4. Commercialization Plan

This section describes some options for commercialization and technology transfer that are being considered for DIMS deliverable products.

4.1. Intellectual Property

Under the terms of the Contract, Section C.3.4, the products of this project are to be released as open source under a selected open source license. As described in Section University approved release license, this license is the Berkeley Three-Part license.

4.2. Technology Transfer

No intellectual property disclosures to the University of Washington will result from this project. All technology transfer will result from uniform public access to the released open source code and documentation. That said, getting the open source products resulting from this contract to be widely used will not be simple, or easy. As Maughan et al [MBLT13] discuss, projects do not sell themselves and many attempts may be necessary (some resulting in failure) before success is achieved.

Outreach activities, and collaboration attempts during the project to date have shown that language, pictures, shared experience, and a clear description of the problems and proposed solution are important (yet simultaneously a challenge to achieve.) Still, the conversations we have had with multiple organizations are promising. Following sections list some of the organizations that have been approached about using, continuing to develop, or promoting the open source products resulting from this contract.

4.2.1. CSIRT Gadgets Foundation

Conversations with Wes Young and Gabe Iovino of the CSIRT Gadgets Foundation indicate that their foundation may be a good place for forks of the DIMS code, configuration, and documentation repositories to be housed and maintained similarly to the way the Collective Intelligence Framework is maintained. Additionally, there are opportunities working with the foundation to enhance CIF using DIMS products and lessons learned. This would be a natural place to take the techniques in system administration automation, Docker containerization and CoreOS clustering, and continuous integration of source components and system configuration.

4.2.2. Farsight Security

Farsight Security has expressed an interest in supporting continued development of DIMS components with letters of support and other political and social acts, but desires to be a client in future collaborations rather than a volunteer contributor. Further conversations with Farsight may explore possible interest in grants or contracts to provide financial support for further system integration efforts.

Farsight has been very generous in making architectural changes to the new (and soon-to-be publicly released ) Trident portal system that enable DIMS component integration with Trident. The DIMS team has been working with Farsight to facilitate red team application assessment that will help improve Trident.

4.2.3. PISCES Northwest

A not-for-profit entity known as the Public Infrastructure Security Collaboration and Exchange System (PISCES-NW, for “North West”) was recently formed. The Board of Directors is seeking grant funding to extend a regional SLTT security monitoring project (formerly known as the Public Regional Information Security Event Monitoring project, or “PRISEM”). Under this proposal, the PI will be engaged for a limited time in the initial phase as a sub-contractor, focused on assisting with implementation of selected DIMS open source products as requested by PISCES-NW. One of the PISCES-NW project’s objectives is to integrate DHS S&T-funded research products, which fits in line with values and objectives described in Sections Introduction and The Value Proposition.

4.2.4. Cyber Resilience Institute

The PI was invited to be on the Board of Directors of the Colorado-based Cyber Resilience Institute (CRI). DIMS products will be demonstrated to the CRI Board and considered for inclusion in pilot projects that CRI is pursuing, possibly in collaboration with educational institutions in the state of Colorado.

4.2.5. Other Security Companies

Conversations have taken place with other “stealth-mode” computer security companies, both in Washington state and elsewhere. Because of non-disclosure agreements, they will not be directly named here. The discussions have involved the possibility of using and contributing back to the DIMS open source code products, using them to complement internally-developed commercial products and services, and/or implementing custom deployments of DIMS+Trident components for customers to use in forming and operating trusted information sharing and security operations. Possible partnership between several of these companies is on the table, which could greatly accelerate continued development of products resulting from the DIMS contract.

[MBLT13]Douglas Maughan, David Balenson, Ulf Lindqvist, and Zachary Tudor. Crossing the “Valley of Death”: Transitioning Cybersecurity Research into Practice. IEEE Security & Privacy, 11(2):14–23, 2013.