The U.S. Department of Homeland Security (DHS), Homeland Security Investigations (HSI), Office of Acquisition Management (OAQ) intends to solicit from a single source, TRM Labs, Inc., for TRM forensic software and support services to support Homeland Security Task Force investigations.
The intended period of performance for this effort is 12-months from time of award.
The Homeland Security Task Force (HSTF) National Coordination Center (NCC) Cyber Disruption Center (CDC) requires advanced technology solutions and operational support to fulfill its mission under Executive Order 14390. CDC faces persistent and evolving threats from cyber-enabled fraud, ransomware, and sextortion, which target critical infrastructure, financial institutions, and vulnerable populations. Current federal resources and processes are insufficient to match the speed, scale, and sophistication of these adversaries.
To address these challenges, HSTF requires a team of analysts equipped and skilled in cryptocurrency tracing, blockchain analytics, and open-source intelligence tools to identify criminal activity across multiple cryptocurrency blockchains. The analysts must be able to trace transactions, recognize criminal typologies, and produce investigative lead packets with actionable intelligence for federal law enforcement. The support services that enable rapid detection, triage, interdiction, asset recovery, and cross-sector collaboration to support three primary mission areas:
1. Scam Disruption
o AI-powered triage of victim complaints and clustering of criminal syndicates.
o Automated victim outreach and support services.
o Real-time scam wallet screening for financial institutions and exchanges.
o End-to-end asset recovery pipeline, including monitoring, tracing, freezing, and forfeiture.
o Targeting and mapping of transnational criminal organizations.
o Verification of victim claims and restitution documentation.
2. Cybercrime Disruption and SLTT Resilience
o Unified knowledge base and threat graph for cybercrime, including ransomware and extortion.
o Indicator of compromise (IOC) database and natural-language query interface.
o Intelligence packages to support enforcement actions.
o Ransomware asset recovery and detection of infrastructure overlaps.
o AI-enabled incident response and threat reporting for state, local, tribal, and territorial entities.
o Collaboration tools for law enforcement and fusion centers.
3. Sextortion Disruption
o Targeting and mapping of criminal networks and infrastructure operators.
o Asset recovery and tracing of proceeds across payment rails.
o Expansion to consumer messaging platforms and financial institution partners.
o Integration of freeze pipelines and evidence packaging.
o Engineering and machine learning support for victim identification and perpetrator attribution.
o International field engagement and monitoring.
NCC also requires the ability to scale operational capacity rapidly to support surge events, special operations, engineering initiatives, or new partnership activations. The solution must support forward-deployed personnel, international engagement, and participation in missionrelated events, in accordance with federal travel regulations. The NCC seeks a fully operational and deployable platform and managed services that support persistent and scalable disruption capabilities, and enable government personnel to independently operate disruption workflows by the end of the implementation period. The solution must provide robust audit, governance, and human-in-the-loop decision frameworks,
ensuring compliance with privacy and security requirements.
