The United States critical infrastructure sectors have an immediate need for technologies that can adequately detect, defend, protect, restore and respond to sophisticated cyber-threats. The Cyber Apex program will identify, test, evaluate and deploy cutting-edge technologies to deter cyberattacks against the financial sector. The program will concentrate on delivering capabilities identified by the financial sector to address five primary functional gaps. Visit the Cyber Apex homepage for more information.
What is the goal of the Cyber Apex program?
DHS is the federal government’s lead agency for coordinating the protection, prevention, mitigation and recovery from cyber incidents. DHS, in coordination with other government agencies, was mandated to establish a voluntary program to support the adoption of the National Institute of Standards and Technology's Cybersecurity Framework by owners and operators of the nation’s 16 critical infrastructure sectors, including private-sector firms and other similar entities. DHS S&T also is a trusted entity within the finance sector.
Who are the stakeholders involved in the Cyber Apex program?
Stakeholders include the Department of Homeland Security (DHS) Science and Technology Directorate’s (S&T); U.S. Department of the Treasury; the financial services sector; SVIP; Cyber Apex Solutions, the Consortium manager; and private technology vendors.
What is an OTA?
OTA is an acquisition method authorized under Title 10 USC § 2371 “Research Projects: Transactions Other Than Contract and Grants.” Its use is authorized to accelerate the prototyping and deployment of technologies that address homeland security vulnerabilities. OTA also provides a great deal of flexibility and offers the advantage of expeditious obligation of funds.
How will the Cyber Apex Consortium operate?
The Consortium, or pool of vendors, will be comprised of subcontractors to the OTA performer, in this case Cyber Apex Solutions. Consortium members will bid on proposals issued by Cyber Apex Solutions for each technology area and corresponding project effort.
How would a company in the Cyber Apex SVIP process transfer its efforts to the Cyber Apex Consortium?
In the near term, DHS S&T does not foresee or expect startups to transfer their projects/technologies from a phase in SVIP to the Apex Consortium. The technologies in the Cyber Apex Consortium are further along in maturation and TRL levels than those going through the SVIP phases. There also are different funding streams in place that must be reconciled before this type of transfer can occur.
How can vendors join the consortium?
Technology vendors may join the consortium by contacting the OTA contractor, Cyber Apex Solutions (CAS) for membership via email at firstname.lastname@example.org . Cyber Apex Solutions will provide subcontract management support allowing vendors to join the consortium as determined by the needs of the end-user.
How can a financial institution become a member of the Cyber Apex Review Team (CART)?
Any financial services organization can request to join the CART by contacting the DHS S&T program management office via email at CyberApex@hq.dhs.gov.
Are CART members listed anywhere on the Cyber Apex webpage or elsewhere?
DHS does not publicize the names of financial institutions comprising the CART. The CART is comprised of a variety of financial organizations ranging in size and business area such as lending companies, financial utilities, brokerages, asset managers, investment firms, banks and other financial institutions.
Will the Cyber Apex program be duplicated or applied to other critical infrastructures?
Currently, the goal of the Cyber Apex program is to reduce the vulnerability gaps in the FSS’s critical infrastructure. The long-range plan is for the program to expand and provide benefits to organizations in other critical infrastructure sectors that opt to implement the technologies developed under Cyber Apex for the FSS.
How will the technologies be transitioned under the Cyber Apex program?
The Cyber Apex program will transition findings and technologies to the sector through multiple avenues: Managed Security Services Providers (MSSPs). The FSS has numerous trusted MSSPs. Cyber Apex-developed and -tested technologies may be licensed to financial sector MSSPs to ensure long-term sustainment and maintenance.
- Entrepreneurial and Investment Partners. Using the Transition to Practice (TTP) model, technologies that are not transitioned to an MSSP will be made available to investment partners for licensing, startup creation or other market transition opportunities.
- Financial institution internally operated. Some findings and technologies may be absorb by CART members and they will pay the operational cost of retaining them.
- Open Source. Technologies that do not fit into the three categories above may be made available through open-source channels.