Four organizations win DARPA contracts to simulate threats in networks for SMOKE program

Contracts were awarded under DARPA's Signature Management using Operational Knowledge and Environments (SMOKE) program.
Composite image of modern city network communication concept (Getty Images)

Four organizations were recently awarded contracts for the Signature Management using Operational Knowledge and Environments program overseen by the Defense Advanced Research Projects Agency.

The SMOKE program aims to develop signature management technologies and automate threat-emulated infrastructure in order to provide realistic simulations of threats for a more holistic network picture.

The organizations that landed contracts for the effort include BlackHorse Solutions, Inc. – a Parsons Company – Cynnovative, Georgia Tech and Punch Cyber Analytics Group, according to a DARPA spokesperson.

The approximate total program value is $55 million.


The project is currently in the research-and-development phase. It kicked off in October 2022 and is slated to run over the next three years.

The program is divided into two technical areas: automated planning and execution of attribution aware cyber infrastructure, and discovery and generation of infrastructure signatures. According to the original broad agency announcement, it was expected that the winners for each technical area would deliver components on an iterative and incremental basis.

The initiative is designed to help teams detect ever-increasing cyber threats in a more efficient manner.

“Today, the demand for network security assessments is greater than the supply because of a shortage of cyber expertise and a lack of automation. If successful, SMOKE will develop tools to automate the planning and deployment of threat emulated, attribution-aware cyber infrastructure,” according to the BAA.

“These tools will enable red teams to increase the scale, efficiency, duration, and effectiveness of cyber security assessments. Moreover, red teams will be able to provide longer cyber security assessments for a larger number of concurrent networks because of their ability to remain hidden for longer,” it said.

Latest Podcasts