DHS S&T Cyber Security Division (CSD) Strategic Vision

(1)

DHS S&T Cyber Security Division (CSD)

“Strategic” Vision

Homeland Security Advanced Research Projects Agency

Douglas Maughan

Division Director

December 16, 2014

(2)

Presenter’s Name June 17, 2003

Presentation Outline



Why are we here today?



Cyber Threat landscape has changed over the past several years



Early investments by CSD



Comprehensive National Cybersecurity Initiative (CNCI)



Established in the Bush White House



Continued in the Obama Administration



Sunsetted in FY14



Federal R&D Strategic Plan



Research Requirements Process



CSD Mission and Strategy



Broad Agency Announcement (BAA) 11-02

 14 Topics

 36 Awards



Technology Transition



Branching out internationally

(3)



Malware – Malicious software to disrupt

computers



Viruses, worms, …



Theft of Intellectual Property or Data



Hactivism – Cyber protests that are

socially or politically motivated



Mobile Devices and Applications and

their associated Cyber Attacks



Social Engineering – Entice users to click

on Malicious Links



Spear Phishing – Deceptive

communications (E-Mails, Texts, Tweets)



Domain Name System (DNS) Attacks



Router Security – Border Gateway

Protocol (BGP) Hijacking



Denial of Service (DOS) – blocking

access to web sites



Others …..



Bottom Line: Easier to be a bad guy

and volume of threats is growing

Cyber Threats and Sources

Nation States Cyber Criminal Organizations

Hackers/Hacktivists

Insider Threats Terrorists, DTOs, etc. 3

(4)

7 April 2004

4

Research Activities



Already Initiated



DHS / NSF Cybersecurity Testbed



Large-scale Network Security Research Testing and

Evaluation Datasets



National Strategy to Secure Cyberspace



Secure Domain Name System (DNSSEC)



Secure Routing Infrastructure (e.g., BGP)

(5)

8 June 2005

5

BAA04-17 Awards

TTA Type ID PI Organization Full Proposal Title Funding Amt.

1 II 3 University of California, Irvine Adding Mandatory Access Control to Java VMs $312,483 2 I 5 GrammaTech, Inc Model Checking Software Binaries $442,011 2 I 9 Stanford University Open Source Hardening Project $1,241,276 2 II 1 Komoku, Inc. Copilot - A High Assurance and Independent Security Auditor $1,165,416 2 II 3 Georgia Institute of Technology Preventing SQL Code Injection by Combining Static and

Runtime Analysis

$390,019 3 II 5 University of Delaware Benchmarks for evaluation of DDoS defense systems $533,716 4 I 1 Princeton University Incrementally Deployable Security for Interdomain Routing $312,483 4 II 13 Adventium Labs Embedded Firewall for Robust Protection of Mission Critical

Operations

$821,796 4 II 20 George Mason University Enhanced Topological Vulnerability Analysis and Visualization $1,100,000 4 III 2 Telcordia Technologies AVACC: Automated Vulnerability Assessment of Critical

Cyber-Infrastructure Through Policy-based Configuration Synthesis

$500,000

5 I 4 University of Michigan, Ann Arbor Secure Coordination and Communication in a Crisis Using Hand-held Devices

$1,352,549 5 I 8 Dartmouth College M.A.P. (Measure, Analyze, Protect): security through

measurement for wireless LANs

$1,698,545 6 I 1 BBN Technologies ZombieStones: Attack Tracing Across Events Separated in

Time

$384,892 6 II 4 Southwest Research Institute Single Packet IP Traceback Through Internet Autonomous

Systems

$1,224,799 7 I 2 Stanford University SpoofGuard Anti-Phishing Technologies $766,671

7 II 4 McAfee, Inc. Phisherman $887,142

7 II 7 BBN PhishBouncer- An Architectural Approach to Defending Against Phishing Attacks

(6)

4 April 2008

6

BAA07-09 Awards

TTA Type PI Organization Paper Title Time Proposed

Funding 1 II Georgia Institute of Technology

Countering Botnets: Anomaly-Based Detection, Comprehensive Analysis,

and Efficient Mitigation 24 $ 1,050,730 2 I IBM Thomas J. Watson Research Center

Montage: A Methodology for Designing Composable End-To-End Secure

Distributed Systems 36 $ 900,000 2 II Secure64 Software Corporation

Automating the Chain of Trust: Secure Interzone Key Management for

Large Scale DNSSEC Deployments (Project Acronym: SCOTTY) 36 $ 1,242,815 2 II Packet Clearing House, Inc. INOC-DBA, VoIP Network Security 24 $ 600,000 4 I CA FloViS: Flow Visualization System 30 + 6 $ 925,050 4 II

Secure Decisions division of Applied Visions,

Inc. Visualization Toolkit for NetFlow Analytics 12 + 10 $ 617,098

5 I

The Regents of the University of California; UC San Diego

leveraging the science and technology of Internet mapping for homeland

security 18+12+6 $ 1,582,467

6 II Colorado State University WIT: A Watchdog System for Internet Routing 24 $ 1,500,000 6 III Packet Clearing House, Inc. BGP Routing Integrity Checker and Prefix-List Filter Generation Tool 12 $ 450,000 7 I Digital Bond, Inc. Passive Security Log Generation for Control Systems 12 $ 475,000 7 III Sandia National Laboratories Secure and Reliable Wireless Networks for Critical Infrastructure Facilities 12 $ 643,000 8 II John Hopkins University

New Frameworks for Detecting and Minimizing Information Leakage in

Anonymized Network Data 24 $ 928,682 9 I Washington State University Insider Threat Detection Using a Graph-based Approach 20 + 4 $ 327,667 9 II Dolphin Technology Inc. Document-based Management, Access Control and Security (DocuMACS) 18 + 6 $ 1,165,000 TOTAL $ 12,407,509

(7)

7

Comprehensive National Cybersecurity

Initiative (CNCI)

Reduce the Number of Trusted Internet Connections Deploy Passive Sensors Across Federal Systems Pursue Deployment of Automated Defense Systems Coordinate and Redirect R&D Efforts

Establish a front line of defense

Connect Current Centers to Enhance Situational Awareness

Develop Gov’t-wide Counterintelligence

Plan for Cyber

Increase Security of the Classified

Networks

Expand Education

Resolve to secure cyberspace / set conditions for long-term success

Define and Develop Enduring Leap Ahead

Technologies, Strategies & Programs

Define and Develop Enduring Deterrence Strategies & Programs

Manage Global Supply Chain Risk

Cyber Security in Critical Infrastructure

Domains

Shape future environment / secure U.S. advantage / address new threats

(8)

Federal Cybersecurity R&D Strategic Plan



Science of Cyber Security



Research Themes



Tailored Trustworthy Spaces



Moving Target Defense



Cyber Economics and Incentives



Designed-In Security (New for FY13)



Transition to Practice



Technology Discovery



Test & Evaluation / Experimental

Deployment



Transition / Adoption / Commercialization



Support for National Priorities



Health IT, Smart Grid, NSTIC (Trusted

Identity), NICE (Education), Financial

Services

Released Dec 6, 2011

http://www.whitehouse.gov/blog/2011/12/06/f ederal-cybersecurity-rd-strategic-plan-released

(9)

CSD Research Requirement Inputs

Departmental Inputs

• QHSR 2009 & 2014 • Blueprint

• NPPD/CS&C/NCCIC • ICE HSI / IPR

• USSS • CBP • USCG • TSA • DHS CIO/CISO Councils State/Local • S&T First Responders Group • FRAC/TTWG • SWGDE (FBI)

CSD

International Collaborations 9 White House/NSS • National Strategy 2003 • Comprehensive National

Cybersecurity Initiative (CNCI) • EO 13636/PPD 21

• National CISR R&D Plan (in progress)

• Transition to Practice (TTP) • Cyber Economic Incentives

Research

• National Initiative for Cybersecurity Education (NICE)

• Cybersecurity Framework Support

Interagency Collaboration

• Cyber Security and Information Assurance (CSIA) IWG • SCORE – Classified R&D WG • Cyber-Physical Systems (CPS) SSG • Big Data SSG • Cyber Forensics WG Critical Infrastructure Sectors (Private Sector)

• Energy (Oil & Gas, Electric Power)

• Banking and Finance • Communications/IT • Cross-Sector Cyber

(10)

CSD Mission & Strategy

10

REQUIREMENTS

CSD MISSION



Develop and deliver new technologies, tools and techniques

to defend

and secure current and future systems and networks



Conduct and support

technology transition

efforts



Provide

R&D leadership and coordination

within the government,

academia, private sector and international cybersecurity community

CSD STRATEGY Trustworthy Cyber Infrastructure Cybersecurity Research Infrastructure Network & System Security and Investigations Cyber Physical Systems Transition and Outreach Government Venture Capital IT Security Companies Open Source International

Stakeholders Outreach Methods (Sampling)

Technology Demonstrations Program Reviews

Speaking Engagements

Social Media Media Outreach

(11)

CSD R&D Execution Model

Research, Development, Test and Evaluation & Transition (RDTE&T)

"Crossing the ‘Valley of Death’: Transitioning Cybersecurity Research into Practice,"

IEEE Security & Privacy, March-April 2013, Maughan, Douglas; Balenson, David; Lindqvist, Ulf; Tudor, Zachary

http://www.computer.org/portal/web/computingnow/securityandprivacy

Successes

Over 30 products transitioned since 2004, including:

• 2004 – BAA 04-17

– 5 commercial products – 2 Open Source products

• 2005 – BAA 05-10 (RTAP)

– 1 commercial product – 1 GOTS product

– 1 Open Source product

• 2007 – BAA 07-09

– 2 commercial products

• 2011 – BAA 11-02 (more to come)

– 1 Open Source product – 1 Research Infrastructure

• Law Enforcement Support

– 2 commercial products – 1 Open Source product

– Multiple Knowledge products

• Identity Management

– 1 Open Source standard and

GOTS solution

• SBIRs

(12)



International Bilateral Agreements

 Government-to-government cooperative activities for 13 bilateral Agreements

S&T International Engagements

• Canada (2004) • Australia (2004) • United Kingdom (2005) • Singapore (2007) • Sweden (2007) • Mexico (2008) • Israel (2008) • France (2008) • Germany (2009) • New Zealand (2010) • European Commission (2010) • Spain (2011)

• Netherlands (2013) COUNTRY PROJECTS MONEY IN JOINT MONEY OUT

Australia 3 $300K $400K Canada 11 $1.8M Germany 1 $300K Israel 2 $100K Netherlands 7 $450K $1.2M $150K Sweden 4 $650K United Kingdom 3 $1.0M $400K $200K New Zealand 1 Japan 1

Over $6M of

International

co-funding

12

(13)

(14)

Presentation Outline



Where are we going?



Solicitations



FY14 BAA (Funded FY15-17)



SBIR



Long-Range BAA



Collaboration Sessions – Wed. afternoon



Security Culture (Sweden’s SECUR-IT Initiative)



Cyber Experimentation for the Future



Security of Open Source Solutions



Economics of Cybersecurity



International Partners Open Discussion



Cyber Apex – Banking and Finance Sector



Large-scale technology integration and demonstration



National Critical Infrastructure Security and Resilience R&D

Strategic Plan



National Initiative on Cybersecurity Education (NICE)

(15)



Anticipated Schedule



23 Apr: BAA released incl. to participating countries



$95M over 5 year period



https://www.fbo.gov/spg/DHS/OCPO/DHS-OCPO/HSHQDC-14-R-B0005/listing.html



S&T BAA Website:

https://baa2.st.dhs.gov



1 June+: Publish BAA Topic Calls



Open to all respondents – foreign and domestic



June 2014 – March 2015: BAA White Paper and

Proposal Review process and Contracting Activities

2014 Broad Agency Announcement

15

International Collaborations

(16)



Data Privacy:

http://go.usa.gov/8JZ9



TTA #1 - Privacy Policy Compliance

Tools



TTA #2 - Privacy-Preserving

Federated Search



TTA #3 - Mobile Computing Privacy



Mobile Tech Sec:

http://go.usa.gov/8JBY



TTA #1 - Mobile Device

Instrumentation



TTA #2 - Transactional Security

Methods



TTA #3 - Mobile Security Mgmt Tools



TTA #4 - Protecting Mobile Device

Layers



CPSSEC:

http://go.usa.gov/8JBQ



TTA #1 - Security Models and

Interactions



TTA #2 - Secure System Design

and Implementation



TTA #3 - Experiments and Pilots



DDoSD:

http://go.usa.gov/8JBB



TTA #1 - Measurement & Analysis

to Promote Best Current Practices

(BCP 38, SAC004)



TTA #2 - Tools for Communication

and Collaboration



TTA #3 - Novel DDoS Attack

Mitigation and Defense Techniques

2014 BAA – Topics

(17)



Important program for creating new innovation and

accelerating transition into the marketplace



Since 2004, DHS S&T Cyber Security has had:



74 Phase I efforts



28 Phase II efforts



4 Phase II efforts currently in progress



10 commercial/open source products available



Four acquisitions



Komoku, Inc. (MD) acquired by Microsoft in March 2008



Endeavor Systems (VA) acquired by McAfee in January 2009



Solidcore (CA) acquired by McAfee in June 2009



HBGary (CA) acquired by ManTech in February 2012



S&T BAA / SBIR Website:

https://baa2.st.dhs.gov

Small Business Innovative Research

(SBIR) - 1

(18)



FY04



Cross-Domain Attack Correlation

Technologies (2)



Real-Time Malicious Code

Identification (2)



Advanced SCADA and Related

Distributed Control Systems (5)



FY05



Hardware-assisted System

Security Monitoring (4)



FY06



Network-based Boundary

Controllers (3)



Botnet Detection and Mitigation (4)



FY07



Secure & Reliable Wireless

Comms for Control Systems (2)



FY09



Software Testing and Vulnerability

Analysis (3)



FY10



Large-Scale Network

Survivability, Rapid Recovery,

and Reconstitution (1)



FY11



Mobile Device Forensics (1)



FY12



Moving Target Defense (2)



Solid State Drive Analysis (1)



FY13



Hybrid Analysis Mapping (2)



Software Based Roots of Trust

for Enhanced Mobile Device

Security (3)



FY14



Embedded System Security



FY15



Enhanced Distributed Denial of

Service Defense

Small Business Innovative Research

(SBIR) - 2

(19)



S&T seeks R&D projects for revolutionary, evolving, and

maturing technologies that demonstrate the potential for

significant improvement in homeland security missions

and operations



Offerors can submit a pre-submission inquiry prior to

White Paper submission that is reviewed by an S&T

Program Manager



CSD has 18 Topic Areas (CSD.01 – CSD.18) – SEE

NEXT SLIDE



LRBAA 14-02 – open 2/25/2014, closes 12/31/2018



Additional information can be found on the Federal

Business Opportunities website (

www.fbo.gov

)

(Solicitation #:DHSST-LRBAA14-02)

DHS S&T Long Range Broad

Agency Announcement (LRBAA)

(20)



CSD.01 –National Critical

Infrastructure Security and Resilience

(CISR) R&D Strategic Plan topics



CSD.02 – Internet Infrastructure

Security



CSD.03 – Cyber Experimentation for

the Future



CSD.04 –Homeland Open Security

Technology



CSD.05 – Forensics support to law

enforcement



CSD.06 – Identity Management



CSD.07 – Data Privacy and

Information Flow technologies.



CSD.08 – Software Assurance



CSD.09 – Cyber security education,

competitions, and curriculum

development.



CSD.10 – Cyber-Physical Control and

Process Control Systems Security



CSD.11 – Internet Measurement and

Attack Modeling



CSD.12 – Securing the mobile

workforce



CSD.13 – Insider Threats



CSD.14 – Experiments and Pilots –

Test and evaluation in experimental

operational environments to facilitate

transition.



CSD.15 – Cybersecurity Economic

Incentives, Insurance, and Behaviors



CSD.16 – Data Analytics – analysis

techniques, visualization



CSD.17 – Predictive Analytics



CSD.18 – Distributed Denial of Service

Defense

LRBAA Summary Listing

(21)

Collaboration Sessions



Sweden’s Security Culture and Information Tech - SECURIT

 The objective of this session is to share what our Swedish partners are doing, how it’s worked, and how can we incorporate this into what we are doing.



Cybersecurity Experimentation of the Future

 In order to address evolving cyber challenges researchers need an accessible, broad, and multi-organizational cybersecurity experimentation capability that

supports tomorrow’s research. The objective of this session is to share a plan and roadmap and seek your feedback through open dialogue.



Issues and Challenges in Transitioning Open Source Solutions

 This session will discuss challenges and opportunities related to open source. Participants are encouraged to bring questions on open source policies, examples of open source successes and failures, and help determine how DHS S&T CSD can best help promote successful open source transitions.



Economics of Cybersecurity

 The objective of the session is to discuss how economic considerations might affect the ultimate transition and utility of the various cyber security measures being developed through CSD’s research program.



International Partners Open Discussion

 International partners will be available to discuss additional questions not addressed in the International Panel Discussion.

(22)



Screening at Speed: Security that Matches the Pace of Life



A Trusted Cyber Future: Protecting Privacy, Commerce and

Community



In a future of increasing cyber connections, underlying digital infrastructure

will be self-detecting, self-protecting and self-healing. Users will trust that

information is protected, illegal use is deterred, and privacy is not

compromised. Security will operate seamlessly in the background.



Enable the Decision Maker: Actionable Information at the Speed

of Thought



Responder of the Future: Protected, Connected, and Fully

Aware



Resilient Communities: Disaster-Proofing Society

The Future at DHS S&T

(23)



MOU between DHS S&T,

NIST, and FS Sector

Coord Council (FSSCC)

in coordination with WH



Framework for

public-private collaboration on

R&D projects for the FS

1) to facilitate innovation,

2) to identify and overcome

cybersecurity

vulnerabilities, and

3) to develop more efficient

and effective processes

that benefit critical

financial services

functions and other

critical infrastructures

Public-Private R&D Partnerships

(24)

What are the core cybersecurity problems we

are trying to address?

24

• Compromise of the cyber fabric underlying our

nation’s critical infrastructure (CI) is a threat to US

national security

• 70% of critical infrastructure companies have been

hit with breaches in the past year

– Source: 2014 Survey from Unisys and Ponemon Institute

• Perimeter-based defense is not sufficient for

well-resourced adversaries

– Mandiant reports that nearly 100% of it victims have

up-to-date virus software; many observe best practices in network monitoring, firewall filtering, and intrusion detection

• Adversaries are on our systems and networks without our knowledge

• Understanding of the cyber situation is often inaccurate or only achieved

forensically, after the fact

• Lack of a strong repertoire of response mechanisms that can neutralize the

impact of adversary presence while still allowing the sector to maintain an

adequate level of operating functionality

243 – Median days attackers are on the network before being discovered - Mandiant

(25)

• Existing fragilities exist in the core of the

financial sector, arising from purely

profit-seeking behavior:

- Complex interdependencies (LTCM)

- Increased automation (Knight Capital)

- Size and speed of data flow (May 2010 Flash-crash)

• Known penetration of sector networks by

sophisticated adversaries

- NASDAQ

- JP Morgan (reported at 76M)

• Clear and growing risk to

national security

when the two combine

Initial Focus on the Financial Services Sector

(FSS)

25

[The report] ”…portrayed a market so fragmented and fragile that a single large

trade could send stocks into a sudden spiral. ”

- Wall Street Journal summary of the SEC and CFTC joint after action report on the May

(26)

Technical Approach Overview

26

Advanced Sensing Technologies (AST)

• Measurement and attestation

• Behavioral modeling

Situation Understanding (SU)

• Disparate Sensor Alert Analysis

• Operational Mission Impact Analysis

Response and Recovery (RR)

• Real-time secure sharing

• Novel engagement approaches

Open System Architecture –

producing an integrated capability

*Common interfaces and messaging *Operational Exercises (DECIDE)

Network Protections (NP)

(27)

Homeland

Security

Office of Cybersecurity and Communications

Executive Order (EO) on Improving Critical Infrastructure Cybersecurity/

Policy Presidential Directive (PPD) on Critical Infrastructure Security and Resilience

Executive Order 13636: Improving Critical

Infrastructure Cybersecurity directs the Executive Branch to:

 Develop a technology-neutral voluntary cybersecurity framework

 Promote/incentivize adoption of cybersecurity practices

 Increase the volume, timeliness and quality of cyber threat information sharing

 Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure

 Explore existing regulation to promote cyber security

Presidential Policy Directive-21: Critical Infrastructure

 Security and Resilience replaces Homeland Security Presidential Directive-7 and directs the Executive Branch to:

– Develop a situational awareness capability that addresses both physical and cyber aspects of how infrastructure is functioning in near-real time

– Understand cascading consequences of infrastructure failures – Evaluate and mature the public-private partnership

– Update the National Infrastructure Protection Plan

– Develop comprehensive research and development plan

27

“America must also face the rapidly growing threat from cyber attacks… That’s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing

information sharing, and developing standards to protect our national security, our jobs, and our privacy.”

President Barack Obama, 2013 State of the Union

(28)

Presenter’s Name June 17, 2003 28



Enhance public awareness

: (1) Augment current messaging to promote

policies and practices that support Administration priorities, such as EO 13636

and PPD-21, and (2) develop messaging that targets senior executives of

critical infrastructure companies (e.g., CEOs, Boards of Directors).



Expand the Pipeline

: (1) Expand formal education at the post-secondary level,

including both four-year and two-year institutions and (2) establish new National

Academic Consortiums for Cybersecurity Education (government,

colleges/universities, high schools, middle schools, technical academies,

industry, professional organizations)



Evolve the profession

: (1) Identify critical cybersecurity workforce skills

through a national cybersecurity Workforce Inventory and Gap Analysis and

continued development of Cybersecurity Workforce Forecasting Tools and (2)

provide access to free or low-cost training for the identified critical skills.

NICE was established in support of the Comprehensive

National Cybersecurity Initiative (CNCI) – Initiative 8: Expand

Cyber Education – Interim Way Forward and is comprised of

over 20 federal departments and agencies.

(29)

CSD R&D Execution Model

Research, Development, Test and Evaluation & Transition (RDTE&T)

"Crossing the ‘Valley of Death’: Transitioning Cybersecurity Research into Practice,"

IEEE Security & Privacy, March-April 2013, Maughan, Douglas; Balenson, David; Lindqvist, Ulf; Tudor, Zachary

http://www.computer.org/portal/web/computingnow/securityandprivacy

Successes

Over 30 products transitioned since 2004, including:

• 2004 – BAA 04-17

– 5 commercial products – 2 Open Source products

• 2005 – BAA 05-10 (RTAP)

– 1 commercial product – 1 GOTS product

– 1 Open Source product

• 2007 – BAA 07-09

– 2 commercial products

• 2011 – BAA 11-02 (more to come)

– 1 Open Source product – 1 Research Infrastructure

• Law Enforcement Support

– Multiple Knowledge products

• Identity Management

– 1 Open Source standard and

GOTS solution

• SBIRs

(30)

2014 CYBER SECURITY DIVISION

(31)

Recent CSD Publications

(32)

Summary / Conclusions



Cybersecurity research is a key area of innovation to support our

global economic and national security futures



CSD continues with an aggressive cyber security research agenda to

solve the cyber security problems of our current and future

infrastructure and systems



We believe the Showcase and Technical Workshop over the next 3 days

will highlight the excellent work being funded by CSD



Will continue strong emphasis on technology transition



Will impact cyber education, training, and awareness of our current

and future cybersecurity workforce



Will continue to work internationally to find and deploy the best ideas

and solutions to real-world problems

(33)

For more information, visit

http://www.dhs.gov/cyber-research

Douglas Maughan, Ph.D.

Division Director

Cyber Security Division

Homeland Security Advanced

Research Projects Agency (HSARPA)

douglas.maughan@dhs.gov

202-254-6145 / 202-360-3170

33

(34)

Cybersecurity Requirements

Historical Timeline

2003 2008 2009 2011 2012 2013

34

Call for Action

- Secure Protocols DNSSEC Secure Routing - DETER security testbed - PREDICT data repository Beginnings of CNCI

- Call for NICE (Education)

- Call for NSTIC (Trusted Identities) - Reinforced need for PREDICT data repository S&T Produced National R&D Roadmap with community input Source for DHS S&T BAA, SBIR, and other solicitations

CNCI Tasks 4&9 S&T led via co-chair of CSIA IWG Significant inter-agency activities initiated by WH/NSS/OSTP Implementation plan to accomplish goals of DHS QHSR 24 high priority capabilities needed NPPD-led, S&T involved EO 13636: Improving Critical Infrastructure Cybersecurity PPD 21: Critical Infrastructure Security and Resilience

(35)

Trustworthy Cyber Infrastructure

35

Objective:

Develop standards, policies, processes, and technologies to enable

more secure and robust global cyber infrastructure and to identify components of

greatest need of protection, applying analysis capabilities to predict and respond to

cyber attack effects and provide situational understanding to providers

Secure Protocols

• Develop agreed-upon global infrastructure standards and solutions

• Working with IETF standards, routing vendors, global registries and ISPs • Provide global Routing Public Key Infrastructure (RPKI) solutions

• Follow same process used for DNSSEC global deployment

Distributed Denial of Service Defenses (DDOSD)

• Policy-based technologies to shift the advantage to the defender • Measurement/analysis tools to test success of BCP38 deployments • Engaging with major finance sector companies and supporting ISPs

Internet Measurement and Attack Modeling (IMAM)

• Create more complete view of the geographical and topological mapping of networks and systems

• Improve global peering, geo-location, and router level maps to assist automated solutions for attack prevention, detection, response

(36)

Network and System Security and

Investigations - 1

36

Objective:

Develop new and innovative methods, services, and capabilities for

the security of future networks and systems to ensure they are usable and security

properties can be measured and provide the tools and techniques needed for

combatting cybercrime

Security for Cloud-Based Systems

• Develop methodologies and technologies for cloud auditing and forensics in end-point devices

• Identify data audit methodologies to identify the location, movement, and behavior of data and Virtual Machines (VMs)

• Work with DHS CIO/CISOs and datacenters

Mobile Device Security

• Develop new approaches to mobile device security (user

identity/authentication, device management, App security and management, and secure data) for government purposes • Working with DHS CISO and across several components

Identity Management / Data Privacy

• Advance the identity management ecosystem to support Federal, state, local, and private sector identity management functions

• Develop data privacy technologies to better express, protect, and control the confidentiality of private information

(37)

Network and System Security and

Investigations - 2

37

Objective:

Develop new and innovative methods, services, and capabilities for

the security of future networks and systems to ensure they are usable and security

properties can be measured and provide the tools and techniques needed for

combatting cybercrime

Software Quality Assurance

• Develop new methods and capabilities to analyze software and address the presence of internal flaws and vulnerabilities to reduce the risk and cost associated with software failures

• Develop automated capability to bring together independent software and system assessment activities

Usable Security and Security Metrics

• Improve the usability of cybersecurity technologies while maintaining security

• Develop security metrics and tools and techniques to make them practical and useful as decision aids for enterprise security posture

Investigation Capabilities for Law Enforcement

• Develop investigative tools/techniques for LE agencies to address the use of computers/phones in criminal and cyber related crimes

• Develop techniques and tools focused on detecting and limiting malicious behavior by untrustworthy insiders inside an organization

• Cyber Forensics Working Group – USSS, ICE, CBP, FBI, S/L

tool

C

tool

B

tool

A

(38)

Cyber Physical Systems /

Process Control Systems

38

Cyber Physical Systems Security (CPSSEC)

• Build security into the design of critical, smart, networked systems • Gain better understanding of threats and system interactions

• Testing and validation of solutions in partnership with private sector • Working with DoTrans and NPPD and Transportation Sector

Trustworthy Computing Infrastructure for the Power Grid (TCIPG)

• Improve the security of next-generation power grid infrastructure, making the underlying infrastructure more secure, reliable and safe

• 4 University consortium – UIUC, WSU, UC-Davis, Dartmouth • Private sector advisory board provides reqmts and transition path • Partnership with DOE-OE and Universities

Securing the Oil and Gas Infrastructure (LOGIIC)

• Conduct collaborative RDT&E to identify and address sector-wide vulnerabilities in oil and gas industry digital control systems

• All R&D projects identified and funded by private sector members • CSD provides project mgmt. support and inter-sector support

Objective:

Ensure necessary security enhancements are added to the design

and implementation of ubiquitous cyber physical systems and process control

systems, with an emphasis on transportation, emergency response, energy, and oil

and gas systems.

(39)

Research Infrastructure

39

Objective:

Develop research infrastructure, such as test facilities, realistic

datasets, tools, and methodologies to enable global cybersecurity R&D community

researchers to perform at-scale experimentation on their emerging technologies

with respect to system performance goals

Experimental Research Testbed (DETER)

• Researcher and vendor-neutral experimental infrastructure

• Used by 300+ organizations from 25+ states and 30+ countries - DARPA • Used in 40 + classes, from 30 institutions and 3,000+ students

• Open Source code used by Canada, Israel, Australia, Singapore

Research Data Repository (PREDICT)

• Repository of over 700TB of network data for use by community • More than 250 users (academia, industry, gov’t – NSA SBIR) • Leading activities on ICT Research Ethics (e.g., Menlo Report) • Opening up to international partners (JP, CA, AU, UK, IL, EU)

Software Assurance Market Place (SWAMP)

• A software assurance testing and evaluation facility and services • Advance the quality and usage of SwA tools – commercial & open • IOC – 2/1/14; 500+ assessments/week; 9 platforms; 5 SwA tools

(40)

Transition and Outreach

40

Objective:

Accelerate the transition of mature federally-funded cybersecurity

R&D technology into widespread operational deployment; Educate and train the

current and next generations of cybersecurity workforce through multiple methods,

models, and activities

Transition To Practice (TTP)

• White House initiated program; CSD budget plus-up in FY12

• Working with DOE and DOD labs, FFRDCs, UARCs, NSF, SBIRs • Developing relationships in the Energy and Finance Sectors • Multiple pilots in progress; Two commercial licensing deals done

Cybersecurity Competitions

• Provide a controlled, competitive environment to assess a student’s understanding and operational competency

• CSD-funded technologies included for test and evaluation • 180+ schools and 1500+ college students participated in 2014 • Involvement from private sector; Assisting int’l competitions

National Initiative for Cybersecurity Education (NICE)

• Joint DHS/NSF/DOD/DOEd initiative with WH and NIST support

• Enhance Awareness (led by NPPD); Expand the Pipeline (led by CSD, NSF, DOEd); Evolve the Profession (led by NPPD and DOD)

(41)

CSD Projects / Relationships

People

Systems

Infrastructure

• Secure Protocols • Identity Management

• Enterprise Level Security Metrics • Usable Security

• Data Privacy • Cyber Forensics

• Competitions – Education • Mobile Device Security • Insider Threat

• Process Control Systems (PCS) • Internet Measurement & Attack

Modeling • Cyber Physical Systems • Distributed Denial of Service

(DDoS) Defenses • Software Quality Assurance

• Homeland Open Security Technology

• Assessments & Evaluations • Experiments & Pilots

• Cyber Economic Incentives • Moving Target Defense • Tailored Trustworthy

Spaces

• Leap Ahead Technologies • Transition to Practice

41

Research Infrastructure

• Experimental Research Testbed (DETER) • Research Data Repository (PREDICT) • Software Quality Assurance (SWAMP)