• New technologies selected by the DHS will be introduced to cybersecurity professionals through a series of Demonstration Day events taking place around the country.
     New technologies selected by the DHS will be introduced to cybersecurity professionals through a series of Demonstration Day events taking place around the country.

Cyber Techs Ready for Prime Time

The Cyber Edge
May 15, 2017
By Maryann Lawlor
E-mail About the Author

Promising cybersecurity solutions move from the lab to the limelight.

The U.S. Department of Homeland Security’s Transition to Practice (TTP) program tomorrow unveils to investors, developers and integrators eight cybersecurity technologies with commercial potential. The budding future capabilities, developed with federal funding, range from helping cyber analysts deal with data overload when filtering social media content to protecting power transmission infrastructure by detecting sensor failures or identifying cyber attacks in real time.

Each year, the government experts forage for technology solutions at multiple federally funded research and development institutions and select the most promising discoveries to be part of the program. The eight technologies chosen this year are rather diverse, but have at least two aspects in common: They provide an innovative approach based on solid research to address cybersecurity needs and they are mature enough to transition to an operational environment and improve an organization’s cyber posture, says Nadia Carlsten, program manager at the DHS' Science and Technology Directorate. The selected technologies will be introduced to cybersecurity professionals through a series of Demonstration Day events taking place around the country, with the unveiling taking place May 16 in Washington, D.C.

MIT’s Lincoln Laboratory developed three of the new cybersecurity solutions, one of which is called Cyber Human Language Technology Analysis, Reasoning and Inference for Online Threats, or CHARIOT. It addresses the “too much data” issue that often impedes analysts from rapidly finding cyber relevant information, Carlsten says. “The current methods are time-consuming, and worse, suffer from large numbers of misses and false positives," she explains. "CHARIOT improves the efficiency of analysts by acting as a filter to reduce the number of documents that need to be reviewed and increases relevance of content through machine learning along with transfer learning techniques.”

One of two technologies developed by the Oak Ridge National Laboratory addresses the broader impact cyber attacks can have on everyday life. The Real-Time Cyber-Physical Attack Detection (CPAD) system helps protect infrastructure, such as power plants, that depends heavily on control systems comprising numerous sensors. “An increasing number of cyber attacks have successfully targeted physical infrastructure and control systems, many of them by altering sensor data," Carlsten offers. "One example is the attack on Ukrainian electrical power utilities reported in December 2016. The U.S grid might also be vulnerable to these types of cyber attacks. Sensors tend to be the least protected components, even as their use proliferates, and they are often accessible from cyber networks.” 

CPAD detects attacks on data integrity and enables system operators to identify them, as well as sensor failures, in real time to minimize the effect of corrupted data on facilities. By using multiple readings, it identifies sensor statuses that are not physically possible, and then powerful machine learning enables it to infer constraints that sensor data must satisfy.

Another TTP technologu selected this year comes from the Pacific Northwest National Laboratory, which created StreamWorks: Continuous Pattern Detection on Streaming Data. “StreamWorks is designed to support complex pattern detection of large-scale streaming data. It helps with emerging threats by providing unprecedented analytics to monitor and find patterns of interactions between users, machines and applications,” Carlsten explains.

The capability addresses two major problems organizations face. One, state-of-the-art cyber monitoring systems can’t make complex queries in a streaming setting and two, the systems can't query language and support for different types of events, which limits query usability. “Requiring analysts to learn complex query languages is very limiting," Carlsten says. "The advantage of Streamworks is that it allows cyber defenders to think naturally and use visual templates to find patterns in data.”

Another benefit is that the TTP program support startups, Carlsten says. “We help inventors spin out their technologies and create companies to commercialize them. This past year, TTP has been involved in the creation of three new potential cyber startups, and navigating the process has been very different from one technology to the next,” she explains. “This was a reminder that transferring technology out of each lab can be complex, and it is more critical than ever that we can continue to support these budding entrepreneurs by offering them the resources and mentorship needed to create cyber startups that will be successful. One of these startups is ContexSure Networks, which spun out of WPI to commercial PEACE, one of the technologies in the 2017 cohort.”

The TTP currently has 40 technologies in its portfolio with several technologies already transitioned to the marketplace. Those include: Quantum Secure Communications, Hyperion, Hone, NeMS, PathScan, PACRAT, LOCKMA and ZeroPoint.

The S&T’s Cyber Security Division administers the TTP program; the division is part of the Homeland Security Advanced Research Projects Agency. It complements the S&T process of funding projects through the full research-and-development life cycle.

More information about the TTP program and its technologies is available online or by email

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.


Share Your Thoughts: