Language selection

Government of Canada / Gouvernement du Canada

Search

Understanding cyber intent

Competitive Projects

Up to $1.2M in phased development funding to propel technology forward

The Department of National Defence and the Canadian Armed Forces (DND/CAF) require the means to differentiate between targeted malicious and broad and opportunistic cyber-attacks in order to triage and prioritize cyber responses.

Results - Using CP-CFP3-5 as it has multiple innovators

Project Title Innovator Amount Stage

Challenge: Understanding cyber intent

Challenge Statement

The Department of National Defence and the Canadian Armed Forces (DND/CAF) require the means to differentiate between targeted malicious and broad and opportunistic cyber-attacks in order to triage and prioritize cyber responses.

Background and Context

The DND/CAF is responsible for managing large IT networks that are continuously under attack by online hackers who seek to thwart security protocols and whose motivation and level of sophistication varies. Most attacks do not target the department specifically, however others are highly targeted and sophisticated.

Even with reliable and accurate detection capabilities, DND/CAF must keep pace with change by investing in new and better automated tools that can be used to reveal malicious cyber-activity. While detection is critical, it is only the first part of the equation; as such, DND/CAF is seeking ways to discern the intent of would-be attackers which is a key component of a risk-based approach for proactively managing cyber-attacks. Bolstering the cyber intent capability would allow DND/CAF to better focus its resources to limit the impacts of malicious attacks or in other, more extreme cases, to take offensive measures to defeat the most serious threats.

Desired Outcomes and Considerations

Innovations are needed that permit DND/CAF to optimize its cyber response efforts. Tools and methods are sought that can greatly increase the detection of malicious cyber-attacks, but also the efficiency, speed and accuracy of human “triage” activities.

Examples of significant outcomes include but are not limited to:

    • Automated tools and methods for boosting “detection“ accuracy and reliability;
    • Better “tripwires” for revealing malicious activity;
    • Ways to discern the “intent” of would-be attackers in order to make judicious use of resources when deciding which cyber-attacks to address, counter and defeat;
    • Risk assessment tools and methods that will help to optimize response efforts;
    • Understanding patterns of behavior associated with adversarial tactics;
    • Better intelligence with respect to changing strategies and tactics of adversaries;
    • The ability to identify adversaries based on patterns of behavior in cyberspace; and
    • Forensic analysis of successful and failed attacks to uncover patterns and trends.

Page details

Date modified: