The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has released two software tools to help cybersecurity teams detect and respond to attacks against their networks.

CISA announced the releases a day apart, on July 30 and 31. First out was the Eviction Strategies Tool, developed alongside engineering and information technology consultancy MITRE. The agency then revealed Thorium, created with the help of Sandia National Laboratories.

The Eviction Strategies Tool comprises COUN7ER — a database of adversary tactics, techniques and procedures (TTP) matched to appropriate countermeasures — and Playbook-NG, a web application through which cyber defense teams can draw strategies from COUN7ER.

To use the tool, an entity’s cyber staff first input TTPs from MITRE’s ATT&CK matrix or describe threat actor activities. Playbook-NG provides a list of recommended responses, which the user can export for later use. Users can also start with a template created by CISA that describes “specific collections of TTPs … that a cyber defender may use as is or quickly customize.” No information about the users or their inputs is saved.

Jermaine Roebuck, CISA’s associate director for threat hunting, said in a statement that the agency had “seen organizations struggle with identifying the right steps to take and the correct sequencing of actions” to remove cyber intruders from their networks. COUN7ER is meant to serve as “a Rosetta Stone of defensive measures cross-referenced with multiple threat frameworks. CISA will regularly update COUN7ER to account for new incidents and threat intelligence, and it will test countermeasures through internal tabletop exercises.

Thorium provides a platform to integrate multiple forensic analysis tools and index for malware threat information. It is intended to help analysis with the “vast amounts of malware” affecting organizations across the public and private sectors, which currently rely on “a long list of malware analysis tools with specific capabilities” that often were not meant to work together.

According to CISA, the software can process more than 10 million files per hour and schedule over 1,700 jobs per second. The tool provides search and text-tagging functions, access controls and automated tools for scaling and virtualization. Roebuck said the agency hoped by sharing the platform to “empower the broader cybersecurity community to orchestrate the use of advanced tools for malware and forensic analysis.”

Grant Applications Open Through Aug. 15

CISA, along with the Federal Emergency Management Agency, also announced on Aug. 1 the last round of grants for the State and Local Cybersecurity Grant Program (SLCGP) and Tribal Cybersecurity Grant Program (TCGP).

The programs, created by the Infrastructure Investment and Jobs Act of 2021, are intended to support state, local, territorial and tribal governments in reducing cyber risk and building resilience against cybersecurity threats. (See Bipartisan Infrastructure Bill Offers Funding for Grid, EVs.) $91.7 million will be available for state and local governments through the SLCGP, and $12.1 million for tribal governments through the TCGP.

According to the Notice of Funding Opportunity, interested parties must file their applications for either program by Aug. 15. This represents a much shorter window than the last time applications opened in 2024, when applicants had from Sept. 23 to Dec. 3 to submit their requests. (See DHS Offers $280M in Grants for Cyber Investments.)

Candidates must address at least one of four objectives in their submissions:

• • Establish appropriate governance structures to improve cyber response capabilities and ensure continuity of operations;
  • Identify areas for improvement in their current cybersecurity postures;
  • Implement security protections in accordance with the risks they face; and
  • Ensure organization personnel are appropriately trained in cybersecurity.

Awards under SLCGP have a ceiling of $4.2 million and a floor of $256,000; TCGP awards have a $2.7 million ceiling and a $39,000 floor.

“CISA is proud to empower state, local and tribal governments to build more resilient cyber ecosystems,” CISA’s Acting Director Madhu Gottumukkala said in a press release. “This unified DHS approach enables innovative solutions that strengthen digital infrastructure, and helps communities invest in meaningful cybersecurity improvements to protect the critical services they provide. This is another example of investing in our communities while being good stewards of our taxpayer dollars.”