Newswise — What a year! Starting October 2016 through this past September, the DHS Science and Technology Directorate’s (S&T) Transition to Practice (TTP) program commercialized, spun off or released as open source 10 new cybersecurity technologies.

The program has transitioned a total of 18 technologies since it started operations in 2013, meaning more than half of the transitions occurred last fiscal year.

This year’s success can be attributed to S&T’s growing ability to identify and accelerate maturation of technologies to meet the growing need in the public and private sectors for solutions to complex cybersecurity problems.

TTP is not a traditional research and development (R&D) program. Instead of funding new research, the program selects the most promising cybersecurity technologies developed at federal laboratories, federally funded research and development centers, and universities for inclusion in a lab-to-market program. TTP is administered by S&T’s Cyber Security Division (CSD), part of the Homeland Security Advanced Research Projects Agency.

Selected technologies take part in a structured transition process designed to increase maturity and market readiness that includes training, market validation, testing and evaluation, pilot deployments, and outreach. TTP technologies are introduced to investors, developers and integrators who can advance and turn them into commercially viable products. To facilitate these connections, TTP also hosts “Demo Day” events to showcase the technologies to cybersecurity professionals, spur pilots and start them on the road to commercialization.

“It’s been an incredible whirlwind of transitions over the past year,” said Nadia Carlsten, TTP Program Manager. “These successes are strong validation that the model TTP uses to prepare its technologies for commercialization is effective in moving them over the so-called technology ‘Valley of Death,’ which continues to be an important issue for R&D. The ‘Valley of Death’ refers to a lack of funding or development partners that can help an R&D technology bridge the transition phase.

Following are brief synopses of the 10 recently transitioned technologies presented in chronological order of transition:

ZeroPoint is an exploit detection and analytics tool developed at the University of North Carolina. The technology, which analyzes documents, email, web content and server traffic for potentially hazardous content known as exploit payload, was spun off as a startup company called ZeroPoint Dynamics.

Hyperion, developed at Oak Ridge National Laboratory, is a malware forensics detection and software assurance technology licensed to Lenvio, a Manassas, Virginia-based cybersecurity firm.

The Network FLOW AnalyzER (FLOWER), a software application developed at the Pacific Northwest National Laboratory (PNNL), was licensed by zSofTech Solutions. FLOWER performs deep Internet Protocol (IP) v4 and v6 packet header inspections in real-time to collect bi-directional network conversations between computers to determine if a communication is suspicious and should undergo further analysis.

REnigma helps analysts regain the upper hand against advanced malware by transparently and precisely recording the execution of malware. The technology was spun off from the Johns Hopkins University Applied Physics Laboratory by Oregon-based startup Deterministic Security, LLC.

Complementary technologies developed by researchers at PNNL—MLSTONES and Digital Ants—simultaneously were licensed by IP Group. MLSTONES is a set of algorithms based on the concept of protein sequencing to recognize similarities in data that are distantly related but still statistically significant. These algorithms recognize similarities to help quickly find a proverbial needle (a cyber-event) in a proverbial haystack of data. Digital Ants uses dynamic, decentralized mechanisms inspired by nature to provide mobile, resilient cybersecurity for protecting large enterprise networks and critical infrastructure systems.

IP Group also licensed an industrial control systems cybersecurity solution called SerialTap. Also developed by PNNL researchers, the technology is a cost-effective, nonintrusive embedded device that passively taps serial-line communication. The encapsulated data is transmitted to a centralized location to leverage current enterprise analysis solutions such as cybersecurity incident and event management systems, resulting in comprehensive process control system situational awareness.

The Policy Enforcement and Access Control for End-points (PEACE) system, developed at the Worcester Polytechnic Institute, protects end-point devices by intercepting all new network connections and vetting them at a centralized network controller. This allows network operators to enforce network policy and control access to proactively defend their networks. The technology was spun off by Massachusetts-based startup ContexSure Networks, Inc.

In addition, two TTP technologies were released as open-source for adoption by the developer community and use by any organization. Those technologies are:

PcapDB, developed by the Los Alamos National Laboratory, optimizes full network packet capture for fast, efficient search and retrieval, with packets reorganized and indexed by flow before they are written to disk.

Keylime, developed by researchers at the Massachusetts Institute of Technology Lincoln Laboratory, enables users to securely bootstrap secrets (e.g., cryptographic keys, password, certificates, etc.) and continuously verify trust in their cloud computing resources without needing to trust their cloud provider.

Building on this momentum, TTP is negotiating two additional licensing agreements that once finalized would push its total of recent transitions to an even dozen. “TTP is positioned perfectly to continue the good work and expand on this tremendous momentum over the coming year,” said Carlsten.

For more information on the TTP program, visit or send an email to [email protected].