You are here

Print Fleet Cybersecurity

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8649-21-P-1011
Agency Tracking Number: FX211-CSO1-0513
Amount: $49,723.00
Phase: Phase I
Program: SBIR
Solicitation Topic Code: AF211-CSO1
Solicitation Number: X21.1
Timeline
Solicitation Year: 2021
Award Year: 2021
Award Start Date (Proposal Award Date): 2021-04-14
Award End Date (Contract End Date): 2021-07-19
Small Business Information
5910 N. Central Expressway, Suite 700
Dallas, TX 75206-0929
United States
DUNS: 127793565
HUBZone Owned: No
Woman Owned: No
Socially and Economically Disadvantaged: No
Principal Investigator
 James LaRoe
 (214) 522-4000
 jlaroe@symphion.com
Business Contact
 James LaRoe
Phone: (214) 522-4000
Email: jlaroe@symphion.com
Research Institution
N/A
Abstract

  In December 2020 the US federal government saw the fallout of the longest (9 months) and largest (200+ organizations world wide) cyber espionage and data breach in US history-the likely perpetrator of this event, hackers sponsored by the Russian Foreign Intelligence Agency (SVR). Cyber criminals, including state sponsored attackers, are always  searching for ways to break in…ways to attack us...ways to disable our armed forces and government. Nowhere could the stakes be higher than with the safety and continued operations of the warfighter and their ability to protect the United States.   USAF and other armed forces remain highly vulnerable to these disabling attacks through their own unprotected, unmanaged, unmonitored devices on their networks such as networked printers and other internet of things devices. While these devices have built-in security features to shield USAF networks from penetration, they are often not enabled, managed or maintained, turning these devices into wide open doors for hackers to walk through.  Printers in print fleets, despite having sometimes as many as 300 security controls built-in, have been put on USAF networks without being properly configured for security. Printers are the second most prevalent information technology (IT) asset type on all networks, they are the most technologically advanced networked device, but they are also the least protected and most vulnerable networked device. The typical printer on a USAF network is set to factory defaults of 40-60 open ports, a published password that any state sponsored criminal can look up on the internet, and is unmanaged from a security standpoint leaving the USAF open and exposed. Symphion recognized this world-wide cyber security gap and has designed advanced software and processes to address it. Symphion is commercially delivering its solution throughout the US to prevent (shield) these vulnerable devices, networks and businesses from cyber attack by establishing and maintaining security configuration of their already built-in security features, updating firmware and managing each device throughout its lifecycle with advanced automation. For instance, 4 of the top 6 worldwide printer manufacturers have turned to Symphion to establish and enforce security configuration management across their customers’ print fleets. With respect to hardening to DoD standards, Symphion has the DISA STIG and NIST security configuration standards built-in to its software and is currently commercially delivering these solutions to healthcare systems.  Symphion’s SBIR proposal is to adapt its commercially successful solution to meet USAF classified, non-classified, and civilian needs to fill this known cyber security gap first for network printers then to address other networked IoT devices such as cameras, industrial controls and critical infrastructure systems. Symphion will accomplish this through adapting its software and current remote delivery model to meet DoD standards. 

* Information listed above is at the time of submission. *

US Flag An Official Website of the United States Government