CIRI-developed CRISM tool selected for Homeland Security Startup Studio 2021 program

A cybersecurity risk measurement tool developed at the Critical Infrastructure Resilience Institute, a DHS Center of Excellence at the University of Illinois Urbana-Champaign, was recently selected as the winner of the Homeland Security Startup Studio (HSSS) 2021 program. 

The risk measurement tool known as the Cyber Risk Scoring and Mitigation (CRISM) tool measures the security capabilities of the software and hardware that comprise a company’s cloud IT infrastructure. Over the last several years, the research team, called Charisma Cyber, developed an analytics engine for the tool.

This analytics engine was developed for the purpose of extracting critical, actionable intelligence that can be used by customers to gain more visibility into the cyber security posture of their infrastructure. Such insights include all possible impacts to an asset, a list of all paths to a target, identification of the path most likely to be taken by an attacker, additional vulnerabilities in the instance of an attacker compromising an asset, and a proposed solution to improve the risk score.

“It is indeed gratifying to see the commercial potential of CRISM's core technology focused on measuring cyber risk and prioritized remediation,” said Sachin Shetty, a professor with the Department of Computational, Modeling, and Simulation Engineering and executive director for the Center of Secure and Intelligent Critical Systems in the Virginia Modeling Analysis and Simulation Center at Old Dominion University.

HSSS 21 is run by the Department of Homeland Security Science and Technology Directorate, in partnership with FedTech. The initiative pairs teams of entrepreneurs with scientists and engineers in an effort to commercialize lab technologies and solve real-world problems. Teams present to expert panels comprised of homeland security experts, inventors, and venture capital representatives. The event, which is separated into two phases, features areas of research from cybersecurity to artificial intelligence and machine learning. 

The Charisma Cyber team added, “We are incredibly excited to continue working with Dr. Sachin Shetty as we explore the opportunity to pivot CRISM from cyber defensive attack analysis to cyber offensive operations.  Currently, we are actively seeking direct connections with the NSA and the ability to ‘play in cyber sandboxes’ as we continue to incubate.“

Earlier this year, CRISM was selected as one of the tech for commercialization by the startup studio. Members of the Charisma Cyber team were able to present the business development plan for the company to be able to offer CRISM to IT/OT customers while winning HSSS’s Phase 1 and Phase 2 competitions. While CRISM can still be utilized as a defensive tool, the pivot to cyber offensive operations following the competition sees prioritized development of network vulnerability tests, attack graph generation, vulnerability scores from live-threat intelligence feeds, and many others. The Charisma Cyber team’s next steps are identifying product development activities to support the change in direction.