You open your email and find a note from your boss asking you to pick up $500 in gift cards. It’s written in an unusual tone, sent in the middle of the night. You squint at every detail on the page, trying to find evidence of spam. Sure enough, the email address has a “1” where an “l” was. Phew, close call.

It's a daily inconvenience most have encountered, and many have fallen victim to. As our world becomes increasingly connected and data-driven, more security, personal, and financial information is added to the cloud. While the digital world becomes more robust, so do cyberattacks. Like white blood cells fighting an infection in the body, our defenses against those phishing attempts must also evolve.

Enter Oak Ridge National Laboratory (ORNL). The ORNL Cyber Resilience Intelligence Division developed two technologies to defend against those security breaches, both big and small:

• Heartbeat was created to detect otherwise invisible malware by monitoring a device’s power consumption; when a software’s power usage spikes for no apparent reason, it can be a red flag that malware has infected it.
• Situ quickly and effectively identifies and explains suspicious activities that other technologies might miss. When unusual activity is detected, Situ uses constantly updated data to determine the likelihood that the activity is a threat.

Working individually or in tandem, Heartbeat and Situ help prevent networks from being compromised by malware strong enough to unearth state secrets and cause untold financial damage.

The technologies allow defense operators to focus their limited time and effort on other aspects of the job while Heartbeat and Situ do detailed, essential legwork identifying and delaying threats. By helping operators use their time more effectively, Heartbeat and Situ increase efficiency across the board.

U2opia Technology — a consortium of scientific, technology, and senior administrative executives with experience in industry and defense — began collaborating with ORNL in 2022. They lauded the technologies for their flexibility, user-friendliness, and accuracy. Ultimately, U2opia licensed both technologies.

The technology transfer journey was unique in that U2opia proactively engaged ORNL scientists to develop a large-scale approach to curtailing massive cyber breaches in the U.S., which led to the licensing agreement for both Heartbeat and Situ. U2opia was persistent and innovative throughout the process, and they collaborated with ORNL to develop a platform that would ensure a more cybersecure future. They also worked with ORNL to create a roadmap of the technology transfer process for small businesses working with federal labs, which will prove crucial in future partnerships. As U2opia conducted its research into technology transfer opportunities, one former Department of Energy (DOE) technology transfer executive offered guidance that amounted to, “There is no blueprint for small business partnerships in this industry; you have to blaze your own trail.”

Blaze it, they did. Since receiving the Research & Development license for the technologies, U2opia added an advisor on the technology transfer process, secured testing partners, and completed commercialization testing of both Heartbeat and Situ.

U2opia plans to fully integrate the ORNL technologies into their anomaly detection system to deliver advanced security capabilities, with a focus on government testing and healthcare systems. Threats to America’s national security continue to emerge at a rapid pace and need the enhanced digital security that Heartbeat and Situ can provide.

Improving cyber security is also essential for small businesses, which don’t always have the financial resources to allocate to research, development, and implementation of cyber security software. According to Maurice Singleton III, CEO of U2opia, 50% of all small businesses that experience a cyber security breach go out of business because of it. U2opia hopes to transform the small business landscape with equitable access to these defense resources, a priority they share with the DOE.

Heartbeat remains under development, but Situ is currently under presentation and in consideration for use in the banking, communication, and defense industries. Singleton expects Situ to be deployed in the market during the second quarter of 2025.

No matter when it happens, ORNL and U2opia’s work may put cyber security defense one step ahead of dangerous actors pushing malware to an inbox near you.

This technology received a 2024 FLC Award for Excellence in Technology Transfer. Learn more here and discover more awardees in our Honors Gallery.

Oak Ridge National Laboratory is managed by UT-Battelle for the Department of Energy’s Office of Science, the single largest supporter of basic research in the physical sciences in the United States. The Office of Science is working to address some of the most pressing challenges of our time. For more information, please visit energy.gov/science.