In the startup world, the gap between when a technology is developed and when it becomes a viable product is known as the "valley of death." For innovations emerging from government labs, which are hidden from venture capitalists and held back by bureaucracy, the risk of a promising invention failing to see the light of day is especially high.
A new Department of Homeland Security program wants to help bridge that divide in the increasingly important realm of cyber security and defense. Called "Transition to Practice," the program couldn't sound more anodyne. But clinical title aside, the idea behind it has value.
The mission is for Homeland Security to scour labs for the best unclassified technologies being developed, spotlight them for potential investors, and try to get them developed into commercial products that both government and private industry would use.
The government retains rights to intellectual property created by its researchers - it wouldn't have to buy back technologies it funded - but any services and add-on features developed in the free market are fair game.
The 18-month-old program is still in the early stages and can't claim a breakout hit yet. But of the eight technologies being demonstrated at a conference I attended last week in San Jose, California, some could have broad appeal:
This project out of Los Alamos National Lab takes a counterintuitive approach. Instead of keeping online attackers out, the software lets them in so it can trace in real time the path of hackers, learn their techniques and pinpoint machines that are likely compromised so technicians can take those offline. The technology is already running on the lab's 20,000-computer unclassified network.
The software from Lawrence Livermore National Laboratory scans networks to identify active devices, such as routers and PCs, and detects suspicious connections between machines, which can indicate a compromise. This is important because network administrators often don't know everything that's going on in their systems and may need a real-time snapshot. Spotting connections from previously unknown computers or suspicious communications pathways might be a sign that an attack is under way.
If hackers get access to sensitive computers, this software is designed to make sure they can't run certain programs on them. CodeSeal, from Sandia National Laboratories, uses cryptography to disguise software on targeted machines that governments and critical infrastructure operators want hidden. Similar to PathScan, the developers assume that hackers will be able to break into certain devices. The goal here is to neutralize their effect once the bad guys are inside.
In addition to protecting the government, the goal of the program is to provide security to operators of power grids, oil and gas pipelines and other critical infrastructure, according to Michael Pozmantier, a manager in the cyber security unit of Homeland Security who oversees Transition to Practice. And as we already know, online attacks on these essential facilities are very real.
Whether investors will bite is unclear. At the very least, Pozmantier said, Homeland Security is trying to make it a little easier for these technologies to make it out of the valley alive.