Consultants Seek to Bridge ‘Valley of Death’ to Stop Hacking

Anti-hacking technology developed by the U.S. will be offered to banks and other businesses under an initiative to promote cutting-edge research, even as some security specialists question its value in the private sector.

For the first time, cybersecurity technology developed at Los Alamos National Laboratory in New Mexico will be made available to private companies by the New York consulting firm Ernst & Young LLP, the two organizations announced Tuesday.

“Government organizations and private companies are all experiencing the same cyber threats,” said Siobhan MacDermott, a principal for cybersecurity at EY. “But they’re still seeking ways to work together to improve collective cybersecurity.”

The partnership comes as government and companies face increasingly sophisticated hacking attacks. The head of the National Security Agency, Navy Admiral Michael Rogers, has estimated that the U.S. loses as much as $400 billion a year through hacks that steal trade secrets.

Some security analysts, however, question how successful the model will be because technology developed over the course of years at government facilities may not be relevant or useful to current company needs. Government researchers also operate in controlled environments, whereas the networks of corporations can be messy and sprawling.

“The premise is based on the idea that the government is somehow better at doing cybersecurity than the private sector,” said Frank Dickson, a research director for information and network security for consulting company Frost & Sullivan. “I think that’s a flawed concept.”

University Grants

The government might be more effective by providing grants to help universities train cybersecurity experts, Dickson said.

The relationship between Los Alamos and EY is unique in that cybersecurity technology being developed and used at the lab hasn’t easily reached the private sector.

The U.S. spends about $1 billion a year on unclassified cybersecurity research. However, it often goes unnoticed in the private sector because federal researchers don’t have expertise in marketing and communicating to companies. The inability to transfer the expertise is known as “the valley of death,” said Michael Fisk, chief information officer at Los Alamos.

That’s where EY comes in. The giant consulting company has been investing and growing its own cybersecurity practice.

Abnormal Activity

The first technology that will be transfered by EY is called PathScan, which detects abnormal activity on networks that indicates the presence of hackers. Uncovering hackers on networks has been a struggle for many companies. On average, attackers operate inside a victim’s network for more than 200 days before being detected, according to FireEye Inc., a network security company.

PathScan is being tested at five companies and already proving valuable, according to EY. The firm believes the relationship with the lab will be successful because technology being transferred has market value and will be combined with its other services and expertise, MacDermott said.

The process that led to the licensing agreement for PathScan took about three years. The technology was first identified as being valuable to commercial ventures by the Department of Homeland Security’s Science and Technology Directorate. It is the fourth to be transferred under a program managed by the agency.

It remains to seen how useful and relevant the technology currently is, said Vikram Phatak, chief executive officer and chairman of the board at NSS Labs Inc., a private company that independently tests cybersecurity technology.

Hacking attacks have become more sophisticated since 2012, including assaults on JPMorgan Chase & Co., Sony Corp. and the U.S. Office of Personnel Management.

Phatak said NSS Labs plans to test PathScan. Phatak said he wasn’t aware of any cybersecurity technology coming from the government that has had major commercial success.

“I wouldn’t bet the farm on it but it’s great that they’re trying to help,” he said. “It’s kind of like mother-made apple pie. Who’s going to be against that?”

A section on a Bloomberg website about corporate governance, called the Bloomberg Board Directors’ Forum, is sponsored by EY’s Center for Board Matters.

Before it's here, it's on the Bloomberg Terminal. LEARN MORE