contract to CounterCraft for a new deception platform that will be deployed throughout the Department of Defense.

The contract, which was awarded through the General Services Administration and could be worth up to $26 million, will give DoD component agencies access to the vendor’s proprietary deception platform in order to detect and monitor network traffic produced by malicious hackers targeting defense networks.

According to federal procurement records, the contract is designed to serve three purposes: provide deception capabilities that can detect unauthorized breaches or access to U.S. government networks, alert agencies and study attackers; support integration of the solution into U.S. government networks with the ability to add new components or scale the platform over time; and train agencies on how to set up and deploy the platform to bolster threat intelligence on the tactics, techniques and procedures of different threat actors.

The deception tech is needed, the government claims, because DoD cybersecurity officials “currently lack the technological platform and capabilities to withstand and gather intelligence from an ongoing cyber-attack." The current response involves turning off connected systems, something that prevents them from learning more about the behaviors of adversaries targeting defense networks.

“The current preferred defensive action is to disconnect an internet or network connected system during an attack. Disconnecting stops the ability of network operators from being able to gather telemetry data and characteristics of the attack,” the award justification states. “Cyber operations must leverage purpose-built and shaped terrain – decoy endpoints, networks, and artifacts – to deceive, disorient, and disrupt malicious cyber actors and impose cost and risk on our adversaries. CCSI’s software/licenses are intended to leverage cyber deception methodologies and capabilities to address these concerns.”

The contract is an outgrowth of a project that initially began under the Defense Innovation Unit, an office housed within DoD that acts as an incubator for emerging IT and cybersecurity technologies for the government and partners with Silicon Valley startups and other nontraditional contractors.

The underlying technology was part of a $679,000 prototype platform developed by CounterCraft and DIU for the Air Force in 2021, creating sophisticated deception environments that detect malicious cyber activity. According to DIU, it was tested in military wargames with national and NATO-level red teams.

Patrick Gould, deputy director of the DIU’s cyber portfolio, told SC Media earlier this year that the office is often able to shepherd prototype technologies from the design stage to broader adoption throughout federal agencies in such a short time largely due to a unique acquisition process that eschews many of the traditional bureaucratic requirements that dominate contracting in other parts of the federal government.

“We try to make it as commercially friendly as possible, so we try to mirror what those vendors are seeing specifically in the security realm, like if any other CISO was coming to them and saying ‘hey I want to use your capability,’” said Gould.

The contact was awarded on a sole-source basis, meaning it was not competitively bid. The GSA claims that the government conducted extensive research and no other vendor is capable of providing these services, largely because CounterCraft’s platform is proprietary, has already been highly modified and other vendors would be restricted to operating the commercial-off-the-shelf version of the software.

The agency also said they published a pre-solicitation synopsis of the requirements on federal contracting sites in August but have not received any responses from other vendors indicating they can meet the requirements.

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.