A triple-threat against cyberthreats
02 December 2017
The Department of Energy's Pacific Northwest National Laboratory (PNNL) has licensed three of its most unusual technologies for preventing cyberattacks to Cynash Inc, a startup company funded by IP Group, an intellectual property commercialization company. Cynash was formed specifically to bring these three cyber protection technologies to market to provide a powerful new approach to the detection and prevention of cyberattacks.
Cynash intends to integrate these technologies into a suite of products and services to enhance cybersecurity in private enterprise, the public sector and industrial control systems.
Two of the technologies, DigitalAnts and MLSTONES are inspired by nature and biology.
The third, SerialTap, addresses vulnerabilities inherent in remotely controlled physical systems common in infrastructure and manufacturing.
The Ants go marching
DigitalAnts, was inspired by the power of ants swarming to protect their colonies. In this case, the colonies are large scale networks or even connected devices such as phones and sensors and many others that make up the entire Internet-of-Things and can provide a foothold for cybercriminals.
Distributed ant-like software agents wander across networks from device to device to detect suspicious behaviour by watching types of information, such as network bandwidth or power consumption.
Like their natural counterparts, DigitalAnts throw down markers much like pheromones to attract other ants to the location of concern. This concept of indirect coordination, known as stigmergy, allows rapid validation of an anomaly by several independent agents. Once an anomaly is confirmed, the DigitalAnts technology alerts users and other systems to take appropriate action.
A protein by another name
MLSTONES, which stands for Machine Learning String Tools for Operational and Network Security, was developed by researchers applying the power of high performance computing to vast amounts of biological data being captured to study protein similarity.
They considered using this approach to cyber-related data such as software and specifically malware. This biological-based approach allows MLSTONES to recognise evolving, never seen before malware by detecting similarities in evolving malware -something that conventional malicious software detectors cannot do effectively. It also allows MLSTONES to classify malware into families based on behavioral similarity.
Tapping into the data
SerialTap was developed to bridge the gap between older serial based devices and modern networks in industrial control systems. An industrial control system sends and executes directions for remotely operating infrastructure such as valves, switches and sensors in distant field locations.
They number in the millions and may be vulnerable to cyberthreats. When communications lines to these remote operations or serial devices are tied into the IT networks of industrial control systems, it may leave them open to bogus commands that could do serious damage.
SerialTap taps into these older communications devices to translate information and mitigate threats. SerialTap is an inexpensive means of wrapping the data from the serial communications device in a form that can be used by modern assessment tools that don't 'speak the same language,' thus providing situational awareness to a company's engineering and security team.
IP Group discovered these technologies through the Department of Homeland Security Science and Technology Directorate's Transition to Practice Program, which connects promising cyber technologies with potential industry partners and investors. PNNL has participated in this program from its inception and has now licensed a total of five technologies through TTP - the most of any participant in the program.
"The DHS TTP program has been an invaluable partner to PNNL, as it has enabled our researchers to engage with cyber practitioners to identify how they might collaborate with each other to further develop and bring these technologies to marketplace rather than having the potentially game changing technologies languish unused," said Kannan Krishnaswami, a commercialisation manager at PNNL. "Ultimately, any technology transferred out of the Laboratory and into the marketplace has an enormous impact on our sponsor's mission of keeping the nation safe and secure."
"We are delighted to establish another venture with our partners at Pacific Northwest National Laboratory and to be associated with the DHS TTP," said Michael Burychka, Chief Executive Officer IP Group North America. "The new enterprise, Cynash, Inc., will incorporate these unique technologies into a comprehensive and compelling cyber defense solution that will address the ever-increasing threat of these costly attacks. We couldn't ask for a stronger partner and are excited to build and support Cynash as it moves ahead."