Shared technology, shared defense: Spinning out the Vulnerability Tool Suite
One of NSA's critical missions is creating tools and techniques to provide information assurance and computer network defense for systems and networks throughout the US government. One such product is the Vulnerability Tool Suite (VTS).
The VTS is a collection of software and hardware computer network defense tools that has been developed to support the warfighter and critical national security communications systems. Typical components include methods to detect unauthorized hardware and software installations as well as tools to monitor system baseline configurations. NSA shares this toolset with military and civilian government organizations using a mechanism called a technology transfer sharing agreement (TTSA) administered by NSA's Technology Transfer Program (TTP).
Unlike patent license agreements, TTSAs are effectively no-cost licenses allowing other government agencies and partners to obtain proprietary NSA technology through interagency agreements. After entering into a TTSA with NSA, recipient agencies and partners are provided access to specific technologies, periodic updates and upgrades, and in some cases, training. All TTSAs contain standard legal references regarding intellectual property rights and each party's responsibilities. TTSAs typically are in place for three years.
In the case of the VTS, the TTP and the Information Assurance Directorate (IAD) are the primary interfaces between NSA and potential recipients. The IAD sends the VTS referrals to the TTP on a nearly daily basis and the IAD and TTP work collaboratively to execute the agreements. The TTP and IAD also showcase the VTS at various workshops and conferences throughout the year. The TTP and IAD meet periodically to update the VTS toolset contents and protection plan parameters.
As a result of the collaboration between the IAD and TTP, the VTS makes up almost 40% of all TTSAs executed by the Agency. Since mid-2007, NSA's TTP has executed 123 TTSAs for the VTS. The VTS TTSA is just one example of how NSA is providing collaborative network assurance and cyber defense to all agencies of the US government.
View PDF version of this article (149 KB)