Bringing Govt. Security Technologies to Real World

Friday, September 12, 2014 @ 02:09 PM gHale


The federal government does an incredible amount of research and development on all things cyber security, and now through the Department of Homeland Security’s Transition to Practice (TTP) program, technologies developed at federal labs now stand a better chance of finding their way into the real world.

The TTP program, spearheaded by the department’s Science and Technology Directorate (S&T), helps move federally funded cyber security technologies into broader use. Getting research discoveries and new technologies over the gap between early, promising research on one side and technology that’s in use on the other is a dire need in the national lab community.

RELATED STORIES
SSH Access Control Guidelines Released
NIST Seeks Security Framework Response
NIST ICS, SCADA, Test Bed
Security Framework Workshop in FL

“Moving technologies from the laboratory into actual practice is difficult,” said Steve Hurd, a cyber security researcher who helps lead Sandia’s TTP efforts. He said one major reason is technologies that seem to work in the lab might need fine-tuning or further upgrades in the field.

“So TTP is an inventive attempt to help all the labs improve in this area,” Hurd said. “It’s paying dividends already by opening doors that will get new innovative cyber defense technologies from Sandia (National Laboratory) and other laboratories into the hands of industry, academia and other research institutions that can really use them.”

TTP’s methodology is straightforward. Department of Homeland Security’s Mike Pozmantier, the program manager for TTP in the S&T Cyber Security Division, conducts events across the country each year that feature cyber technologies developed at Department of Energy (DoE) and Department of Defense (DoD) laboratories and selected for evaluation by DHS. The events target specific sectors and audiences, including those in the federal government and the high-tech, energy, financial and critical infrastructure sectors.

The goal is to generate interest, initiate conversations and build relationships and business partnerships that get important cyber technologies, including some developed at Sandia, into practice. That could occur through pilot programs with industry, licensing or spinning off of technologies into startup companies through venture capital funding.

To support this process, selected technologies go through testing and evaluation to assess whether they’re ready for a practical pilot test or commercialization. Technology providers also get help readying their technologies for market.

In addition to considering Sandia-developed cyber technologies for transition, DHS uses Sandia’s cyber security expertise to test and evaluate TTP technologies developed by other DoE and DoD labs.

“Our main goal is to help make the technologies easier and more cost-effective for end users to adopt, ultimately leading to more effective protection of digital systems,” Hurd said. “We try to discover the areas in the technology that need improvement, then provide specific feedback to the developers.”

Sandia tests in realistic environments, using a wide range of tools, including dynamic testing of executable files in software and the adversarial-based red-teaming. “Red teaming” refers to assessments that help customers acquire an independent, objective view of their technologies’ weaknesses from the perspectives of a wide variety of potential bad guys.

Sandia is employing two unique capabilities as part of the TTP test and evaluation effort, said project manager Susanna Gordon.

“Our Forensics Analysis Repository for Malware, or FARM, provides a large number of analyzed malware samples that we are using to test technologies intended for enhanced malware analysis,” Gordon said. For technologies intended to run on enterprise-scale networks, Sandia’s researchers are conducting tests using the labs’ Emulytics platforms, which can efficiently emulate and analyze representative enterprise-scale networks, greatly reducing the cost of running at-scale testing.

The test and evaluation team also examines implementation costs and looks for new problems or risks associated with each technology it evaluates.

In TTP’s kickoff year, three cyber technologies ended up selected from Oak Ridge National Laboratory, two from Pacific Northwest National Laboratory, and one each from Sandia, Lawrence Livermore and Los Alamos labs. When TTP expanded its reach to DoD labs in its second year, two Sandia technologies, SecuritySeal and WeaselBoard, passed muster. In its third year, the TTP program selected two Sandia technologies, the Sandia Cyber Omni Tracker and Network Randomization Tool for Integrated Computer Solutions.

Sandia’s CodeSeal, a year-one TTP-selected technology, is a program that protects critical software from malware and a variety of security gaps.

CodeSeal is gaining industry interest from Vir2us, a Bay Area computer security company, and may soon see real-world use scenario at the DoE GridSTAR Center in Philadelphia. The plan, said Sandia business development specialist Craig Smith, is to bring CodeSeal to GridSTAR — embedded into Vir2us’s security suite program, Citadel — to execute on the grid, an activity expected to lead to useful validation data for CodeSeal.



Leave a Reply

You must be logged in to post a comment.