WASHINGTON — In a first for the Air Force’s new information warfare entity, the service inked patent license agreements with the private sector for code it developed in house to detect software vulnerabilities.
The software, called Whiddler, scans files on a network and calculates the probability of whether a file is malicious. It looks for suspicious items that don’t have a signature and therefore might escape antivirus software that scans for known problematic signatures.
The first agreement was in December 2020 and the second in May 2021. The agreements are the first for organizations under 16th Air Force, however, not the first within the Air Force itself.
The Air Force signed a cooperative research and development agreement, or CRADA, with the first company, and officials said they are working on another with the second company. The service did not name the companies or disclose the dollar amounts for the agreements.
Under these agreements, the companies can use the technology developed by the 90th Cyberspace Operations Squadron and transfer it to the private sector to better identify software risks on networks.
Officials said completing these deals has multiple benefits for not just the Air Force or Department of Defense, but potentially for the larger commercial ecosystem.
It provides “the ability to improve our technology that maybe we ourselves are no longer maintaining,” Rebecca Lively, deputy director of the 90th Cyberspace Operations Squadron, told C4ISRNET in an interview. “Through that cooperative agreement, we are able to reap the benefits of those improvements at no cost to the government or at least to now cost to our unit.”
With the technology transferred to a third party, the government can choose whether its wants to adopt improvements to the code that the companies make.
The companies can modify and improve the code and sell it to industry, making the larger community more secure, officials said. The arrangement keeps the government removed from marketing to industry but provides an advanced tool to some businesses with proprietary detection methods that hackers haven’t learned to defeat.
“I think that’s the intent of technology transfer as a whole is that ability to take something that the government has invested funds in, taxpayer funds and let it benefit the taxpayers more broadly than we do just in the DoD,” Lively said.
As a result, the Air Force is helping companies better protect consumers and companies from cyber threats, said Eric Rosenberg, chief of cyber intellectual property law at the 67th Cyberspace Wing.
A big pillar of the DoD’s approach to cybersecurity is enabling others. Many experts have referred to the need for a so-call whole-of-society approach to cybersecurity that combines the government and private sector efforts to create a more stable cyberspace.
“The United States government, in tandem with industry partners, must improve its defensive posture to prevent and or minimize the impacts and impose cost in time and money on those who exploit such vulnerabilities and target American companies and citizens,” Gen. Paul Nakasone, commander of U.S. Cyber Command, told the House Armed Services Committee in May.
Officials also noted another benefit for the DoD in inking these patent license agreements with the private sector for recruitment and retention.
“People want to see their work published, and people want that recognition that you can get by being an inventor on a genuine patent. That’s something especially in the more classified environment we don’t see as often,” Lively said. “We have the ability to leverage these patents license fees that are coming back to pay bonuses to the inventors or who helped that collaboration … That’s a huge piece there, but again, it adds a little to recruiting and retention and it ties to being able to reward our folks.”
Rosenberg also noted that these licensing agreements validate a certain maturity of the labs within the 67th Cyberspace Wing and 16th Air Force.
“I think it shows that we developed as a lab and we’re able to pull off more and more sophisticated technology transfer agreements,” he said. “I think that sets the stage for us to engage in more complicated in cooperation with the private sector.”
Mark Pomerleau is a reporter for C4ISRNET, covering information warfare and cyberspace.