The National Institute of Standards & Technology (NIST) is looking for industry partners to work on new projects developing ransomware defense solutions for the commercial market.
NIST officials released a notice April 27 for interested software companies to inform the agency of their capabilities that could be demonstrated for projects to improve identification and detection from ransomware threats on private sector networks.
Selected partners would begin work with NIST’s National Cybersecurity of Excellence (NCCoE) by the end of May, and operate under a Cooperative Research and Development Agreement (CRADA) to jointly support development of new security platforms.
“Under the terms of the consortium CRADA, NIST will support development of interfaces among participants’ products by providing IT infrastructure, laboratory facilities, office facilities, collaboration facilities, and staff support to component composition, security platform documentation, and demonstration activities,” NIST wrote in its notice.
Industry participants would provide their capabilities and technical expertise to NCCoE, and assist in developing future commercial-ready software defense solutions under its Data Integrity Building Block program.
“By accelerating dissemination and use of these integrated tools and technologies for protecting IT assets, the NCCoE will enhance trust in U.S. IT communications, data, and storage systems; reduce risk for companies and individuals using IT systems; and encourage development of innovative, job-creating cyber security products and services,” NIST wrote.
The first project focuses on software solutions for improving identification of ransomware threats before they infiltrate networks.
NIST requirements for capabilities under this first project include components for secure storage, file integrity checking mechanisms, and signature and behavior-based, zero-day vulnerability detection. Products utilized for the project must also provide remote network access and be sure against integrity attacks against hosts.
The second project shifts focus to developing solutions for responding to malicious software after its been detected on networks.
Officials seek private sector capabilities with components for integrity monitoring, vulnerability management and activity detection of malicious software and unauthorized activity. Capabilities for the second project must be able to analyze, mitiage and contain malicious network activity, mobile code and executables, according to NIST.