print preview

Back Overview S+T


Call for the Cyber Startup Challenge 2023

08.06.2023 | Dr. Colin Barschel, Cyber-Defence Campus, armasuisse Science and Technology

The locations of the Cyber Defence Campus Thun, Lausanne and Zurich shown in blue on a networked Switzerland.
Locations of the CYD Campus.
About the Cyber Startup Challenge

The aim of the Cyber Startup Challenge 2023 is to explore the startup technology landscape around the topic of «smartphone security» and in doing so to present innovative technologies to the Federal Department of Defence, Civil Protection and Sport (DDPS).

Companies are invited to register for the challenge and submit their solutions. The three start-ups with the most promising solutions will be allowed to present their idea at the Cyber-Defence Campus Conference on 26 October 2023 in Bern.

A jury of experts and DDPS stakeholders will select one company as the winner of the Startup Challenge at the end of the conference. The selected startup will receive a contract worth up to CHF 100,000 for the integration of a proof of concept of their technology into the DDPS environment.

This challenge is not a call for tenders but a market exploration. Promising technologies are identified that best meet the requirements of the Department of Defence.

 

We are looking for novel solutions in the field of smartphone security. The technology does not have to be fully developed yet, but a convincing proof of concept (PoC) should be realisable within one year and with less than CHF 100,000.

The goal is for the technology to help efficiently and comprehensively analyse the security of third-party smartphone applications and their potential threats. It also aims to test applications running in an unmodified (non-rooted) operating system while providing dynamic testing capabilities.

Below are some examples of smartphone security technologies that are of interest. However, we are also happy to hear about related technologies that are not listed.

Example: Black box tests
Testing an application without decompiling, reverse engineering or looking into its internal code or structure. Testing is done by interacting with the user interface (UI) and observing how the application interacts with the network or device to detect malicious behaviour. One possible approach would be to use Deep Reinforcement Learning to predict application interactions, recognise UI elements or generate input for form filling or logins.

Example: User data protection with black box tests
Use black-box testing of applications to identify risks to user privacy such as detecting dangerous permissions granted to applications (e.g. reading phone status, pinpointing location, etc.). Black box testing could be used to determine whether an application's permissions have been dangerously extended (by exploiting a legitimate application or by the malicious application itself) from the specified functionality.

Example: Dynamic application tests
The application is tested fully automatically while it is running. Besides black box testing, there are other ways to test applications dynamically with or without using the user interface. An example would be so-called fuzzing or other dynamic analysis techniques.

Example: Operating system tests
The aim could be to test the default operating system on a smartphone. This is to detect malicious or unintended behaviour of the operating system or the default installed applications. Testing could be done by interacting with the user interface or by detecting changes caused by applications, such as changing permissions or other properties.

We do not seek solutions that require significant changes to infrastructure or that could pose risks. We are not interested in concepts, studies or solutions that are at a very early stage of development. We are not interested in consulting proposals or non-technical solutions.

  1. The startup is younger than seven years as of October 2023
  2. The founders are still investors and active
  3. The company has at least three employees, including active founders
  4. The finalist of the Challenge receives a contract to integrate the proof of concept of the technology in the DDPS
  5. 1The contract won has a maximum value of CHF 100,000. The value is based on the amount of work required to integrate the proof of feasibility
  6. The Proof of Concept is supported by the Cyber-Defence Campus
  7. This challenge is neither a competition nor a tender. It is a market research challenge to find a promising technology that best meets the needs of the DDPS around the threat of cyber espionage. Participation by companies is voluntary.
  8. The proof of feasibility does not aim to be effectively implemented in operation
  9. Any acquisition will be through a tender process and proof of feasibility is not a guarantee of an additional mandate or purchase
  10. All companies participating in the Challenge, i.e. not only the winning company, will be included in a tender and further challenges
  11. The company accepts the General Terms and Conditions of the Swiss Confederation (GTC) without reservation. Suppliers who make changes (additions/adjustments) will be excluded from the Challenge.

  • Technology is related to smartphone security
  • Technological relevance and usability for for the Swiss Armed Forces 
  • Feasibility of the project
  • Innovation factor and potential for impact for the Swiss Armed Forces
  • Viability of the technology concept
  • Dual use (civilian, military)
  • Companies from Switzerland are rated higher; however, the start-up can be international.

  • The start-up must complete the registration template of the call and send the document to the address provided.
  • The Cyber Defence Campus will select the ten best companies and ask for more information and details.
  • The top three companies will be invited to give a presentation of their company and technology.
  • During the Cyber Defence Campus Conference, the three finalists will give a 10-minute pitch and the company with the best score will be crowned the winner.

  • Registration deadline 31.08.2023
  • Selection of the ten best solutions 08.09.2023
  • The best three start-ups present themselves to the Swiss Armed Forces 13.09.2023
  • CYD Campus Conference: Presentation of the three best solutions and announcement of the winner 26.10.2023

What are you waiting for? Register now! To do so, click on the registration link or use our registration form.


Back Overview S+T