Douglas Maughan - Security Innovation Network
advertisement
Homeland Security Advanced Research Projects Agency Improving Cyber Innovation Intake into the Federal Government Douglas Maughan, Ph.D. Division Director October 24, 2012 http://www.cyber.st.dhs.gov DHS S&T Mission Strengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise 1) Create new technological capabilities and knowledge products 2) Provide Acquisition Support and Operational Analysis 3) Provide process enhancements and gain efficiencies 4) Evolve US understanding of current and future homeland security risks and opportunities 2 CSD R&D Execution Model Successes • Ironkey – Secure USB – • Komoku – Rootkit Detection Technology – • Research Development Test and Evaluation & Transition (RDTE&T) Acquired by McAfee Stanford – Anti-Phishing Technologies – • Over 100 pilot deployments as part of Cyber Forensics Endeavor Systems – Malware Analysis tools – • Acquired by Microsoft HBGary – Memory and Malware Analysis – • Standard Issue to S&T employees from S&T CIO Open source; most browsers have included Stanford R&D Secure Decisions – Data Visualization – Pilot with DHS/NCSD/US-CERT; Acquisition Programs for U. S. Small Business Small Business Innovation Research •2.5% (SBIR) Set-aside program for small business concerns to engage in federal R&D -- with potential for commercialization Small Business Technology Transfer •.3% (STTR) Set-aside program to facilitate cooperative R&D between small business concerns and research institutions -- with potential for commercialization SBIR - A 3 Phase Program •PHASE I • Feasibility Study • $100K (in general) and 6 month effort (amounts are changing) •PHASE II • Full Research/R&D • $750K and 24 month effort (amounts are changing) • Commercialization plan required •PHASE III • Commercialization Stage • Use of non-SBIR Funds Agency SBIR Differences Number and timing of solicitations R&D Topic Areas – Broad vs. Focused Dollar Amount of Award (Phase I and II) Proposal preparation instructions Financial details (e.g., Indirect Cost Rates) Proposal review process Proposal success rates Types of award Commercialization assistance And more………… Small Business Innovative Research (SBIR) FY04 FY06 Hardware-assisted System Security Monitoring (4) FY09 Large-Scale Network Survivability, Rapid Recovery, and Reconstitution (1) FY11 Software Testing and Vulnerability Analysis (3) FY10 FY05 Cross-Domain Attack Correlation Technologies (2) Real-Time Malicious Code Identification (2) Advanced SCADA and Related Distributed Control Systems (5) Mobile Device Forensics (1) FY12 Moving Target Defense (CNCI Topic) Solid State Drive Analysis Network-based Boundary Controllers (3) Botnet Detection and Mitigation (4) FY07 Secure and Reliable Wireless Communication for Control Systems (2) 7 Small Business Innovative Research (SBIR) Important program for creating new innovation and accelerating transition into the marketplace Since 2004, DHS S&T Cyber Security has had: 63 Phase I efforts 28 Phase II efforts 5 Phase II efforts currently in progress 9 commercial/open source products available Four acquisitions Komoku, Inc. (MD) acquired by Microsoft in March 2008 Endeavor Systems (VA) acquired by McAfee in January 2009 Solidcore (CA) acquired by McAfee in June 2009 HBGary (CA) acquired by ManTech in February 2012 8 Cyber Security R&D Broad Agency Announcement (BAA) Delivers both near-term and medium-term solutions To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure, based on customer requirements To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging cybersecurity systems; To facilitate the transfer of these technologies into operational environments. Proposals Received According to 3 Levels of Technology Maturity Type I (New Technologies) Applied Research Phase Development Phase Demo in Op Environ. Funding ≤ $3M & 36 mos. Type II (Prototype Technologies) More Mature Prototypes Development Phase Demo in Op Environ. Funding ≤ $2M & 24 mos. Type III (Mature Technologies) Mature Technology Demo Only in Op Environ. Funding ≤ $750K & 12 mos. Note: Technology Demonstrations = Test, Evaluation, and Pilot deployment in DHS “customer” environments 9 BAA 11-02 Technical Topic Areas (TTAs) TTA-1 Software Assurance DHS, FSSCC TTA-2 Enterprise-Level Security Metrics DHS, FSSCC TTA-3 Usable Security DHS, FSSCC TTA-4 Insider Threat DHS, FSSCC TTA-5 Resilient Systems and Networks DHS, FSSCC TTA-6 Modeling of Internet Attacks DHS TTA-7 Network Mapping and Measurement DHS TTA-8 Incident Response Communities DHS TTA-9 Cyber Economics CNCI TTA-10 Digital Provenance CNCI TTA-11 Hardware-Enabled Trust CNCI TTA-12 Moving Target Defense CNCI TTA-13 Nature-Inspired Cyber Health CNCI TTA-14 Software Assurance MarketPlace (SWAMP) S&T 224 Full Proposals encouraged Int’l participation from AUS, UK, CA, NL, SWE 34 Awards – Sep/Oct 2012 Over $4M of joint funding 1003 White Papers 10 HOST Program HOST = Homeland Open Security Technology Closing government cybersecurity gaps by sponsoring open source projects Suricata Intrusions Detection System OpenSSL FIPS validation …and helping government be able to find and deploy existing open source cybersecurity solutions Inventory of solutions, opencybersecurity.org Use cases & lessons learned reports Improved policy 11 Open Information Security Foundation and Suricata A new model for managing and sustaining innovation A non-profit to develop and “own” the code Software Freedom Law Center created the License pro bono A consortium of companies providing support in exchange for not having to release changes Ground-up rewrite Multi-Threaded Automated Protocol Detection File Identification and Extraction GPU Acceleration ~$1.2m in DHS funding was matched by ~$8m in commercial sponsorship 12 Let us know how we can work together Include your open source efforts in our inventory Project owners maintain small .xml, we crawl for updates Let us know of projects that Gov should be using so we can share them with other Gov agencies Let us know if there are some successes that would make a good case study Let us know of open source cybersecurity projects that might benefit from some government funding 13 Federal Cybersecurity R&D Strategic Plan • Science of Cyber Security • Research Themes – – – – Tailored Trustworthy Spaces Moving Target Defense Cyber Economics and Incentives Designed-In Security (New for FY12) • Transition to Practice – Technology Discovery – Test & Evaluation / Experimental Deployment Released Dec 6, 2011 – Transition / Adoption / Commercialization http://www.whitehouse.gov/blog/2011/12/06/ • Support for National Priorities federal-cybersecurity-rd-strategic-plan-released – Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education), Financial Services 14 TTP Program Focus Areas Identify Identify cyber security research that is at Technical Readiness Level (TRL) 5 or higher that can be projected into the Homeland Security Enterprise and beyond Implement Partner with the IT operations groups within the Homeland Security Enterprise to pilot the cybersecurity technologies that are identified Introduce Partner with the private sector to commercialize technology to bring the innovation to a broader audience •15 Transition To Practice Program Focus R&D Sources • DOE National Labs • FFRDC’s (Federally Funded R&D Centers) • Academia • Small Business Transition processes • Testing & evaluation • Red Teaming • Pilot deployments Utilization • • • • Open Sourcing Licensing New Companies Adoption by cyber operations analysts • Direct privatesector adoption • Government use •16 Transition to Practice Activities • Tech Foraging – Travel to National Labs to meet researchers and view demonstrations of mature cybersecurity research • Networking – Attend conferences and workshops – Brief industry organizations such as the CTIA – The Wireless Association and the Bay Area Council on Transition to Practice • Demonstrate Technology – Hold Demonstration Days for critical infrastructure sectors: • Federal Government • Financial Industry • Others •17 Transition to Practice Activities • Test and Evaluation and Red Teaming – TTP will fund the Test and Evaluation and Red Teaming of all technologies it works with • The results of the T&E and Red Teaming will be provided to the research teams to make improvements if need be • Piloting – Work with the public and private sector to pilot technology in production environments • Funding – Fund incremental improvements to promising technologies – Assist operational partners in funding pilots – Assist in funding the transition to market • Business plan development •18 DHS S&T Long Range Broad Agency Announcement (LRBAA) 12-07 S&T seeks R&D projects for revolutionary, evolving, and maturing technologies that demonstrate the potential for significant improvement in homeland security missions and operations Offerors can submit a pre-submission inquiry prior to White Paper submission that is reviewed by an S&T Program Manager CSD has 14 Topic Areas (CSD.01 – CSD.14) – SEE NEXT SLIDE LRBAA 12-07 Closes on 12/31/12 at 11:59 PM S&T BAA Website: https://baa2.st.dhs.gov Additional information can be found on the Federal Business Opportunities website (www.fbo.gov) (Solicitation #:DHSSTLRBAA12-07) 19 LRBAA Summary Listing CSD.01 – Comprehensive National Cybersecurity Initiative and Federal R&D Strategic Plan topics CSD.02 – Internet Infrastructure Security CSD.03 – National Research Infrastructure CSD.04 –Homeland Open Security Technology CSD.05 – Forensics support to law enforcement CSD.06 – Identity Management CSD.07 – Data Privacy and Information Flow technologies. CSD.08 – Software Assurance CSD.09 – Cyber security competitions and education and curriculum development. CSD.10 – Process Control Systems and Critical Infrastructure Security CSD.11 – Internet Measurement and Attack Modeling CSD.12 – Securing the mobile workforce CSD.13 - Security in cloud based systems CSD.14 – Experiments – Technologies developed through federally funded research requiring test and evaluation in experimental operational environments to facilitate transition. 20 Issues Encountered Overall Business Plan I’ve got a hammer syndrome – DHS/DOD SBIR Especially difficult for the academics Chicken and Egg problems Always a problem for the first time technology provider Testing Infrastructure and “Guinea Pigs” At the core of the scaling problem Building up the list of willing partners •21 Annual Report and Research Topics • • • • Cyber Security Division FY 2011 Annual Report • • • • • Security in Cloud-based Systems Data Privacy Mobile and Wireless Security (Big) Data Analytics for Cyber Security Applications Embedded Device Security (e.g., CPS, medical, vehicle) Network Attribution / Traceback System Composition Cyber Forensics Cyber Education / Curriculum Available NOW! 22 Summary Cybersecurity research is a key area of innovation needed to support our future DHS S&T continues with an aggressive cyber security research agenda Working to solve the cyber security problems of our current (and future) infrastructure and systems Working with academe and industry to improve research tools and datasets Looking at future R&D agendas with the most impact for the nation, including education Need to continue strong emphasis on technology transfer and experimental deployments 23 Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) douglas.maughan@dhs.gov 202-254-6145 / 202-360-3170 For more information, visit http://www.cyber.st.dhs.gov 24
