In October, Ithaca company GrammaTech received a $9 million grant from the U.S.
Government’s Office of Naval Research for research and development (R&D) on cybersecurity and the protection of software from cyberattacks.
The company was founded in 1988 by Cornell University professor Tim Teitelbaum. Over the past thirty years, GrammaTech has received research grants from the Air Force Research Laboratory, the Defense Advanced Research Projects Agency (DARPA), the Department of Homeland Security, the Missile Defense Agency, the National Aeronautics and Space Administration (NASA), the National Institute of Standards and Technology, the National Science Foundation, the Office of the Secretary of Defense, and the United States military.
This grant, the largest single contract the company has received, comes from the Department of Naval Research. Rodney Fleming, marketing manager at GrammaTech, explains its purpose: “The contract is to shrink the attack servers on legacy systems. Legacy systems are any systems that have embedded code, and can be any age, as long as they are already in existence.” Due to being outdated and often involving numerous modifications, patching, and adjustments in order to function, legacy systems have increased vulnerability to malware and cyberattacks.
GrammaTech as a company mainly focuses on developing their product CodeSonar, a
highly advanced static analysis tool. Static analysis is a method of debugging that only analyzes the code in a system, not running the program or viewing system operation to detect defects through operation. CodeSonar is a program that enters systems to automatically parse out code that is no longer needed. This makes the systems more secure and allows programs to run more efficiently. CodeSonar is deployed for embedded, automotive, medical, industrial automation, and aerospace and defense systems. The program is distributed and used internationally.
GrammaTech is a proactive company, not a reactive one, according to Fleming, who says that CodeSonar is one of the most sophisticated static analysis tools on the market. “Proactive software scans sources during the development phase, using static or dynamic analysis tools to find bugs or flaws, rather than deploying it after the fact,” says Fleming. “It costs exponentially more money to fix things after the fact instead of having done so during the development phase, and it enables companies to save face and save money.”
Last year, two hundred teams applied to be part of the DARPA Cyber Grand Challenge, in which DARPA held a contest to sponsor cybersecurity research. Each team built a server that competed with every other server, each one patching themselves and trying to hack the others, essentially playing offense and defense simultaneously. The GrammaTech team was among the top seven teams, who then competed against one another in autonomic computing and binary coding.
GrammaTech’s team TECHx earned a $1 million prize for second place when they created the robot Xandra, a stand-alone Cyber Reasoning System that went into other systems to hack them and patch itself with no one at the keyboard. This task was in fact parallel to the research the final grant would be for, and was a component of why the company received the much larger grant from the Office of Naval Research.
“Anything connected to the Internet of Things can be hacked or tampered with in
virtually any way,” says Fleming. This includes everything from electric coffee grinders to military aircraft to vital state infrastructure. “Anything that has embedded code can be manipulated.”
In 2014, for example, Toyota cars had problems accelerating and braking properly, which was directly linked to 31 accidents and the deaths of 12 people. The software that Toyota installed had caused cars to accelerate nonstop, though the cause was originally unknown. GrammaTech, using its binary analysis program, detected more defects in the Toyota system’s code than any tool that used only static analysis. The program helped prevent countless deaths and held the Toyota company accountable—the company had implied the crashes were the fault of the vehicles’ drivers, and had evaded taking responsibility for the accidents as being the fault of defective code. Due to numerous lawsuits, the company ended up having to pay $1.2 billion in settlements, which The Washington Post estimated as totalling around a third of Toyota’s 2013 profits.
In 2010, NASA partnered with GrammaTech to employ CodeSonar to improve the accuracy and quality of NASA’s software and to identify and fix defects. The performance of the NASA Space Network is critical to space science, spaceflight, and space missions, and to data used in earth science. CodeSonar detected 585 defects in the code of several NASA Space Network software programs, 59 of which were determined to be urgent, and dealt with them using CodeSonar. There were 1.18 defects detected per thousand lines of code, and CodeSonar has made the NASA security system one of the best in the industry.
“Cyberattacks go way deeper than the majority of the population thinks,” Fleming says. “They’re going to keep happening, which is why it’s especially important to be proactive instead of reactive.”
GrammaTech has publicized the grant in the community and is especially interested in hiring locally. “We’re hiring for fifteen to twenty positions right now and focusing specifically on the Ithaca area,” Fleming says. “We want to hire people who are already in Ithaca and also to recruit people to move to Ithaca.” GrammaTech employs roughly eighty people, fifty of whom work at their base in Ithaca. More than twenty GrammaTech employees have PhD’s in computer science-related fields.
With the Department of Naval Research contract, GrammaTech will help Ithaca’s local
economy through hiring more people. The company is working with the Ithaca Chamber of
Commerce in order to recruit more employees. Surprisingly, few people know that GrammaTech exists in Ithaca, Fleming observes. “You don’t picture an advanced, massive tech company here in Ithaca.” However, GrammaTech is very active in the local community, mainly with Cornell University. The company has sponsored the Cornell Hackathon for several years, and also runs programs in which GrammaTech employees mentor students majoring in fields relating to computer science.
Going into tech and working on cybersecurity issues is “rewarding, extremely interesting, and critically important,” Fleming says. To high school students, he says: “If this is something you’re interested in, go for it, and major in computer science in college.”