Here's a sign of the times in cybersecurity: The federal government is making commercially available a set of unclassified cybersecurity technologies it has cultivated and financially supported through a program meant to do just that.
The details: The cyber security unit of the Department of Homeland Security’s Science and Technology (S&T) Directorate will showcase 10 security solutions at Black Hat USA 2017, seven of whose development it has underwritten. All the security technologies are ready for pilot deployment and commercial use, a department spokesperson told MSSP Alert.
Developers in the private sector, academia and research will demo their applications at Black Hat starting tomorrow. The list includes:
- APE: A Novel Intrusion Prevention System for Android, developed by Mitre
- BCP38/84: Getting the Best Available Data on Source Address Validation on the Public Internet, presented by the Center for Applied Internet Data Analysis, University of California, San Diego
- CASTRA: Context-Aware Security Technology for Responsive and Adaptive Protection, presented by United Technologies Research Corporation
- CLIQUE: Scalable Modeling of Network Flows, presented by the Pacific Northwest National Laboratory
- Cryptonite NXT: Commercialized Self-shielding Dynamic Network Architecture, presented by Intelligent Automation
- Distributed Denial of Service Defense: Telephony Denial of Service Defense Technology, presented by SecureLogix
- NFC4PACS: Using Derived Credentials over Secure NFC for Physical Access Control, presented by Exponent
- Mobile Application Assurance: A Framework for Assessing, Analyzing and Archiving Mobile Applications, presented by Kryptowire LLC
- QUASAR: Strategic Decision Support for Cyber-Defense Planning, presented by the Massachusetts Institute of Technology Lincoln Laboratory
- StreamWorks: Continuous Pattern Detection on Streaming Data, presented by the Pacific Northwest National Laboratory
All but APE, QUASAR and StreamWorks were funded by S&T in the beginning stages of development, the spokesperson said. The three technologies the agency’s unit didn’t back were either fully developed or nearly ready, and complemented the other seven in the lineup, he said.
“We’re facing some really significant challenges in cybersecurity,” the spokesperson said. “We’re looking for innovation across government , the community of developers and academia to help develop cybersecurity solutions,” he said.
Directly tied to cybersecurity app development is moving unclassified technology to the open market. The government’s Transition to Practice (TTP) program identifies promising federally-funded cybersecurity technologies and accelerates their transition into the marketplace, according to the Cyber Security Division Transition to Practice Technology Guide 2017.
The feds spent more than $1 billion annually on cybersecurity research last year but hardly any of it hits the commercial market, the document reads. In fact, the idea behind the Black Hat showcase is to bridge that divide.
“This divide between research and commercialization, commonly called the ‘Valley of Death’, is often the result of a lack of partnerships between the government and the private sector, insufficient resources, and inefficient processes for transferring technology out of a laboratory environment,” the document said.
Meanwhile, in addition to app development, the S&T organization has established partnerships with similar groups in 13 countries, including the U.K., Australia, Canada, Singapore and Israel as well as the European Union.
In May, it struck a deal with the Netherlands Organization for Scientific Research and that country’s National Cyber Security Center, part of the Ministry of Security and Justice. That partnership includes a $2.6 million investment in a joint U.S.-Dutch research team. The research effort will focus on Industrial Control Systems/Supervisory Control and Data Acquisition and Distributed Denial of Service Defenses.