You are here

Home

Cybersecurity Peer-to-Peer Knowledge/Lessons Learned Tool

Agency:
Department of Homeland Security
Branch:
Science and Technology Directorate
Program | Phase | Year:
SBIR | BOTH | 2019
Solicitation:
70RSAT19R00000003A
Topic Number:
H-SB019.1-006

NOTE: The Solicitations and topics listed on this site are copies from the various SBIR agency solicitations and are not necessarily the latest and most up-to-date. For this reason, you should use the agency link listed below which will take you directly to the appropriate agency server where you can read the official version of this solicitation and download the appropriate forms and rules.

The official link for this solicitation is: https://sbir2.st.dhs.gov


Release Date:

December 19, 2018

Open Date:

December 19, 2018

Application Due Date:

February 12, 2019

Close Date:

February 12, 2019

Description:


Organizations throughout the American economy and government are faced with designing and then
operating
cybersecurity risk management, in a complicated and dynamic environment.  They have been provided
with a useful starting point, a cybersecurity risk management framework, developed by NIST,
supported by DHS, and filled out in some detail by different critical infrastructure sectors and
organizations.  But sustaining risk management operations is more difficult, as organizations must
somehow blend a great deal of technical input (vulnerability reports, incident reports, threat
analysis, technical guidance, etc.) with their own organizational experience.  The cybersecurity
“knowledge management” challenge is significant for any particular organization, regardless of size
or critical infrastructure domain.

Additionally, several million organizations and companies across the country are faced with this
challenge, continuously.  Most information sharing systems assume that these many organizations and
companies should report their cybersecurity experiences vertically to commercial and governmental
centers, which are to synthesize these various reports and report back analytical insight.  But
what does not yet exist is a peer-to-peer version of this reporting activity, where an organization
can directly leverage related experiences of thousands of organizations and companies, through a
tool that can capture and report their own experiences and connect them with comparable experience
of other organizations and companies, to better help them understand and manage their cybersecurity
risk.

The end product of this effort should address capabilities such as:
•    Key internal risk assessment elements
•    The time/dynamics of internal risk assessment elements
•    Outside context for these assessments (vulnerabilities, operating data, etc.)
•    Multiple information sharing mechanisms (one to one, one to many, collaboration drafts, etc.)
The key requirement is that this tool must be able to support enterprise consideration of
cybersecurity risk, by bringing into the process valuable insight from other enterprise’ consideration of risk

US Flag An Official Website of the United States Government