Cyber Matters: NSA Technology Provides Commercial Opportunity

By Rob Sloan, cybersecurity research director, WSJ Pro

Research of next generation cybersecurity solutions requires a clear understanding of how state-level actors have the ability to subvert technology. Without expert insight it is impossible to design effective countermeasures, but even with it, the process is time-consuming and expensive. Another option to consider is leveraging and commercializing research already conducted by the government.

The federal government invested $147 billion in fiscal year 2017 to fund research and development efforts in the nation’s federal laboratories. This funding furthers research in everything from transportation and space, to agriculture, healthcare and cybersecurity. The National Security Agency’s Technology Transfer Program is seeking commercial partners to license NSA technologies that were originally developed to support the agency’s mission.

This allows companies to super-charge their products with capabilities they would not ordinarily have been able to develop.

The program currently offers over 100 different patented technologies in the areas of Cyber, Big Data, Mobility and Internet of Things, that have a potential for commercial application. Details here.

Super-Charging Products with NSA Technology

According to a Pentagon-funded economic impact study, businesses licensing NSA’s technology between 2000 and 2014 created 1,330 jobs throughout industry and added a $346 million boost to the economy.

The NSA TTP ensures industry has access to NSA’s patented technologies to increase economic growth and provide business owners with an option to license innovative, proven technologies. Security clearances are not necessary to do business with the NSA TTP and the program offers flexible licensing agreements to businesses of all sizes.

Linda Burger, Director of NSA’s TTP, has seen growth in the agency’s cybersecurity technologies available for licensing: “In a constantly changing environment, there is always a need for innovative solutions to fit today’s hard problems,” said Ms. Burger. “Anything that helps us safeguard national security-related systems is going to be of interest for the NSA. We protect our nation’s critical information just as businesses need to protect their critical information.”

“You can do it yourself, but why reinvent the wheel?”

Cyber-related technologies currently available for licensing include an identity authentication method using biometrics, a system for measuring software integrity, and an invention that anticipates cyberattacks. While the application of these technologies within the NSA may have been classified, the technologies themselves are not, allowing them to be commercialized into products that can protect the private sector as well as other government agencies.

Cybersecurity can involve more than just software solutions. One successful partnership arose from a shared ambition to improve the physical security of computer ports.

Jim Bolain, founder and chief executive of PadJack Inc., designed a device to secure ethernet ports against unauthorized connections, receiving a patent for his invention in 2009. The NSA had patented similar devices and a relationship began after they saw samples of each other’s work.

Leveraging Government Research for Commercial Opportunity

“Instead of us continuing to spend the time, money and research to develop the physical security products that had already been developed, it made sense to license the NSA products,” said Mr. Bolain. “This allowed us to focus our resources in other areas, such as marketing, and allowed us to deploy these new products quickly to our existing customer base.”

This partnership allowed the NSA innovators to concentrate on further developing the products and adapt designs as computer ports evolved, while Mr. Bolain focused on addressing customer requirements such as color-coding and adding serial numbers to the devices to ensure they were tamper-proof or tamper-evident.

“Before looking to develop your own solution I would recommend you see what the NSA TTP has to offer,” said Mr. Bolain.

Ms. Burger pointed towards open source software as another way that NSA shares its technologies. Apache NiFi (from ‘NiagaraFiles’), for example, is a technology that was developed by NSA and subsequently released via OSS making it available to the public. The software automates the secure movement of data between disparate data sources and systems. By releasing its source code to the OSS community NSA enabled that community’s engagement. In addition, this increased Apache NiFi’s agility and security and brought to commercial markets big data technology now used by hundreds of companies worldwide. More than 150 unique contributors have made improvements to Apache NiFi since it was released, benefiting both NSA and its commercial users.

Hortonworks, Inc. has developed two products based on Apache NiFi as part of its suite of open source big data technology offerings. Fortune 500 companies are now using commercial adaptations of Apache NiFi to manage their corporate data flows. For NSA, open sourcing the technology has led to significant code improvements and identified vulnerabilities that could be corrected to strengthen the tool’s capabilities.

Ms. Burger urged senior executives to engage with the NSA TTP through their website, and with other federal laboratory offices, to understand available technologies that could propel their business forward. “You can do it yourself,” said Ms. Burger, “but why reinvent the wheel? There are federally funded technologies on the shelf ready to be brought to life in the marketplace by creative, visionary business teams.”

Rob Sloan is cybersecurity research director at WSJ Pro. Previously, Rob has worked as response director for a specialist IT security consultancy in London and built a team focused on detecting, investigating and protecting against cyber intrusions and responding to incidents, especially state-sponsored attacks. Rob started his career working for the U.K. government, looking at some of the earliest cyberattacks against the critical national infrastructure. Rob’s main interest is the requirements, motivations and technical capabilities of threat actors.