Labs look to go private with cyber defenses

cyberattack graphic

The Department of Homeland Security's Cybersecurity Division is looking for a few good companies that can help it commercialize cyber-defense technology developed by some of the world's premier research labs.

The technologies, developed by national, federally funded labs – including Oak Ridge, Sandia, and Los Alamos -- are aimed at protecting a variety of electronic intrusion and attack points on enterprise and federal networks. DHS's Cybersecurity Division showcased the hardware and software for potential private investors in Washington D.C. on Dec. 18 under its Science and Technology Directorate's Transition to Practice (TTP) program.

TTP looks to commercialize or license the technology to private industry, or set up partnerships with industry, said Michael Pozmantier, program manager of the Cybersecurity Division in DHS's S&T Directorate.

With federal agencies, private critical infrastructure providers and commercial enterprise networks all feeling increased pressure to meet the cyber threat, joint development efforts under TTP are more vital than ever, said Andy Ozment, senior director for cybersecurity at the White House. "We can't secure information without working together. We need innovation and new approaches."

The TTP program, said Ozment, can produce technological solutions that he ultimately hopes wind up in the hands of not only private industry, but a range of federal and private infrastructure IT managers who need to protect IT resources from cyberattack. "We want to empower the CIO at agency and department levels" with new capabilities, he said.

At the Dec. 18 program in Washington, developers from the national labs gave short presentations on their technologies and blocked out time to meet with potential commercial investors, licensees and co-developers.

Their technology ranged from protection for removable media to the adaptation of biotechnology-based systems that sniff out cyberattackers' trails using techniques honed in analyzing DNA. Among the eight presentations made at the program were technologies aimed at protecting individual devices, servers and networks.

Logan Lamb, a developer at Oak Ridge, said the lab’s USB-ARM removable media protection architecture is based on a driver that brokers all communication between removable media and a computer's operating system. Removable media, like thumb drives, have been a constant source of worry for network operators because they can access a computer directly, avoiding network protections. Thumb drives were reportedly the source of the notorious Stuxnet virus that crippled Iranian nuclear development programs and another virus that infected U.S. defense networks overseas.

USB-ARM, said Lamb, blocks all communications to a computer until a set of user-defined criteria, like McAfee antivirus, AVG anti-virus and executable detection engines have finished analyzing the removable media for threats.

MLSTONES, a set of analytical tools developed by Pacific Northwest National Lab, is based on biotechnology and bioinformatics developed to trace DNS proteins among human families. In a computer network, the tools can be used to find associations among the vast sea of data flowing through the network, picking out those that look similar to build a profile of cyberattackers' intrusions, according to Elena Peterson, a PNW Lab developer. The tools create "cyber proteins" based on data types, aligning those proteins into "families" with split-second timing. Those family groups can reduce the amount of data that needs to be analyzed, she said.

Oak Ridge National Labs' "Choreographer" system acts much like a minefield for attackers, said ORNL developer Craig Shue. The system performs a clever server bait-and-switch, drawing attackers away from active public-facing servers using fake "honeypot" servers as bait. The system can shift the fake and legitimate servers' network addresses on demand, giving only valid users the right addresses. The technique, said Shue, can reduce attacker effectiveness from 100 percent to less than 1 percent.

Pathscan, Los Alamos National Labs' detection system, can track down intruders once they are inside a network. According to LANL developer Joshua Neil, Pathscan targets hackers' transverse behavior in the network by building models of normal network activity, passively monitoring network traffic and comparing it to behavioral models. The system breaks the network into millions of small paths and monitors each to test whether the traffic moving over it is normal compared to the models.

DHS S&T, said Pozmantier, is "foraging" at the national labs for the next TTP round, beginning another 36-month process of finding and fostering development of additional candidate technologies. TTP, he said, has seen a steady uptick in the volume of candidate technologies, from an initial 35 two years ago, when the program began, to more than 100 in fiscal 2014.



About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Shutterstock image: looking for code.

    How DOD embraced bug bounties -- and how your agency can, too

    Hack the Pentagon proved to Defense Department officials that outside hackers can be assets, not adversaries.

  • Shutterstock image: cyber defense.

    Why PPD-41 is evolutionary, not revolutionary

    Government cybersecurity officials say the presidential policy directive codifies cyber incident response protocols but doesn't radically change what's been in practice in recent years.

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group