NASA software finds cybersecurity niche
- By William Jackson
- Sep 04, 2002
TowerView Security maps security devices on an enterprise network and indicates alarm events with blue, yellow or red spikes.
In the early 1990s, NASA developed a suite of tools to manage streams of engineering data flowing back to the Jet Propulsion Laboratory from satellites and the Voyager, Galileo and Cassini deep-space missions.
'We were looking for different ways of displaying the data from spacecraft,' said Michael Hill, a team chief at JPL's Spacecraft Engineering Section in Pasadena, Calif.
At the time, Hill was technology manager for the Multimission Spacecraft Analysis System. The MSAS R&D team, managed by Ursula Schwuttke, was working on a rapid visual feedback system to replace screens of digits that relayed the health of a spacecraft.
One of the ideas they came up with was a cybergrid in which each data source is a point in a 3-D landscape. Unusual activity or statistically significant deviations appear as colored spikes.
For the next eight years, the R&D team worked on the collection agents and the analytic engine for the display. 'It's a very interesting and potentially useful technology that hasn't found its way into the toolbox at JPL yet,' Hill said. Technicians there still monitor spacecraft by staring at screens full of digits, he said.Real-time events
But Schwuttke said she thinks the technology has a future as a security analysis tool. She now is chief executive officer of High Tower Software Inc. of Aliso Viejo, Calif., a company formed to commercialize the NASA software.
The TowerView Security package can gather, interpret and display data from thousands of devices. Rather than relying on event logs to find out what happened after the fact, users can see real-time correlation of what is happening. 'What we do is show the deviation from normal,' Schwuttke said.
TowerView Security is the fourth commercial product developed by High Tower from NASA software. Portfolio Impact monitors investment performance, POS Secure monitors point-of-sale devices to prevent retail theft and fraud, and TowerView Clinical manages data from large pharmaceutical trials.
The security product is being beta tested by several federal agencies, which 'tended to bring us in because they needed to tie together stovepipes of security reporting,' said John Howard, vice president of marketing.
Hill said he is a little disappointed that the technology has not taken off at JPL.
'I hoped as we entered a new era of flying a lot of spacecraft we would be using this quite a bit,' he said. The rate of launches has increased to four or five a year, compared with one every four or five years back in the era of big-ticket space missions. But much of the development, testing and management of spacecraft now is outsourced to contractors that have their own systems.
The real barrier to adoption, however, seems to be attitude.
Analysts 'tend to be very data-oriented,' Hill said. Just as many hardcore PC users prefer the command line to the graphical interface, JPL technicians 'want to get right down to the details,' he said.
'They do not want a graphical display to interpret the big picture for them. Although the graphical technology is, I believe, better, it is not dramatically better. That's why I think the technology has potential in other areas that monitor massive amounts of data over a longer period of time.'
Schwuttke said TowerView Security can handle up to 10,000 events per second.
'We haven't found an application that overloads it yet,' she said.
The security package includes the processing engine, software agents to gather data from security devices, a data translation function and an encryptor. It comes with a library of interfaces for commercial firewalls, data intrusion systems, antivirus software, virtual private networks, servers and other devices whose data is translated for the analytic engine. Alerts can arrive by e-mail, pager and phone.Adjustments needed
It takes expertise to optimize the parameters for each networked device. TowerView Security has enough basic correlations to be set up within a week, but refining the settings takes time.
TowerView Security runs under Red Hat Linux, HP-UX or Sun Solaris on a 700-MHz x86 or a 300-MHz Sparc system with 512M of RAM and 1G of free storage. A complete package, including the processing engine, all agents, 10 agent servers, 10 cybergrid seats and unlimited Web views, starts at $250,000.
William Jackson is freelance writer and the author of the CyberEye blog.