Call for the Cyber Startup Challenge 2023

Companies are invited to register for the challenge and submit their solutions. The three start-ups with the most promising solutions will be allowed to present their idea at the Cyber-Defence Campus Conference on 26 October 2023 in Bern.

A jury of experts and DDPS stakeholders will select one company as the winner of the Startup Challenge at the end of the conference. The selected startup will receive a contract worth up to CHF 100,000 for the integration of a proof of concept of their technology into the DDPS environment.

This challenge is not a call for tenders but a market exploration. Promising technologies are identified that best meet the requirements of the Department of Defence.

• What we are looking for

  We are looking for novel solutions in the field of smartphone security. The technology does not have to be fully developed yet, but a convincing proof of concept (PoC) should be realisable within one year and with less than CHF 100,000.

  The goal is for the technology to help efficiently and comprehensively analyse the security of third-party smartphone applications and their potential threats. It also aims to test applications running in an unmodified (non-rooted) operating system while providing dynamic testing capabilities.

  Below are some examples of smartphone security technologies that are of interest. However, we are also happy to hear about related technologies that are not listed.

  Example: Black box tests
  Testing an application without decompiling, reverse engineering or looking into its internal code or structure. Testing is done by interacting with the user interface (UI) and observing how the application interacts with the network or device to detect malicious behaviour. One possible approach would be to use Deep Reinforcement Learning to predict application interactions, recognise UI elements or generate input for form filling or logins.

  Example: User data protection with black box tests
  Use black-box testing of applications to identify risks to user privacy such as detecting dangerous permissions granted to applications (e.g. reading phone status, pinpointing location, etc.). Black box testing could be used to determine whether an application's permissions have been dangerously extended (by exploiting a legitimate application or by the malicious application itself) from the specified functionality.

  Example: Dynamic application tests
  The application is tested fully automatically while it is running. Besides black box testing, there are other ways to test applications dynamically with or without using the user interface. An example would be so-called fuzzing or other dynamic analysis techniques.

  Example: Operating system tests
  The aim could be to test the default operating system on a smartphone. This is to detect malicious or unintended behaviour of the operating system or the default installed applications. Testing could be done by interacting with the user interface or by detecting changes caused by applications, such as changing permissions or other properties.

• What we are not looking for

  We do not seek solutions that require significant changes to infrastructure or that could pose risks. We are not interested in concepts, studies or solutions that are at a very early stage of development. We are not interested in consulting proposals or non-technical solutions.

• General Conditions for the challenge

  • The startup is younger than seven years as of October 2023
  • The founders are still investors and active
  • The company has at least three employees, including active founders
  • The finalist of the Challenge receives a contract to integrate the proof of concept of the technology in the DDPS
  • The contract won has a maximum value of CHF 100,000. The value is based on the amount of work required to integrate the proof of feasibility
  • The Proof of Concept is supported by the Cyber-Defence Campus
  • This challenge is neither a competition nor a tender. It is a market research challenge to find a promising technology that best meets the needs of the DDPS around the threat of cyber espionage. Participation by companies is voluntary.
  • The proof of feasibility does not aim to be effectively implemented in operation
  • Any acquisition will be through a tender process and proof of feasibility is not a guarantee of an additional mandate or purchase
  • All companies participating in the Challenge, i.e. not only the winning company, will be included in a tender and further challenges
  • The company accepts the General Terms and Conditions of the Swiss Confederation (GTC) without reservation. Suppliers who make changes (additions/adjustments) will be excluded from the Challenge.

• Selection criteria

  • Technology is related to smartphone security
  • Technological relevance and usability for for the Swiss Armed Forces
  • Feasibility of the project Innovation factor and potential for impact for the Swiss Armed Forces
  • Viability of the technology concept Dual use (civilian, military)
  • Companies from Switzerland are rated higher; however, the start-up can be international.

• Selection procedure

  • The start-up must complete the registration template of the call and send the document to the address provided.
  • The Cyber Defence Campus will select the ten best companies and ask for more information and details.
  • The top three companies will be invited to give a presentation of their company and technology.
  • During the Cyber Defence Campus Conference, the three finalists will give a 10-minute pitch and the company with the best score will be crowned the winner.

Timetable

What are you waiting for? Register now! To do so, click on the registration link or use our registration form.

Registration link