About the Cyber Startup Challenge

The goal of the challenge is to discover the startup technology landscape around the subject of «Boost your Information Sharing and Analysis Center (ISAC)» and to bring innovative technologies to the Federal Department of Defence, Civil Protection and Sport (DDPS) with a focus on critical infrastrucure protection.

Companies are encouraged to register. The best candidate will be selected through an internal selection and will be able to implement its solution.

For this challenge, three startup finalists will pitch their businesses during the Cyber Defence Conference held in conjunction with the 16th International Conference on Critical Information Infrastructures Security (CRITIS 2021) on September 28, 2021 in Lausanne.

A jury consisting of experts and stakeholders from the DDPS will choose one company as the finalist for the Startup Challenge. Finally, the selected startup is awarded a contract of up to CHF 100'000.- to integrate a Proof of Concept of its technology within the DDPS environment.

This challenge is not a tender; it serves as market exploration to find promising technologies best suited for the defence departments' demands.

What we are looking for

We are looking for novel solutions to «Boost your Information Sharing and Analysis Center (ISAC)» : collectively secure the critical infrastructure supply chain. The ISACs continuously generate, share and consume early warnings, successful mitigation strategies, and lessons learned during the incident response process.

The technology should have a significant impact in the day-to-day operation of an ISAC. The solution will be integrated in an existing infrastructure. The technology does not need to be fully mature yet, but a convincing Proof of Concept should be implementable within a year and with a budget of less than CHF 100'000.-

We are looking for a technology helping to address one of the following three questions related to a cyber incident:

1. What did help to stop the threat?
2. If the threat was inside, how could we stop it?
3. How and why was the attack successful?

Below are some examples of technologies or challenges faced by ISACs. However, in this startup challenge we are looking for any technology that addresses one of the three steps listed above.

Example 1: Multi-Tenant/Platform/Stakeholder Portability of lessons learned:

Reusable formulation of lessons learned of incidents and easily share and integrate gained insight/solutions in defensive playbooks, policies.

Example 2: Integration of physical process monitoring in Operational Technology (OT) to enrich the view of IT Security Monitoring:

IT and OT are often separated, how can these two worlds be better linked?

Example 3: Facilitate Software Bill of Materials Generation to monitor vulnerabilities in dependencies:

How can an operator solve a risk problem and pass it on so that others can replicate it?

Example 4: Automatic retrieval of security advisories, aggregation and mapping to asset inventory:

Security advisories are published in numerous types of formats that renders their automatic retrieval, storing and verification more difficult and time consuming. What are possible solutions for the automatic retrieval, ingestion and aggregation for the Critical Infrastructure Operators and other enterprises?

What we are not looking for

We are not interested in solutions that will require significant changes in the infrastructure or could pose risks. We are not interested in concepts or studies, or solutions that are in a very early development stage. We are not interested in consultancy proposals or non-technical solutions.

General Conditions for the challenge

1. The startup is younger than seven years as of September 2021.
2. The founders are still investors and active.
3. The company has at least three employees including active founders.
4. The company received less than eighty million CHF in funding.
5. The final selected startup will be awarded a contract to integrate a Proof of Concept of the technology in the DDPS.
6. The awarded contract has a maximal value of CHF 100'000.-. The value is subject to the work required to integrate the Proof of Concept.
7. The Proof of Concept is supported by the Cyber-Defence Campus.
8. This challenge is not a competition with price nor a tender.  It is a market research to find a promising technology best suited for the demands of the DDPS around cyber threat intelligence and where companies can register voluntarily.
9. The Proof of Concept is not meant for operational deployment.
10. Any further acquisition will go through a tender, and the Proof of Concept does not guarantee any additional mandate or purchase.
11. All other companies that applied can still be considered for tenders and further challenges.
12. The company is willing to accept the General Terms and Conditions of the Swiss Confederation (GTC) (in German) without reservation. Companies who make changes (additions/adaptations) are excluded from the challenge.

Selection criteria

• Technology is related to cyber threat intelligence sharing
• Technology relevance and usability for critical infrastructure operators
• Feasibility of the project
• Innovation factor and potential for impact for ISACs and critical infrastructure operators
• Technology concept viability
• Dual use (military, civilian)
• A higher priority will be given to Swiss companies; however, the startup can be international

Selection process

• The startup must fill the registration template of the call and send the document to the address provided.
• The Cyber-Defence Campus will select the ten best companies and ask for further information and details.
• The three best companies will be invited to give a presentation of their company and technology.
• At the CRITIS 2021 conference, the three finalists will give a pitch of 10 minutes and the selected company is revealed.

What are you waiting for? Register now! Use the registration form (see under Download)