Private Companies to Get Crack at U.S.-Developed Anti-Hacking Tech

Print Email
August 27, 2015 by Chris Strohm

Anti-hacking technology developed by the U.S. will be offered to banks and other businesses under an initiative to promote cutting-edge research, even as some security specialists question its value in the private sector.

For the first time, cyber security technology developed at Los Alamos National Laboratory in New Mexico will be made available to private companies by the New York consulting firm Ernst & Young LLP, the two organizations announced Tuesday.

“Government organizations and private companies are all experiencing the same cyber threats,” said Siobhan MacDermott, a principal for cybersecurity at EY. “But they’re still seeking ways to work together to improve collective cybersecurity.”

The partnership comes as government and companies face increasingly sophisticated hacking attacks. The head of the National Security Agency, Navy Admiral Michael Rogers, has estimated that the U.S. loses as much as $400 billion a year through hacks that steal trade secrets.

Some security analysts, however, question how successful the model will be because technology developed over the course of years at government facilities may not be relevant or useful to current company needs. Government researchers also operate in controlled environments, whereas the networks of corporations can be messy and sprawling.

“The premise is based on the idea that the government is somehow better at doing cybersecurity than the private sector,” said Frank Dickson, a research director for information and network security for consulting company Frost & Sullivan. “I think that’s a flawed concept.”

University Grants

The government might be more effective by providing grants to help universities train cyber security experts, Dickson said.

The relationship between Los Alamos and EY is unique in that cyber security technology being developed and used at the lab hasn’t easily reached the private sector.

The U.S. spends about $1 billion a year on unclassified cybersecurity research. However, it often goes unnoticed in the private sector because federal researchers don’t have expertise in marketing and communicating to companies. The inability to transfer the expertise is known as “the valley of death,” said Michael Fisk, chief information officer at Los Alamos.

That’s where EY comes in. The giant consulting company has been investing and growing its own cyber security practice.

Abnormal Activity

The first technology that will be transferred by EY is called PathScan, which detects abnormal activity on networks that indicates the presence of hackers. Uncovering hackers on networks has been a struggle for many companies. On average, attackers operate inside a victim’s network for more than 200 days before being detected, according to FireEye Inc., a network security company.

PathScan is being tested at five companies and already proving valuable, according to EY. The firm believes the relationship with the lab will be successful because technology being transferred has market value and will be combined with its other services and expertise, MacDermott said.

The process that led to the licensing agreement for PathScan took about three years. The technology was first identified as being valuable to commercial ventures by the Department of Homeland Security’s Science and Technology Directorate. It is the fourth to be transferred under a program managed by the agency.

It remains to seen how useful and relevant the technology currently is, said Vikram Phatak, chief executive officer and chairman of the board at NSS Labs Inc., a private company that independently tests cybersecurity technology.

Hacking attacks have become more sophisticated since 2012, including assaults on JPMorgan Chase & Co., Sony Corp. and the U.S. Office of Personnel Management.

Phatak said NSS Labs plans to test PathScan. Phatak said he wasn’t aware of any cybersecurity technology coming from the government that has had major commercial success.

“I wouldn’t bet the farm on it but it’s great that they’re trying to help,” he said. “It’s kind of like mother-made apple pie. Who’s going to be against that?”

A section on a Bloomberg website about corporate governance, called the Bloomberg Board Directors’ Forum, is sponsored by EY’s Center for Board Matters.

Copyright 2024 Bloomberg.
Print Email

Was this article valuable?

Here are more articles you may enjoy.

AI-Powered Insurance Product Development Is Going to Take Some Powering Through
Former MLB Player Charged With Insurance Fraud in Florida
CEO Viewpoint: Predict and Prevent Just Makes Economic Sense
USAA to Lay Off 220 Employees

Related Articles

T-Mobile: Hackers May Have Ripped off Data of 15 Million Applicants
New EU Cyber Security Laws Affect Cisco, Google, Amazon and Others
Public-Private Catastrophe Plan Could Boost UK’s Cyber Risk Resilience: Study
PCI Conference Report: Cyber, Property Risks Not So Separate, CTO Says
U.S. Reportedly Drafting Potential Sanctions Over China Hacking
Lloyd’s: Drone Industry Threatened by Cyber Attacks, Reckless Pilots and Privacy Breaches
Court Ruling: FTC Has Authority to Regulate Corporate Cyber Security

Our Contributors

William SteenbergenThe Insurance Data Paradox: Structure Creates Flexibility
James GammellViewpoint: Risks for D&O Insurers Exploring the New Frontier of Gen AI
Shannon ShallcrossViewpoint: You’re at a Competitive Disadvantage If You’re Not Innovating
Richard CoyleMany Businesses May Not Be Protected Against Losses From Snow Melt Floods
Meghan ParrillaHow Apprenticeship Programs May Be the Best Solution to Today’s Talent Crisis
See All Our Contributors