Cyber Militia Launches Nonprofit to Share Technology
A warfighter-built cybersecurity system is now perched for broader use.
Members of the Missouri National Guard Cyber Team are launching a nonprofit organization to share RockNSM, a system initially built by cyber warriors for cyber warriors.
RockNSM is a network security monitoring platform that uses open source technologies, such as CentOS, which is an operating system derived from the RedHat enterprise-level open source system. RockNSM formed the basis for a Task Force Echo network anomaly detection system used for real-world cyber operations.
According to Capt. Derek Ditch, a cyber capabilities officer with the Missouri National Guard Cyber Team, RockNSM has garnered interest from “governmental organizations and corporate organizations” from Europe, the United States and around the world. The U.S. Navy is one organization that has shown interest in the system. A Navy cyber protection team paid for some Missouri National Guard personnel to spend a week in Hawaii. “We set out to build one kit for them. We ended up building four,” reports Capt. Ditch, ARNG, cyber capabilities officer, Missouri Cyber Team.
Other military organizations were requesting the Missouri Cyber Team’s assistance often enough that they decided to build an automated tool on their own time and make it available to others through GitHub. “It was what we had, and we put it out on GitHub because teams and organizations were asking us to help build stuff, and we’re just reservists, and we have full-time jobs and families and can’t be on the road all the time. The National Guard wasn’t willing to pay for that either, so we put it out there and made it open source and available,” Capt. Ditch says.
On March 13, members of the Missouri Cyber Team officially incorporated a nonprofit organization in the state of Nebraska under the name RockNSM Foundation, which awaits Internal Revenue Service approval for 501(c)(3) status. “It has kind of taken off into its own being now. We have an entity that’s officially taken over stewardship of the project, the RockNSM Foundation that’s incorporated in Nebraska, and we’re on the cusp of getting nonprofit status,” Capt. Ditch reveals.
To successfully conduct the mission, the Missouri Cyber Team members had to ensure they squeezed “every ounce of performance” out of the available hardware. “We give you exactly what you need—nothing more and nothing less,” Capt. Ditch states. “All of the core contributors have done cyber missions in the Defense Department, some of us in the intel community, and all of us now in the private sector at Fortune 200 companies and below. Over the years, we’ve learned we need to make sure we’re collecting certain pieces of data. Others are nice to have but aren’t really that important. We kind of trim the fat there for the analysts looking at the data.”
The technology incorporates lessons learned during military missions but includes very little government-owned code. “You could probably find 3 percent of the code that was contributed while somebody was in a military status. It’s probably less than that,” Capt. Ditch offers. “This is all stuff that we’ve done on our own time after the kids have gone to bed, staying up late working on the code, making it all work. It’s not really government software at that point.”
He adds that the team did receive legal assistance from the Judge Advocate General, which handles military legal matters. “Because we wanted to make sure it continued, we decided to put it under a nonprofit. Also, there were some opportunities where businesses would like to contribute resources, and it would be more beneficial if it was a nonprofit because then they get tax advantages.”
The RockNSM user group members come largely from the public sector, military and civilian, but corporations as well. “You have small power cooperatives like in rural Midwest areas that are using RockNSM to protect their critical infrastructure. They don’t have million-dollar budgets for the latest, greatest applications that the Defense Department gets to deploy, so having something that’s free that they can just put onto some hardware is really impactful, and we want to make sure that is protected,” Capt. Ditch states.
Providing RockNSM through a nonprofit keeps it separate from Perched, a business Capt. Ditch has started along with some partners that provides consulting, education and support for the open source cybersecurity community. It also ensures the technology remains free for those with little to no budget. “There’s a thing in the open source world where companies will have open source software that they give out for free, and they take contributions, and they build up a community, and then they make it all closed source for the next revision, and you have to pay to play,” he says. “Making RockNSM a nonprofit separate from our company guarantees that our company’s never going to do that. We want to make sure that the intellectual property of RockNSM is always free and available because it’s making an impact in a good way that I think our country needs.”