The growth in foreign and harmful cyber intrusions threatens national security and commerce, but for a group of small companies, it’s an opportunity to grow in an expanding market.
Within weeks of President Donald Trump’s May 11 executive order on strengthening the nation’s cybersecurity, ClearArmor Corporation, a high-tech startup in eastern Pennsylvania, closed a licensing deal for a Navy Security Content Automation Protocol (SCAP) Compliance Checker.
The deal comes as the cybersecurity sector continues to grow. The International Data Corporation forecasts worldwide revenues for security-related hardware, software, and services will grow from $73.7 billion in 2016 to $101.6 billion in 2020.
The SCAP Compliance Checker allows systems administrators to evaluate an organization’s defenses against hackers and malicious code using the federal government’s vulnerability database. It was developed at the Space and Naval Warfare Systems Command–Systems Center Atlantic, also known as SSC Atlantic, in Charleston, South Carolina.
“SSC Atlantic’s work here is on the cutting-edge of cybersecurity, and being able to add these military-grade, trusted features to our solution will be a real benefit for our customers,” said Jim Goepel, vice president of ClearArmor.
Goepel, an attorney that previously worked for a Navy partner, the Johns Hopkins Applied Physics Laboratory, was familiar with some of the government’s cybersecurity research efforts when ClearArmor was founded in 2016.
Goepel said the president’s executive order helped cement the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) as the de facto standard for evaluating an organization’s cybersecurity risk management strategy. It also reinforced their decision to pursue the Navy technology that meets the standard.
ClearArmor’s thesis is that organizations don’t properly consider the potential losses and other implications associated with cyber-attacks, and need to treat cybersecurity as a business-level risk akin to financial risks, not just as a technology issue that can be delegated to IT staff. They believe that the shift to a business-oriented approach to cybersecurity is a disruptive but necessary change that will empower leaders to better govern their organizations’ cybersecurity.
ClearArmor’s primary product is a Cybersecurity Resource Planning (CRP) solution which provides a leadership-driven, NIST CSF-based approach to cybersecurity. The CRP solution has two components. The first is what they call Momentum Methodology, which defines an organization from a business perspective, and maps the business definition to its IT assets. The second is the Intelligent Cybersecurity Platform, which provides the organization’s executives with a business-focused framework for communicating with their network security staff. The platform also uses bots to constantly monitor and report on the execution of key elements of the cybersecurity plan.
“Our team members have diverse backgrounds,” Goepel said, “but one of the things we all recognized early on was that many IT security teams are so busy dealing with the day-to-day problems that basic cyber hygiene can fall by the wayside–it can be much harder to implement than you might think.”
ClearArmor uses bots to automate cyber hygiene functions, such as: identifying all the devices connected to its network, including servers, networking equipment, workstations, printers, and Internet of Things devices; whitelisting hardware, including alerting when new devices are detected; gathering detailed software information from detected devices, including software usage information and attribute information not found in the registry; detecting file-level changes and preventing the execution of unapproved software (i.e., baselining and software whitelisting); and, validating that patches have been properly applied to systems.
To round things out, SSC Atlantic’s SCAP Compliance Checker will give ClearArmor’s platform a configuration checking and vulnerability scanning component.
“We reviewed several commercial and open source tools, and we have already begun the process of integrating some of their capabilities into our platform, but we were really impressed with the robustness of the Navy’s SCAP checker and saw that it added additional capabilities, that’s why we were so excited to be able to add it to our solution,” said Goepel.
“We are really proud to be the first and only company to license the technology,” Goepel said, “and are looking forward to expanding our work with the Navy.”
The deal took just four months to complete and was guided by Micahel Merriken, manager of SSC Atlantic’s technology transfer office in Charleston, and Sean Patten, TechLink’s software licensing lead in Bozeman, Montana.
“This is what we do, grow the economy by helping entrepreneurs leverage federally funded R&D,” Merriken said. “It might not make a big headline, but this is good government, our technology is top-notch and licensing it is a bonus for the taxpayer’s investment.”
Patten said he’s working with other firms on accessing the same technology, but that ClearArmor has a head start and an open path forward.
“They’ve got some good experience and their vision of the kind of company they want to be is clear,” Patten said. “They were easy to work with and I was happy to help. Plus, the SSC Atlantic’s staff are really sharp so it was a pretty smooth deal.”
Troy Carter can be reached at email@example.com or 406-994-7798.