DHS S&T Cyber Security Division (CSD)
“Strategic” Vision
Homeland Security Advanced Research Projects Agency
Douglas Maughan
Division Director
December 16, 2014
Presenter’s Name June 17, 2003
Presentation Outline
Why are we here today?
Cyber Threat landscape has changed over the past several years
Early investments by CSD
Comprehensive National Cybersecurity Initiative (CNCI)
Established in the Bush White House
Continued in the Obama Administration
Sunsetted in FY14
Federal R&D Strategic Plan
Research Requirements Process
CSD Mission and Strategy
Broad Agency Announcement (BAA) 11-02
14 Topics 36 Awards
Technology Transition
Branching out internationally
Presenter’s Name June 17, 2003
Malware – Malicious software to disrupt
computers
Viruses, worms, …
Theft of Intellectual Property or Data
Hactivism – Cyber protests that are
socially or politically motivated
Mobile Devices and Applications and
their associated Cyber Attacks
Social Engineering – Entice users to click
on Malicious Links
Spear Phishing – Deceptive
communications (E-Mails, Texts, Tweets)
Domain Name System (DNS) Attacks
Router Security – Border Gateway
Protocol (BGP) Hijacking
Denial of Service (DOS) – blocking
access to web sites
Others …..
Bottom Line: Easier to be a bad guy
and volume of threats is growing
Cyber Threats and Sources
Nation States Cyber Criminal Organizations
Hackers/Hacktivists
Insider Threats Terrorists, DTOs, etc. 37 April 2004
4Research Activities
Already Initiated
DHS / NSF Cybersecurity Testbed
Large-scale Network Security Research Testing and
Evaluation Datasets
National Strategy to Secure Cyberspace
Secure Domain Name System (DNSSEC)
Secure Routing Infrastructure (e.g., BGP)
8 June 2005
5BAA04-17 Awards
TTA Type ID PI Organization Full Proposal Title Funding Amt.
1 II 3 University of California, Irvine Adding Mandatory Access Control to Java VMs $312,483 2 I 5 GrammaTech, Inc Model Checking Software Binaries $442,011 2 I 9 Stanford University Open Source Hardening Project $1,241,276 2 II 1 Komoku, Inc. Copilot - A High Assurance and Independent Security Auditor $1,165,416 2 II 3 Georgia Institute of Technology Preventing SQL Code Injection by Combining Static and
Runtime Analysis
$390,019 3 II 5 University of Delaware Benchmarks for evaluation of DDoS defense systems $533,716 4 I 1 Princeton University Incrementally Deployable Security for Interdomain Routing $312,483 4 II 13 Adventium Labs Embedded Firewall for Robust Protection of Mission Critical
Operations
$821,796 4 II 20 George Mason University Enhanced Topological Vulnerability Analysis and Visualization $1,100,000 4 III 2 Telcordia Technologies AVACC: Automated Vulnerability Assessment of Critical
Cyber-Infrastructure Through Policy-based Configuration Synthesis
$500,000
5 I 4 University of Michigan, Ann Arbor Secure Coordination and Communication in a Crisis Using Hand-held Devices
$1,352,549 5 I 8 Dartmouth College M.A.P. (Measure, Analyze, Protect): security through
measurement for wireless LANs
$1,698,545 6 I 1 BBN Technologies ZombieStones: Attack Tracing Across Events Separated in
Time
$384,892 6 II 4 Southwest Research Institute Single Packet IP Traceback Through Internet Autonomous
Systems
$1,224,799 7 I 2 Stanford University SpoofGuard Anti-Phishing Technologies $766,671
7 II 4 McAfee, Inc. Phisherman $887,142
7 II 7 BBN PhishBouncer- An Architectural Approach to Defending Against Phishing Attacks
4 April 2008
6BAA07-09 Awards
TTA Type PI Organization Paper Title Time Proposed
Funding 1 II Georgia Institute of Technology
Countering Botnets: Anomaly-Based Detection, Comprehensive Analysis,
and Efficient Mitigation 24 $ 1,050,730 2 I IBM Thomas J. Watson Research Center
Montage: A Methodology for Designing Composable End-To-End Secure
Distributed Systems 36 $ 900,000 2 II Secure64 Software Corporation
Automating the Chain of Trust: Secure Interzone Key Management for
Large Scale DNSSEC Deployments (Project Acronym: SCOTTY) 36 $ 1,242,815 2 II Packet Clearing House, Inc. INOC-DBA, VoIP Network Security 24 $ 600,000 4 I CA FloViS: Flow Visualization System 30 + 6 $ 925,050 4 II
Secure Decisions division of Applied Visions,
Inc. Visualization Toolkit for NetFlow Analytics 12 + 10 $ 617,098
5 I
The Regents of the University of California; UC San Diego
leveraging the science and technology of Internet mapping for homeland
security 18+12+6 $ 1,582,467
6 II Colorado State University WIT: A Watchdog System for Internet Routing 24 $ 1,500,000 6 III Packet Clearing House, Inc. BGP Routing Integrity Checker and Prefix-List Filter Generation Tool 12 $ 450,000 7 I Digital Bond, Inc. Passive Security Log Generation for Control Systems 12 $ 475,000 7 III Sandia National Laboratories Secure and Reliable Wireless Networks for Critical Infrastructure Facilities 12 $ 643,000 8 II John Hopkins University
New Frameworks for Detecting and Minimizing Information Leakage in
Anonymized Network Data 24 $ 928,682 9 I Washington State University Insider Threat Detection Using a Graph-based Approach 20 + 4 $ 327,667 9 II Dolphin Technology Inc. Document-based Management, Access Control and Security (DocuMACS) 18 + 6 $ 1,165,000 TOTAL $ 12,407,509
7
Comprehensive National Cybersecurity
Initiative (CNCI)
Reduce the Number of Trusted Internet Connections Deploy Passive Sensors Across Federal Systems Pursue Deployment of Automated Defense Systems Coordinate and Redirect R&D Efforts
Establish a front line of defense
Connect Current Centers to Enhance Situational Awareness
Develop Gov’t-wide Counterintelligence
Plan for Cyber
Increase Security of the Classified
Networks
Expand Education
Resolve to secure cyberspace / set conditions for long-term success
Define and Develop Enduring Leap Ahead
Technologies, Strategies & Programs
Define and Develop Enduring Deterrence Strategies & Programs
Manage Global Supply Chain Risk
Cyber Security in Critical Infrastructure
Domains
Shape future environment / secure U.S. advantage / address new threats
Presenter’s Name June 17, 2003
Federal Cybersecurity R&D Strategic Plan
Science of Cyber Security
Research Themes
Tailored Trustworthy Spaces
Moving Target Defense
Cyber Economics and Incentives
Designed-In Security (New for FY13)
Transition to Practice
Technology Discovery
Test & Evaluation / Experimental
Deployment
Transition / Adoption / Commercialization
Support for National Priorities
Health IT, Smart Grid, NSTIC (Trusted
Identity), NICE (Education), Financial
Services
Released Dec 6, 2011
http://www.whitehouse.gov/blog/2011/12/06/f ederal-cybersecurity-rd-strategic-plan-released
Presenter’s Name June 17, 2003
CSD Research Requirement Inputs
Departmental Inputs
• QHSR 2009 & 2014 • Blueprint
• NPPD/CS&C/NCCIC • ICE HSI / IPR
• USSS • CBP • USCG • TSA • DHS CIO/CISO Councils State/Local • S&T First Responders Group • FRAC/TTWG • SWGDE (FBI)
CSD
International Collaborations 9 White House/NSS • National Strategy 2003 • Comprehensive NationalCybersecurity Initiative (CNCI) • EO 13636/PPD 21
• National CISR R&D Plan (in progress)
• Transition to Practice (TTP) • Cyber Economic Incentives
Research
• National Initiative for Cybersecurity Education (NICE)
• Cybersecurity Framework Support
Interagency Collaboration
• Cyber Security and Information Assurance (CSIA) IWG • SCORE – Classified R&D WG • Cyber-Physical Systems (CPS) SSG • Big Data SSG • Cyber Forensics WG Critical Infrastructure Sectors (Private Sector)
• Energy (Oil & Gas, Electric Power)
• Banking and Finance • Communications/IT • Cross-Sector Cyber
Presenter’s Name June 17, 2003
CSD Mission & Strategy
10
REQUIREMENTS
CSD MISSION
Develop and deliver new technologies, tools and techniques
to defend
and secure current and future systems and networks
Conduct and support
technology transition
efforts
Provide
R&D leadership and coordination
within the government,
academia, private sector and international cybersecurity community
CSD STRATEGY Trustworthy Cyber Infrastructure Cybersecurity Research Infrastructure Network & System Security and Investigations Cyber Physical Systems Transition and Outreach Government Venture Capital IT Security Companies Open Source International
Stakeholders Outreach Methods (Sampling)
Technology Demonstrations Program Reviews
Speaking Engagements
Social Media Media Outreach
Presenter’s Name June 17, 2003
CSD R&D Execution Model
Research, Development, Test and Evaluation & Transition (RDTE&T)
"Crossing the ‘Valley of Death’: Transitioning Cybersecurity Research into Practice,"
IEEE Security & Privacy, March-April 2013, Maughan, Douglas; Balenson, David; Lindqvist, Ulf; Tudor, Zachary
http://www.computer.org/portal/web/computingnow/securityandprivacy
Successes
Over 30 products transitioned since 2004, including:
• 2004 – BAA 04-17
– 5 commercial products – 2 Open Source products
• 2005 – BAA 05-10 (RTAP)
– 1 commercial product – 1 GOTS product
– 1 Open Source product
• 2007 – BAA 07-09
– 2 commercial products
• 2011 – BAA 11-02 (more to come)
– 1 Open Source product – 1 Research Infrastructure
• Law Enforcement Support
– 2 commercial products – 1 Open Source product
– Multiple Knowledge products
• Identity Management
– 1 Open Source standard and
GOTS solution
• SBIRs
– 8 commercial products – 1 Open Source product
Presenter’s Name June 17, 2003
International Bilateral Agreements
Government-to-government cooperative activities for 13 bilateral Agreements
S&T International Engagements
• Canada (2004) • Australia (2004) • United Kingdom (2005) • Singapore (2007) • Sweden (2007) • Mexico (2008) • Israel (2008) • France (2008) • Germany (2009) • New Zealand (2010) • European Commission (2010) • Spain (2011)
• Netherlands (2013) COUNTRY PROJECTS MONEY IN JOINT MONEY OUT
Australia 3 $300K $400K Canada 11 $1.8M Germany 1 $300K Israel 2 $100K Netherlands 7 $450K $1.2M $150K Sweden 4 $650K United Kingdom 3 $1.0M $400K $200K New Zealand 1 Japan 1
Over $6M of
International
co-funding
12Presenter’s Name June 17, 2003
Presenter’s Name June 17, 2003
Presentation Outline
Where are we going?
Solicitations
FY14 BAA (Funded FY15-17)
SBIR
Long-Range BAA
Collaboration Sessions – Wed. afternoon
Security Culture (Sweden’s SECUR-IT Initiative)
Cyber Experimentation for the Future
Security of Open Source Solutions
Economics of Cybersecurity
International Partners Open Discussion
Cyber Apex – Banking and Finance Sector
Large-scale technology integration and demonstration
National Critical Infrastructure Security and Resilience R&D
Strategic Plan
National Initiative on Cybersecurity Education (NICE)
Presenter’s Name June 17, 2003
Anticipated Schedule
23 Apr: BAA released incl. to participating countries
$95M over 5 year period
https://www.fbo.gov/spg/DHS/OCPO/DHS-OCPO/HSHQDC-14-R-B0005/listing.html
S&T BAA Website:
https://baa2.st.dhs.gov
1 June+: Publish BAA Topic Calls
Open to all respondents – foreign and domestic
June 2014 – March 2015: BAA White Paper and
Proposal Review process and Contracting Activities
2014 Broad Agency Announcement
15
International Collaborations
Presenter’s Name June 17, 2003
Data Privacy:
http://go.usa.gov/8JZ9
TTA #1 - Privacy Policy Compliance
Tools
TTA #2 - Privacy-Preserving
Federated Search
TTA #3 - Mobile Computing Privacy
Mobile Tech Sec:
http://go.usa.gov/8JBY
TTA #1 - Mobile Device
Instrumentation
TTA #2 - Transactional Security
Methods
TTA #3 - Mobile Security Mgmt Tools
TTA #4 - Protecting Mobile Device
Layers
CPSSEC:
http://go.usa.gov/8JBQ
TTA #1 - Security Models and
Interactions
TTA #2 - Secure System Design
and Implementation
TTA #3 - Experiments and Pilots
DDoSD:
http://go.usa.gov/8JBB
TTA #1 - Measurement & Analysis
to Promote Best Current Practices
(BCP 38, SAC004)
TTA #2 - Tools for Communication
and Collaboration
TTA #3 - Novel DDoS Attack
Mitigation and Defense Techniques
2014 BAA – Topics
Presenter’s Name June 17, 2003
Important program for creating new innovation and
accelerating transition into the marketplace
Since 2004, DHS S&T Cyber Security has had:
74 Phase I efforts
28 Phase II efforts
4 Phase II efforts currently in progress
10 commercial/open source products available
Four acquisitions
Komoku, Inc. (MD) acquired by Microsoft in March 2008
Endeavor Systems (VA) acquired by McAfee in January 2009
Solidcore (CA) acquired by McAfee in June 2009
HBGary (CA) acquired by ManTech in February 2012
S&T BAA / SBIR Website:
https://baa2.st.dhs.gov
Small Business Innovative Research
(SBIR) - 1
Presenter’s Name June 17, 2003
FY04
Cross-Domain Attack Correlation
Technologies (2)
Real-Time Malicious Code
Identification (2)
Advanced SCADA and Related
Distributed Control Systems (5)
FY05
Hardware-assisted System
Security Monitoring (4)
FY06
Network-based Boundary
Controllers (3)
Botnet Detection and Mitigation (4)
FY07
Secure & Reliable Wireless
Comms for Control Systems (2)
FY09
Software Testing and Vulnerability
Analysis (3)
FY10
Large-Scale Network
Survivability, Rapid Recovery,
and Reconstitution (1)
FY11
Mobile Device Forensics (1)
FY12
Moving Target Defense (2)
Solid State Drive Analysis (1)
FY13
Hybrid Analysis Mapping (2)
Software Based Roots of Trust
for Enhanced Mobile Device
Security (3)
FY14
Embedded System Security
FY15
Enhanced Distributed Denial of
Service Defense
Small Business Innovative Research
(SBIR) - 2
Presenter’s Name June 17, 2003
S&T seeks R&D projects for revolutionary, evolving, and
maturing technologies that demonstrate the potential for
significant improvement in homeland security missions
and operations
Offerors can submit a pre-submission inquiry prior to
White Paper submission that is reviewed by an S&T
Program Manager
CSD has 18 Topic Areas (CSD.01 – CSD.18) – SEE
NEXT SLIDE
LRBAA 14-02 – open 2/25/2014, closes 12/31/2018
Additional information can be found on the Federal
Business Opportunities website (
www.fbo.gov
)
(Solicitation #:DHSST-LRBAA14-02)
DHS S&T Long Range Broad
Agency Announcement (LRBAA)
Presenter’s Name June 17, 2003
CSD.01 –National Critical
Infrastructure Security and Resilience
(CISR) R&D Strategic Plan topics
CSD.02 – Internet Infrastructure
Security
CSD.03 – Cyber Experimentation for
the Future
CSD.04 –Homeland Open Security
Technology
CSD.05 – Forensics support to law
enforcement
CSD.06 – Identity Management
CSD.07 – Data Privacy and
Information Flow technologies.
CSD.08 – Software Assurance
CSD.09 – Cyber security education,
competitions, and curriculum
development.
CSD.10 – Cyber-Physical Control and
Process Control Systems Security
CSD.11 – Internet Measurement and
Attack Modeling
CSD.12 – Securing the mobile
workforce
CSD.13 – Insider Threats
CSD.14 – Experiments and Pilots –
Test and evaluation in experimental
operational environments to facilitate
transition.
CSD.15 – Cybersecurity Economic
Incentives, Insurance, and Behaviors
CSD.16 – Data Analytics – analysis
techniques, visualization
CSD.17 – Predictive Analytics
CSD.18 – Distributed Denial of Service
Defense
LRBAA Summary Listing
Presenter’s Name June 17, 2003
Collaboration Sessions
Sweden’s Security Culture and Information Tech - SECURIT
The objective of this session is to share what our Swedish partners are doing, how it’s worked, and how can we incorporate this into what we are doing.
Cybersecurity Experimentation of the Future
In order to address evolving cyber challenges researchers need an accessible, broad, and multi-organizational cybersecurity experimentation capability that
supports tomorrow’s research. The objective of this session is to share a plan and roadmap and seek your feedback through open dialogue.
Issues and Challenges in Transitioning Open Source Solutions
This session will discuss challenges and opportunities related to open source. Participants are encouraged to bring questions on open source policies, examples of open source successes and failures, and help determine how DHS S&T CSD can best help promote successful open source transitions.
Economics of Cybersecurity
The objective of the session is to discuss how economic considerations might affect the ultimate transition and utility of the various cyber security measures being developed through CSD’s research program.
International Partners Open Discussion
International partners will be available to discuss additional questions not addressed in the International Panel Discussion.
Presenter’s Name June 17, 2003
Screening at Speed: Security that Matches the Pace of Life
A Trusted Cyber Future: Protecting Privacy, Commerce and
Community
In a future of increasing cyber connections, underlying digital infrastructure
will be self-detecting, self-protecting and self-healing. Users will trust that
information is protected, illegal use is deterred, and privacy is not
compromised. Security will operate seamlessly in the background.
Enable the Decision Maker: Actionable Information at the Speed
of Thought
Responder of the Future: Protected, Connected, and Fully
Aware
Resilient Communities: Disaster-Proofing Society
The Future at DHS S&T
Presenter’s Name June 17, 2003
MOU between DHS S&T,
NIST, and FS Sector
Coord Council (FSSCC)
in coordination with WH
Framework for
public-private collaboration on
R&D projects for the FS
1) to facilitate innovation,
2) to identify and overcome
cybersecurity
vulnerabilities, and
3) to develop more efficient
and effective processes
that benefit critical
financial services
functions and other
critical infrastructures
Public-Private R&D Partnerships
What are the core cybersecurity problems we
are trying to address?
24
•
Compromise of the cyber fabric underlying our
nation’s critical infrastructure (CI) is a threat to US
national security
•
70% of critical infrastructure companies have been
hit with breaches in the past year
– Source: 2014 Survey from Unisys and Ponemon Institute
•
Perimeter-based defense is not sufficient for
well-resourced adversaries
– Mandiant reports that nearly 100% of it victims have
up-to-date virus software; many observe best practices in network monitoring, firewall filtering, and intrusion detection
•
Adversaries are on our systems and networks without our knowledge
•
Understanding of the cyber situation is often inaccurate or only achieved
forensically, after the fact
•
Lack of a strong repertoire of response mechanisms that can neutralize the
impact of adversary presence while still allowing the sector to maintain an
adequate level of operating functionality
243 – Median days attackers are on the network before being discovered - Mandiant
•
Existing fragilities exist in the core of the
financial sector, arising from purely
profit-seeking behavior:
- Complex interdependencies (LTCM)
- Increased automation (Knight Capital)
- Size and speed of data flow (May 2010 Flash-crash)
•
Known penetration of sector networks by
sophisticated adversaries
- NASDAQ
- JP Morgan (reported at 76M)
•
Clear and growing risk to
national security
when the two combine
Initial Focus on the Financial Services Sector
(FSS)
25
[The report] ”…portrayed a market so fragmented and fragile that a single large
trade could send stocks into a sudden spiral. ”
- Wall Street Journal summary of the SEC and CFTC joint after action report on the May
Technical Approach Overview
26
Advanced Sensing Technologies (AST)
•
Measurement and attestation
•
Behavioral modeling
Situation Understanding (SU)
•
Disparate Sensor Alert Analysis
•
Operational Mission Impact Analysis
Response and Recovery (RR)
•
Real-time secure sharing
•
Novel engagement approaches
Open System Architecture –
producing an integrated capability
*Common interfaces and messaging *Operational Exercises (DECIDE)
Network Protections (NP)
Homeland
Security
Office of Cybersecurity and CommunicationsExecutive Order (EO) on Improving Critical Infrastructure Cybersecurity/
Policy Presidential Directive (PPD) on Critical Infrastructure Security and Resilience
Executive Order 13636: Improving Critical
Infrastructure Cybersecurity directs the Executive Branch to:
Develop a technology-neutral voluntary cybersecurity framework
Promote/incentivize adoption of cybersecurity practices
Increase the volume, timeliness and quality of cyber threat information sharing
Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure
Explore existing regulation to promote cyber security
Presidential Policy Directive-21: Critical Infrastructure
Security and Resilience replaces Homeland Security Presidential Directive-7 and directs the Executive Branch to:
– Develop a situational awareness capability that addresses both physical and cyber aspects of how infrastructure is functioning in near-real time
– Understand cascading consequences of infrastructure failures – Evaluate and mature the public-private partnership
– Update the National Infrastructure Protection Plan
– Develop comprehensive research and development plan
27
“America must also face the rapidly growing threat from cyber attacks… That’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing
information sharing, and developing standards to protect our national security, our jobs, and our privacy.”
President Barack Obama, 2013 State of the Union
Presenter’s Name June 17, 2003 28
Enhance public awareness
: (1) Augment current messaging to promote
policies and practices that support Administration priorities, such as EO 13636
and PPD-21, and (2) develop messaging that targets senior executives of
critical infrastructure companies (e.g., CEOs, Boards of Directors).
Expand the Pipeline
: (1) Expand formal education at the post-secondary level,
including both four-year and two-year institutions and (2) establish new National
Academic Consortiums for Cybersecurity Education (government,
colleges/universities, high schools, middle schools, technical academies,
industry, professional organizations)
Evolve the profession
: (1) Identify critical cybersecurity workforce skills
through a national cybersecurity Workforce Inventory and Gap Analysis and
continued development of Cybersecurity Workforce Forecasting Tools and (2)
provide access to free or low-cost training for the identified critical skills.
NICE was established in support of the Comprehensive
National Cybersecurity Initiative (CNCI) – Initiative 8: Expand
Cyber Education – Interim Way Forward and is comprised of
over 20 federal departments and agencies.
Presenter’s Name June 17, 2003
CSD R&D Execution Model
Research, Development, Test and Evaluation & Transition (RDTE&T)
"Crossing the ‘Valley of Death’: Transitioning Cybersecurity Research into Practice,"
IEEE Security & Privacy, March-April 2013, Maughan, Douglas; Balenson, David; Lindqvist, Ulf; Tudor, Zachary
http://www.computer.org/portal/web/computingnow/securityandprivacy
Successes
Over 30 products transitioned since 2004, including:
• 2004 – BAA 04-17
– 5 commercial products – 2 Open Source products
• 2005 – BAA 05-10 (RTAP)
– 1 commercial product – 1 GOTS product
– 1 Open Source product
• 2007 – BAA 07-09
– 2 commercial products
• 2011 – BAA 11-02 (more to come)
– 1 Open Source product – 1 Research Infrastructure
• Law Enforcement Support
– 2 commercial products – 1 Open Source product
– Multiple Knowledge products
• Identity Management
– 1 Open Source standard and
GOTS solution
• SBIRs
– 8 commercial products – 1 Open Source product
2014 CYBER SECURITY DIVISION
Presenter’s Name June 17, 2003
Recent CSD Publications
Presenter’s Name June 17, 2003
Summary / Conclusions
Cybersecurity research is a key area of innovation to support our
global economic and national security futures
CSD continues with an aggressive cyber security research agenda to
solve the cyber security problems of our current and future
infrastructure and systems
We believe the Showcase and Technical Workshop over the next 3 days
will highlight the excellent work being funded by CSD
Will continue strong emphasis on technology transition
Will impact cyber education, training, and awareness of our current
and future cybersecurity workforce
Will continue to work internationally to find and deploy the best ideas
and solutions to real-world problems
For more information, visit
http://www.dhs.gov/cyber-research
Douglas Maughan, Ph.D.
Division Director
Cyber Security Division
Homeland Security Advanced
Research Projects Agency (HSARPA)
douglas.maughan@dhs.gov
202-254-6145 / 202-360-3170
33
Presenter’s Name June 17, 2003
Cybersecurity Requirements
Historical Timeline
2003 2008 2009 2011 2012 2013
34
Call for Action
- Secure Protocols DNSSEC Secure Routing - DETER security testbed - PREDICT data repository Beginnings of CNCI
- Call for NICE (Education)
- Call for NSTIC (Trusted Identities) - Reinforced need for PREDICT data repository S&T Produced National R&D Roadmap with community input Source for DHS S&T BAA, SBIR, and other solicitations
CNCI Tasks 4&9 S&T led via co-chair of CSIA IWG Significant inter-agency activities initiated by WH/NSS/OSTP Implementation plan to accomplish goals of DHS QHSR 24 high priority capabilities needed NPPD-led, S&T involved EO 13636: Improving Critical Infrastructure Cybersecurity PPD 21: Critical Infrastructure Security and Resilience
Presenter’s Name June 17, 2003
Trustworthy Cyber Infrastructure
35
Objective:
Develop standards, policies, processes, and technologies to enable
more secure and robust global cyber infrastructure and to identify components of
greatest need of protection, applying analysis capabilities to predict and respond to
cyber attack effects and provide situational understanding to providers
Secure Protocols
• Develop agreed-upon global infrastructure standards and solutions
• Working with IETF standards, routing vendors, global registries and ISPs • Provide global Routing Public Key Infrastructure (RPKI) solutions
• Follow same process used for DNSSEC global deployment
Distributed Denial of Service Defenses (DDOSD)
• Policy-based technologies to shift the advantage to the defender • Measurement/analysis tools to test success of BCP38 deployments • Engaging with major finance sector companies and supporting ISPs
Internet Measurement and Attack Modeling (IMAM)
• Create more complete view of the geographical and topological mapping of networks and systems
• Improve global peering, geo-location, and router level maps to assist automated solutions for attack prevention, detection, response
Presenter’s Name June 17, 2003
Network and System Security and
Investigations - 1
36
Objective:
Develop new and innovative methods, services, and capabilities for
the security of future networks and systems to ensure they are usable and security
properties can be measured and provide the tools and techniques needed for
combatting cybercrime
Security for Cloud-Based Systems
• Develop methodologies and technologies for cloud auditing and forensics in end-point devices
• Identify data audit methodologies to identify the location, movement, and behavior of data and Virtual Machines (VMs)
• Work with DHS CIO/CISOs and datacenters
Mobile Device Security
• Develop new approaches to mobile device security (user
identity/authentication, device management, App security and management, and secure data) for government purposes • Working with DHS CISO and across several components
Identity Management / Data Privacy
• Advance the identity management ecosystem to support Federal, state, local, and private sector identity management functions
• Develop data privacy technologies to better express, protect, and control the confidentiality of private information
Presenter’s Name June 17, 2003
Network and System Security and
Investigations - 2
37
Objective:
Develop new and innovative methods, services, and capabilities for
the security of future networks and systems to ensure they are usable and security
properties can be measured and provide the tools and techniques needed for
combatting cybercrime
Software Quality Assurance
• Develop new methods and capabilities to analyze software and address the presence of internal flaws and vulnerabilities to reduce the risk and cost associated with software failures
• Develop automated capability to bring together independent software and system assessment activities
Usable Security and Security Metrics
• Improve the usability of cybersecurity technologies while maintaining security
• Develop security metrics and tools and techniques to make them practical and useful as decision aids for enterprise security posture
Investigation Capabilities for Law Enforcement
• Develop investigative tools/techniques for LE agencies to address the use of computers/phones in criminal and cyber related crimes
• Develop techniques and tools focused on detecting and limiting malicious behavior by untrustworthy insiders inside an organization
• Cyber Forensics Working Group – USSS, ICE, CBP, FBI, S/L
tool
C
tool
B
toolA
Presenter’s Name June 17, 2003
Cyber Physical Systems /
Process Control Systems
38
Cyber Physical Systems Security (CPSSEC)
• Build security into the design of critical, smart, networked systems • Gain better understanding of threats and system interactions
• Testing and validation of solutions in partnership with private sector • Working with DoTrans and NPPD and Transportation Sector
Trustworthy Computing Infrastructure for the Power Grid (TCIPG)
• Improve the security of next-generation power grid infrastructure, making the underlying infrastructure more secure, reliable and safe
• 4 University consortium – UIUC, WSU, UC-Davis, Dartmouth • Private sector advisory board provides reqmts and transition path • Partnership with DOE-OE and Universities
Securing the Oil and Gas Infrastructure (LOGIIC)
• Conduct collaborative RDT&E to identify and address sector-wide vulnerabilities in oil and gas industry digital control systems
• All R&D projects identified and funded by private sector members • CSD provides project mgmt. support and inter-sector support
Objective:
Ensure necessary security enhancements are added to the design
and implementation of ubiquitous cyber physical systems and process control
systems, with an emphasis on transportation, emergency response, energy, and oil
and gas systems.
Presenter’s Name June 17, 2003
Research Infrastructure
39
Objective:
Develop research infrastructure, such as test facilities, realistic
datasets, tools, and methodologies to enable global cybersecurity R&D community
researchers to perform at-scale experimentation on their emerging technologies
with respect to system performance goals
Experimental Research Testbed (DETER)
• Researcher and vendor-neutral experimental infrastructure
• Used by 300+ organizations from 25+ states and 30+ countries - DARPA • Used in 40 + classes, from 30 institutions and 3,000+ students
• Open Source code used by Canada, Israel, Australia, Singapore
Research Data Repository (PREDICT)
• Repository of over 700TB of network data for use by community • More than 250 users (academia, industry, gov’t – NSA SBIR) • Leading activities on ICT Research Ethics (e.g., Menlo Report) • Opening up to international partners (JP, CA, AU, UK, IL, EU)
Software Assurance Market Place (SWAMP)
• A software assurance testing and evaluation facility and services • Advance the quality and usage of SwA tools – commercial & open • IOC – 2/1/14; 500+ assessments/week; 9 platforms; 5 SwA tools
Presenter’s Name June 17, 2003
Transition and Outreach
40
Objective:
Accelerate the transition of mature federally-funded cybersecurity
R&D technology into widespread operational deployment; Educate and train the
current and next generations of cybersecurity workforce through multiple methods,
models, and activities
Transition To Practice (TTP)
• White House initiated program; CSD budget plus-up in FY12
• Working with DOE and DOD labs, FFRDCs, UARCs, NSF, SBIRs • Developing relationships in the Energy and Finance Sectors • Multiple pilots in progress; Two commercial licensing deals done
Cybersecurity Competitions
• Provide a controlled, competitive environment to assess a student’s understanding and operational competency
• CSD-funded technologies included for test and evaluation • 180+ schools and 1500+ college students participated in 2014 • Involvement from private sector; Assisting int’l competitions
National Initiative for Cybersecurity Education (NICE)
• Joint DHS/NSF/DOD/DOEd initiative with WH and NIST support
• Enhance Awareness (led by NPPD); Expand the Pipeline (led by CSD, NSF, DOEd); Evolve the Profession (led by NPPD and DOD)
Presenter’s Name June 17, 2003
CSD Projects / Relationships
People
Systems
Infrastructure
• Secure Protocols • Identity Management• Enterprise Level Security Metrics • Usable Security
• Data Privacy • Cyber Forensics
• Competitions – Education • Mobile Device Security • Insider Threat
• Process Control Systems (PCS) • Internet Measurement & Attack
Modeling • Cyber Physical Systems • Distributed Denial of Service
(DDoS) Defenses • Software Quality Assurance
• Homeland Open Security Technology
• Assessments & Evaluations • Experiments & Pilots
• Cyber Economic Incentives • Moving Target Defense • Tailored Trustworthy
Spaces
• Leap Ahead Technologies • Transition to Practice
41
Research Infrastructure
• Experimental Research Testbed (DETER) • Research Data Repository (PREDICT) • Software Quality Assurance (SWAMP)