Cybersecurity program

New DOD Pilot Aims to Determine Companies’ Cybersecurity Posture Using Open-Source Information

The Department of Defense’s Cyber Crime Center is conducting a pilot program showcasing a new service offering to inform contractors of the state of their overall defense against cyberattacks.

The Krystal Ball pilot, which underwent a soft launch in February, aims to use publicly available information and threat intelligence to give companies insight into their cybersecurity posture and find ways to improve it.

DC3 has partnered with the firm Looking Glass to generate companies’ internet footprint from open-source information and figure out whether vulnerabilities exist in any of their web servers, mail servers, remote access systems and other infrastructure that can be exploited by adversaries, Nextgov reported.

According to DC3 Deputy Director Terry Kalka, his office was able to identify high-profile network vulnerabilities across the defense industrial base during Krystal Ball’s initial rollout phase.

The new pilot offering provides benefits to DIB businesses of all sizes.

Kalka said the focus of Krystal Ball is on small and medium companies that are less likely to be able to keep up with evolving cybersecurity needs.

However, the official noted that the offering can also help larger businesses that leave some threats unaddressed despite having more robust cybersecurity programs.

Krystal Ball expands the DC3’s current services portfolio.

The office has a cyber resilience analysis tool that helps defense contractors prepare for a Cybersecurity Maturity Model Certification audit. The lightweight assessment solution is free to all member organizations of the DIB cybersecurity program.