wfedstaff | April 17, 2015 5:25 pm
The Homeland Security Department is bringing eight cutting edge cyber technologies before the money people in Silicon Valley this week.
The Transition to Practice program is pitching to venture capitalists, investors and other companies in California the potential of federally-funded cyber tools. DHS said it believes these software and hardware products could significantly improve the security of computers and networks.
“The program seeks to find mature federally-funded cybersecurity research and development that projects into commercial markets, which further projects into securing the networks of the homeland security enterprise,” said Michael Pozmantier, the program manager of the Transition to Practice in the Science and Technology Directorate at DHS. “The homeland security enterprise [includes] federal, state, local, private sector critical infrastructure. We are really interested in getting technologies out that traditionally haven’t made it out from the federal lab into the market where they can have the most benefit for the cybersecurity of the nation.”
The Transition to Practice program started about 18 months ago, and these eight technologies are among the first DHS is showing off.
“We are going to areas outside of DHS that are doing federally-funded cyber R&D. So in the first year, the first eight technologies we chose are from the Energy Department affiliated national laboratories,” he said. “I go to the labs. I’ll spend a day or two at each laboratory seeing demonstrations of the technologies, talking to the researchers. The first year we went to eight DoE national laboratories, saw 35 technologies and we chose eight. These are the eight we are working with right now.”
Commercially viable R&D
DHS first presented the programs to federal agencies last winter. Earlier this month, it showed financial services companies in New York how the technologies worked.
But going to California’s Silicon Valley is the first event focusing on commercializing the cybersecurity tools.
“If you want to get to where cybersecurity and IT innovation is happening, the places for that are Silicon Valley, and D.C. is emerging for that as well, particularly for government focused technology. That’s why we are doing the events on both side of the country. We believe there is enough of a community on either side that we can talk to all those people and take the technology to where the people are, as opposed to expecting them to come to us where we don’t get the penetration that we want,” Pozmantier said. “This is the first time we’ve done these events so these communities don’t really know about us until we come to them to do these kinds of events. This is a really big outreach on our part to make sure they are aware the federal government is doing this kind of research and is looking to provide the benefit of that research to the community.”
He added the event is trying to attract three types of companies or people:
DHS just finished reviewing a second round of technologies from the Defense Department’s affiliated labs such as Johns Hopkins, Massachusetts Institute of Technology and the Space and Naval Warfare Systems Command for demonstration later this year. Pozmantier said last spring he visited 11 other labs to review 60 technologies. In the end, DHS chose nine.
“The way we ultimately select them is looking at the problem it solves, trying to confirm the maturity level of it because it’s got to be at the point that it’s ready to be piloted,” he said. “If it’s not to that point where it’s gone through the proof of concept and it’s ready for pilot, then we can’t select it for that point in time, and we will keep it in on our tracking list for the following year.”
Pozmantier said the one-day event scheduled for Thursday will include presentations of the eight technologies and then one-on-one meetings between audience members and the technology researchers.
Among the technologies DHS is demonstrating this week is one from the Los Alamos National Laboratory that is an intrusion detection system, called PathScan.
“This one is different than your traditional IDS in that it uses anomaly detection as opposed to signature based detection to find different things going on the network,” Pozmantier said. “It will baseline what’s going on inside the internal network and look for different traffic patterns that might stand out, and then alert the cyber analysts in charge of those networks to do some forensics on those things.”
Los Alamos is using PathScan on its 20,000 node unclassified network to analyze millions of communications every minute.
Another technology that is getting a lot of interest is from Lawrence Livermore Lab, called Net_Mapper, which can find anything attached to the network-devices, open ports, communication paths, routing directives and the processing of transactions between hosts and users of the network.
“They like to say it finds everything you expect and more,” Pozmantier said.
A third technology from the Pacific Northwest National Labor called MLSTONES uses an algorithm used in protein sequencing to do network event analysis and malware detection.
“It takes different events or software code and sequences them into what would be equivalent of amino acids that make up a protein and builds these textual sequences of these letters and what it does is looks for patterns in these letters and matches them up,” he said. “So it can be used to identify malware in that way. A given fingerprint of a piece of malware can find different pieces that have the same type of patterns and match them up. It can also look at different types of events so if you know you are looking for certain things that happened on your network, it can sequence those in the same way and find them throughout your network based on event logs.”
Linebacker with no football
Pozmantier said the success of MLSTONES led to DHS issuing a Broad Agency Announcement earlier this winter for a program called LINEBACKER. The Pacific Northwest laboratory received the BAA to expand it to government agencies
Pozmantier said if a company wants to take the technology to market, it would work directly with the technology transfer lead at the agency that developed the application. Each technology transfer office may have its own set of procedures to move the software or hardware into the commercial market.
“They have to have a mechanism in place whether it’s a work-for-others contract or allowing the lab employee to leave for a period of time and come back or even do a side consulting with the company because that’s really a key piece to being successful is having the brain trust accessible to the company that’s licensing the technology from the government,” Pozmantier said.
The Transition to Practice program received $4.5 million in funding in fiscal 2013, of which about half went to run the pilots and the other half went to fund the testing and evaluation of the programs through red teams.
Pozmantier said DHS wants to showcase these eight technologies again in October in the Washington area. DHS also is planning to demonstrate the next nine technologies to a government-only crowd in November.
The longer-term goal is to present the technologies to multiple critical infrastructure sectors, including Energy in Houston, financial in New York, IT and telecommunications in Silicon Valley and government in Washington.