WASHINGTON – U.S. intelligence researchers are extending the deadline until the end of May 2024 for a project to find new ways of analyzing software code to uncover characteristics that will help reveal the identities of cyber attackers.
Officials of the U.S. Intelligence Advanced Research Projects Agency (IARPA) in Washington have announced plans to accept proposals until 31 May 2024 for a broad agency announcement (IARPA-BAA-24-02) in the Securing Our Underlying Resources in Cyber Environments (SoURCE CODE) program. The original bidding deadline for the SoURCE CODE program originally was last January.
The SoURCE CODE trusted computing program seeks to create scientifically validated forensic similarity and analytic technologies that measure similarity of code and binaries to help analyze hidden information on groups, countries, or individuals, and then provide evidence to help forensic experts find those responsible for cyber attacks. IARPA is the research arm of the U.S. Office of The Director of National Intelligence.
Cyber attacks on companies and infrastructure has grown significantly and will continue to evolve over time, IARPA researchers warn. Worse, there is a shortage of cyber-forensic experts to help attribute these attacks.
Related: The essentials of trusted computing and cyber security
Attribution of these malicious cyber attacks can work to disrupt criminal cyber capabilities and improve law enforcement and intelligence community responses to attacks on software code.
The SoURCE CODE program is a 30 month effort in two phases. The first phase seeks to develop new methods and explore the feature space between source code to source code and binary to binary representations of software. The second phase is to extend the capabilities developed in the first phase.
Companies participating are to address three focus areas: feature space generation and extraction; similarity and demographic analytic algorithms; and system explainability.
Feature space generation and extraction may involve neural network approaches, hand-crafted, or a combination of features that predict similarities and information on suspect countries, groups, or individuals.
Related: Military cyber security: threats and solutions
Similarity and demographic analytic algorithms seeks to develop a system to identify similar binaries to determine similarities to uncover specific authors, groups, or countries. System explainability will help explain why a cyber attack may or may not have come from specific countries, groups, or individuals.
SoURCE CODE has one unclassified technical area and two classified technical areas. Details of the classified technical areas are available to qualified providers. Email requests for classified details to Kristopher Reese, the SoURCE CODE program manager, at [email protected].
Companies interested should email unclassified responses no later than 31 May 2024 to IARPA at [email protected]. Email questions or concerns to Kristopher Reese at [email protected]. More information is online at https://sam.gov/opp/78a4e3d0d4e74affa60b6d45cc9ccd72/view.
