Cyber Security Research and Development a Homeland Security Perspective

Full text

(1)

1

Cyber Security Research and Development – a Homeland Security

Perspective

FBI

---

INFRAGARD National Conference

---

2005

Annabelle Lee

Science and Technology Directorate Department of Homeland Security

Session 1 - August 9, 2005

(2)

2

Department of Homeland Security:

Overview

Coast Guard

United States Secret Service

Citizenship & Immigration & Ombuds

Civil Rights and Civil Liberties

Legislative Affairs

General Counsel

Inspector General

State & Local Coordination

Private Sector Coordination

International Affairs

National Capital Region Coordination

Counter-narcotics

Small and Disadvantaged Business

Privacy Officer

Chief of Staff

Management (Hale) Information

Analysis &

Infrastructure Protection (Stephan) (acting)

Border &

Transportation Security (Beardsworth)

(acting)

Emergency Preparedness &

Emergency Response

(Brown) Science &

Technology (McQueary)

Secretary (Chertoff) Deputy Secretary

(Jackson)

(3)

3

3

DHS Mission

† Prevent terrorist attacks within the US

† Reduce vulnerability

† Minimize damage, assist in recovery

† Enhance “normal” functions

† Ensure economic security is not diminished

You all know why DHS was formed-but you may not realize that the 144,000 feds that came into the

department had day jobs - and that all of the security

measures must be balanced with our national need for

fresh fruit and new appliances and visiting friends and

relatives and colleagues.

(4)

4

Science and Technology Directorate

Science & Technology (McQueary, Under

Secretary)

Office of Programs, Plans, and Requirements

(Kirk, Acting)

Office of Research and

Development (McCarthy)

Homeland Security Advanced Research

Projects Agency (Kubricky, Acting)

Office of Systems Engineering &

Development (Kubricky)

Stewardship of an enduring

capability

Development Engineering, Production, &

Deployment Innovation,

Adaptation, &

Revolution Strategic,

programmatic, budget planning

Execution Planning

(5)

5

5

†Advising the Secretary regarding...

†Identifying priorities for…

†Establishing, conducting, and coordinating…

…basic and applied research, development,

testing and evaluation (RDT&E)

activities that are relevant to any or all elements of the Department, through both intramural and extramural programs

S&T Directorate Responsibilities:

Homeland Security Act of 2002

(6)

6

6

Science and Technology Directorate - Mission

† Conduct, stimulate and enable research, development, test, evaluation, and timely transition of homeland security capabilities to federal, state, and local operational end-

users

„ Anticipate, prevent, respond to and recover from terrorist attacks

„ Transfer technology and build capacity of federal, state, local operational end-users for all mission

„ Provide the nation with a dedicated and enduring capability

Mission of S&T was mandated by statute in the Homeland Security Act of 2002.

Develop, in consultation with the other elements, the national policy and strategy for coordinating USG efforts in HS. Also directed to coordinate and integrate all RDT&E within DHS, and to provide the systems

engineering needed to support the missions.

(7)

7

7

Current Environment: Attackers

† Currently, there are significant advantages for an attacker:

„ Increased dependence of our society on interconnected systems

„ Required resources (funding, equipment, and training) are readily available

„ Powerful attack tools are now available over the Internet to anyone who wants them

„ Powerful, affordable computing platforms to launch sophisticated attacks are now available to the everyone

„ Little skill or sophistication is required to initiate extremely harmful attacks

(8)

8

8

Current Environment: Attackers

(concluded)

† Result: The sophistication of the attack is growing

† Also, the sophistication of the attackers is increasing

† The gap between an attackers' ability to attack and the defenders' ability to

defend is widening

(9)

9

9

Current Environment: Threat and Vulnerability Trends

† The rate of development and deployment of malicious code has significantly increased. Underlying operating systems continue to contain undetected bugs.

† Because of the rate of technology change, development of new cyber security technology lags behind

deployment of malicious code/technology

† Insiders continue to compromise sensitive information and information systems

† Because of the availability and pervasive use of the Internet

„ Attack detection and response continues to play “catch up”

„ Attribution of new attacks remains difficult

(10)

10

10

Current Environment: Threat and Vulnerability Trends (concluded)

† Ability to respond to cyber threats as they emerge

„ Low cost of entry to information systems for adversaries

† Required resources (funding, equipment and training) are readily available

„ Time to develop countermeasures is longer than time to attack

„ Identifying "real" threats among the noise of traditional threats (high school hackers) is problematic

(11)

11

11

Current Environment: Technology Trends

† Economic pressures driving toward less robust/resilient infrastructure

„ Redundancy and excess capacity that contributed to resiliency are decreasing with time

† Convergence in the telecommunications sector is eliminating the distinction between voice and data communications

„ Critical communications become vulnerable to

"Internet threats"

† Interconnectivity is increasing and will continue to increase over the next 10 years

„ Outward facing networks becoming integrated with internal business networks, and even networks supporting critical functions/operations

† The need for cyber security underlies all security technologies that rely on information technology

(12)

12

12

Current Environment: Technology Trends (concluded)

† Economic pressures driving toward less robust/resilient infrastructure

„ Redundancy and excess capacity that contributed to resiliency are decreasing with time

† Convergence in the telecommunications sector is eliminating the distinction between voice and data communications

„ Critical communications become vulnerable to "Internet threats"

† Interconnectivity is increasing and will continue to increase over the next 10 years

„ Outward facing networks becoming integrated with internal business networks, and even networks supporting critical functions/operations

† The need for cyber security underlies all security technologies that rely on information technology

(13)

13

13

Current Environment: DHS Cyber Security R&D Requirements

† Conduct R and D aimed at large-scale, high- impact cyber attacks

† Address cyber security R&D needs that are unique to critical infrastructure sectors, particularly those sectors that rely on the Internet

† Provide continuity of government to ensure safety of

„ The government’s cyber infrastructure and

„ The assets required for supporting essential missions

† Support R and D that enables the private sector to better secure privately-owned portions of the Nation’s critical infrastructure

(14)

14

14

Current Environment: DHS Cyber R&D Requirements (concluded)

† Provide a foundation for economically-

informed, risk-based cyber security decision making

† Provide novel and next-generation secure information technology concepts and architectures

† Allocation of resources for R&D should not be driven only by imminent threat and known intent

„ R&D planning must anticipate trends and expectations for the next 3 years, 5 years, 10 years…

(15)

15

15

Portfolio Mission and Strategic Objectives

† Portfolio Mission Statement

The Cyber Security R&D Portfolio will lead cyber security research, development, testing and evaluation endeavors to secure the Nation's critical information infrastructure, through coordinated efforts that will improve the security of the existing cyber infrastructure, and provide a

foundation for a more secure infrastructure.

† Portfolio Strategic Objectives

1. Conduct research, development, testing, and evaluation of cyber security technology aimed at preventing, protecting against, detecting, responding to, and recovering from large-scale, high-impact cyber attacks.

2. Enable the creation of and migration to a more secure critical information infrastructure, through the

development and use of more secure communication protocols.

(16)

16

16

Portfolio Mission and Strategic Objectives (continued)

† Portfolio Strategic Objectives (cont.)

3. Address cyber security R&D needs in support of DHS mission component needs(primarily the National Cyber Security Division and National

Communications System in IAIP Directorate).

4. Address cyber security R&D needs that are unique to critical infrastructure sectors, particularly those that rely on the Internet to a great extent

(Information and Telecommunications and Banking and Finance. In coordination with the CIP Portfolio, address the cross-cutting issue of securing process control systems).

5. Provide a foundation for the long-term goal of economically-informed, risk-based cyber security decision making.

6. Provide novel and next-generation secure

information technology concepts and architectures through long-term research efforts.

(17)

17

17

Portfolio Mission and Strategic Objectives (concluded)

† Portfolio Strategic Objectives (concluded)

7. Actively pursue opportunities to serve as a catalyst for private sector activity, including public-private

partnerships, as well as increased cooperation and communication among private sector companiesand organizations.*

8. Actively pursue strategies for facilitating technology transferand diffusion of Federally-funded R&D into commercial products and services, and private sector use.*

9. Coordinate research, development, testing, and evaluation activities with related ongoing activities at other Federal agencies.*

* These objectives are not reflected in desired technical capabilities, but are firmly embedded in portfolio planning, execution, and outreach strategies.

(18)

18

18

Requirement Development and Prioritization

† The primary criteria for inclusion are:

„ Role of government in R&D, relevance to DHS mission, customer requirements and related mandates, need to bridge R&D gaps, and threats

† More specifically:

„ Direct relevance to the DHS mission

„ Foundational and infrastructural needs receive early priority because they are broad-based, cross-cutting, and have long lead times

„ Priority is placed on needs identified in high-level policy documents (e.g., National Strategy to Secure Cyberspace).

„ Requests for capability via requirements from DHS-internal customers are given increased priority

(19)

19

19

Requirement Development and Prioritization (concluded)

„ Problems identified as fundamentally hard problems by recognized R&D agendas and R&D needs documents

„ R&D areas where the government has a perceived role as a neutral broker to catalyze private sector cooperation

„ R&D areas that are more aligned with missions of other agencies are given lower priority or not considered.

„ Emphasis placed on R&D areas where there are Federal R&D investment gaps

„ Threat intelligence information is factored into priorities

„ R&D areas where the private sector is very active and making progress are given lower priority or not included

(20)

20

20

Cyber Security Portfolio: FY04 Forward…

† Securing infrastructural protocols

„ Securing the Domain Name System (DNSSEC) and Internet routing protocols

† Cyber security testbeds

„ Large scale testbed network and software testing framework (DETER/EMIST – Cyber DEfense

Technology Experimental Research/Evaluation Methods for Internet Security Technology)

† Large-scale data sets for security testing

„ Essential for supporting development of cyber security metrics (PREDICT – A Protected

REpository for Defense of Infrastructure against Cyber Threats)

† Economic assessment activities

„ Provide a foundation for risk-based decisions

(21)

21

21

Cyber Security Portfolio: FY04 Forward …

† Homeland Security Advanced Research Projects Agency (HSARPA) Cyber Security Broad Area Announcement (BAA 04-17)

„ A critical area of focus for DHS is the development and deployment of technologies to protect the nation’s cyber infrastructure including the Internet and other critical infrastructures. The goals are:

† To perform R&D aimed at improving the security of existing deployed technologies and to ensure the security of new emerging systems;

† To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information

infrastructure.

† To facilitate the transfer of these technologies into the national infrastructure as a matter of urgency.

† http://www.hsarpabaa.com

(22)

22

22

Cyber Security Portfolio: FY04 Forward…

BAA Technical Topic Areas (TTAs)

† System Security Engineering

„ Vulnerability Prevention Tools and techniques for better software development

„ Vulnerability Discovery and Remediation

† Tools and techniques for analyzing software to detect security vulnerabilities

„ Cyber Security Assessment

† Develop methods and tools for assessing the cyber security of information systems

† Security of Operational Systems

„ Security and Trustworthiness for Critical Infrastructure (CI) Protection

† 1) Automated security vulnerability assessments for CI systems

† 2) Improvements in system robustness of critical infrastructure systems

(23)

23

23

Cyber Security Portfolio: FY04 Forward… BAA TTAs (concluded)

† Security of Operational Systems

„ Wireless Security

† Security tools/products for today’s networks

† Solutions and standards for next generation networks

† Investigative and Prevention Technologies

„ Network Attack Forensics

† Tools and techniques for attack traceback

„ Technologies to Defend against Identity Theft

† R&D of tools and techniques for defending against identity theft and other financial systems attacks, e.g., phishing

(24)

24

24

Cyber Security Portfolio: FY04 Forward…

BAA Project/Proposal Structure

† Type I (New Technologies)

„ New technologies with an applied research phase, a development phase, and a deployment phase (optional)

† Funding not to exceed 36 months (including deployment phase)

† Type II (Prototype Technologies)

„ More mature prototype technologies with a development phase and a deployment phase (optional)

† Funding not to exceed 24 months (including deployment phase)

† Type III (Mature Technologies)

„ Mature technology with a deployment phase only.

† Funding not to exceed 12 months

† NOTE: Deployment Phase = Test, Evaluation, and Pilot deployment in DHS “customer” environments

(25)

25

25

Cyber Security Portfolio: FY04 Forward…

† FY04 Small Business Innovative Research (SBIR) topics

„

Cross-Domain Attack Correlation Technologies

„

Real-time Malicious Code Detection

Identification

(26)

26

26

Cyber Security R&D Portfolio Goals:

FY06

† Development of next-generation cyber security technologies

„ Address functional cyber security needs in a variety of topic areas aimed at preventing, protecting

against, detecting, and responding to cyber attacks

„ Strategy: define technical areas of interest and allow university and private sector researchers to submit their best and most innovative ideas

† Experiments and Exercises

„ Focus on cyber security technology experiments and pilot projects, and supports DHS S&T participation in cyber security exercises

„ Objective: to support the use of next-generation cyber security technologies

† Assessments

„ Conduct studies and holding workshops

(27)

27

27

Setting the Federal Government R&D Agenda

† Cyber Security and Information Assurance Interagency Working Group

„ Responding to Homeland Security Presidential Directive 7

„ Membership includes over 20 organizations from 12 departments/agencies

„ Developing a coordinated interagency Federal Plan for Cyber Security R&D

† InfoSec Research Council (IRC)

„ Revisiting the IRC Hard Problems List: 5-10 year problems that require sustained R&D

investments

(28)

28

28

Improving the Nation’s Cyber Security

† More capable people

† Increased use of security technology in existing infrastructure

† Development of more inherently secure technology for new infrastructures

† Identification of migration paths from existing to next-generation infrastructures

† Better foundations for risk-based technology investments – requires understanding of risk and economic issues

(29)

29

29

Tackling Cyber Security Challenges:

Business Not as Usual

† Strong mission focus (avoid mission creep)

† Close coordination with other Federal agencies

† Outreach to communities outside of the Federal government

„ International contacts

„ State and local governments

† Building public/private partnerships

† Strong emphasis on technology diffusion and technology transfer

† Migration paths to a more secure infrastructure

† Awareness of economic realities

(30)

30

30

The Way Forward….

Securing our cyber systems is critical not only to ensure a way of life to which we’ve grown accustomed, but more importantly to protect the vast infrastructure these systems support and operate.

Secretary Chertoff: July 28, 2005 Commonwealth Club of California

(31)

31

Questions?

Annabelle Lee

Acting Director, Cyber Security R&D 202.254.5875

202.557.5916 (cell) annabelle.lee@dhs.gov

Figure

Updating...

References

Updating...