The Defense Advanced Research Projects Agency (DARPA) has launched a program that aims to help developers understand emergent behavior in computers to prevent cyber attackers from generating malicious and unintended computations using already embedded features of critical systems.

DARPA is seeking interested proposers for the Hardening Development Toolchains Against Emergent Execution Engines initiative to study theories and approaches and develop tools for mitigating emergent software behaviors throughout the software development phase where they are usually overlooked, the agency said Wednesday.

The HARDEN effort seeks to address the current process of system designers unknowingly enabling emergent behaviors because of their focus on ensuring a software can perform its task, taking away time to consider what unexpected conduct it could exhibit.

Aside from theory analysis and tool development, participants will explore methods to disrupt the exploit execution engine located at the design level that causes a system to act awry and apply such ideas to concrete technological use cases of integrated software.

“We want to ensure we’re creating models that will be of actual use to critical defense systems,” said Sergey Bratus, a program manager in DARPA’s Information Innovation Office.

The agency plans to discuss the program with potential offerors at a virtual meeting scheduled for Thursday.

ExecutiveBiz, sister site of ExecutiveGov, will host a forum about supply chain cybersecurity. Visit the EBiz Events page to register for this timely forum and view other upcoming events for the GovCon community.

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and the FBI have released an advisory saying they have observed more than 400 cyberattacks against U.S. and international organizations using Conti ransomware. 

Malicious actors use Conti to encrypt workstations and servers, steal files and ask for a ransom payment and gain access to networks through spearphishing campaigns, stolen remote desktop protocol credentials, fake software, phone calls and other common vulnerabilities in external assets, CISA said Wednesday.

“We encourage Americans to visit stopransomware.gov to learn how to improve their own cybersecurity to mitigate risk of becoming a victim of ransomware,” said Eric Goldstein, executive assistant director for cybersecurity at CISA.

NSA, CISA and FBI are recommending several measures to mitigate the risk of Conti ransomware attacks, such as using multifactor authentication, implementing network segmentation and filtering traffic, keeping software updated and screening for vulnerabilities and implementing endpoint and detection response tools.

Rob Joyce, director of cybersecurity at NSA and a previous Wash100 awardee, said cybercriminals using Conti have targeted the defense industrial base and critical infrastructure and NSA is calling on organizations to use the mitigations in the advisory to reduce their risk to ransomware attacks.

ExecutiveBiz, sister site of ExecutiveGov, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” forum.

Microsoft has announced a detailed series of actions the company will be taking in response to the recent Biden Administration initiatives for implementing security tools and best practices to bolster national cybersecurity.

In total, Microsoft will be investing $20 billion over the next five years to design and deliver advanced security solutions that will accelerate the nation’s cybersecurity missions.

In a recent Executive Spotlight, four-time Wash100 Award winner Rick Wagner, president of Microsoft Federal, expressed the company’s commitment to advancing the security of the United States.

Wagner noted, “our greatest strength is Microsoft’s 40-year history of supporting the federal government. Microsoft is committed to assisting the federal government and over that 40 years, our support has evolved.”

The Microsoft Corporation reiterated on Thursday that it will immediately provide $150 million of funding through its FastTrack program to help federal, state and local governments modernize their systems, establish Zero Trust controls and upgrade security protection measures.

Additionally, Microsoft will allocate $50 million of the $150 million towards helping federal agencies modernize and transition their vulnerable legacy infrastructures to cloud infrastructures.

Another action Microsoft outlined includes collaborating with the National Institute of Standards and Technology’s initiative to advance supply chain industry framework and enhance security. In response to Biden’s May 12th Executive Order, Microsoft developed the Supply Chain Integrity Model (SCIM) to enable automated verification of supply chain security policies, evidence and artifacts for products including software, hardware and machine learning datasets.

“There is a great deal of interest in creating resilient and secure supply chains and we are actively working to do that,” Wagner stated in an interview with ExecutiveBiz.

To reflect Microsoft’s commitment to the open-source community, the corporation has made SCIM information publicly available through NIST and GitHub.

Microsoft also recently became an Alliance Partner in the Cybersecurity & Infrastructure Security Agency’s (CISA) new Joint Cyber Defense Collaborative aimed at promoting resilience and strengthening cyber defense capabilities.

In order to broaden access to government-specific training, workshops, certifications and reference architectures, Microsoft also launched a free repository of educational resources on cybersecurity.

Microsoft emphasized that these actions will foster close collaboration with industry leaders and government entities and will result in accelerated modernization and increased national security.

On October 14, 2021, the Potomac Officers Club will be hosting their seventh annual 2021 Intel Summit featuring notable federal and industry leaders to discuss the future of technology in intelligence agencies. Check out the event to to learn more about how intelligence officials incorporate cutting-edge technology and techniques to gather intelligence and combat adversaries.