Presentation title slide - 42 pt Times New Roman, White
advertisement
Homeland Security Advanced Research Projects Agency An Update on the Cyber Security R&D Landscape December 4, 2013 SINET Showcase Douglas Maughan Division Director http://www.dhs.gov/cyber-research Past SINET Participation 2007 ITSEF - Opening Doors to the Federal Government 2008 ITSEF Panel - Federal Government Strategic Investment Funds 2009 ITSEF Panel - Critical Infrastructure 2010 ITSEF Panel - Moving Forward with a Roadmap for the IT, Banking & Finance and Energy Sectors 2010 Showcase Workshop and 2011 ITSEF Workshop Obtaining Federal Research Funding 2011 ITSEF Panel - Partnering Practitioners & Theory Creating Centers of Excellence 2012 ITSEF Panel - What are the Key Attributes that Lead to Successful Technology Transfer? 2012 Showcase Panel - DHS and DoD Efforts at Improving Cyber Innovation Intake into the Federal Government Presenter’s Name June 17, 2003 2 Presentation Outline Threat Space National / Federal Activities DHS Activities Cyber Security Division (CSD) Overview What’s Ahead Funding Opportunities Summary Q&A Presenter’s Name June 17, 2003 3 Environment: Greater Use of Technology, More Threats, Less Resources Anywhere in the world in 24 hours Globalization & Transportation Tenuous balance Border Security & Immigration Violent Extremism Cyber Domain Insider Threat Low cost of entry Nature of Innovation Both sides get to innovate Misuse of Technology Historical Perspective Strategic potential Predictive & Reactive Natural Disasters & Pushing Beyond Design Limits MORE THREATS Aviation as an example … L E S S R E S O U R C E S Cyber Threat Sources Ready to Exploit Weaknesses Nation States Cyber Criminals Terrorists, DTOs, etc. Insider Threats Hackers/Hacktivists Presenter’s Name June 17, 2003 Cyber Threats Malware – Malicious software to disrupt computers Viruses, worms, … Theft of Intellectual Property or Data Hactivism – Cyber protests that are socially or politically motivated Mobile Devices and Applications and their associated Cyber Attacks Social Engineering – Entice users to click on Malicious Links Spear Phishing – Deceptive communications (E-Mails, Texts, Tweets…) Domain Name System (DNS) Hijacking Router Security – Border Gateway Protocol (BGP) Hijacking Denial of Service (DOS) – blocking access to web sites Others ….. Presenter’s 6Name June 17, 2003 Recent Events Presenter’s Name June 17, 2003 7 Comprehensive National Cybersecurity Initiative (CNCI) Establish a front line of defense Reduce the Number of Trusted Internet Connections Deploy Passive Sensors Across Federal Systems Pursue Deployment of Automated Defense Systems Coordinate and Redirect R&D Efforts Resolve to secure cyberspace / set conditions for long-term success Connect Current Centers to Enhance Situational Awareness Develop Gov’t-wide Counterintelligence Plan for Cyber Increase Security of the Classified Networks Expand Education Shape future environment / secure U.S. advantage / address new threats Define and Develop Enduring Leap Ahead Technologies, Strategies & Programs Define and Develop Enduring Deterrence Strategies & Programs Manage Global Supply Chain Risk http://cybersecurity.whitehouse.gov Cyber Security in Critical Infrastructure Domains NITRD Participating Agencies Networking Information Technology R&D 9 Federal Cybersecurity R&D Strategic Plan Science of Cyber Security Research Themes Tailored Trustworthy Spaces Moving Target Defense Cyber Economics and Incentives Designed-In Security (New for FY13) Transition to Practice Technology Discovery Test & Evaluation / Experimental Deployment Transition / Adoption / Commercialization Released Dec 6, 2011 http://www.whitehouse.gov/blog/2011/12/06/ federal-cybersecurity-rd-strategic-plan-released Support for National Priorities Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education), Financial Services Presenter’s Name June 17, 2003 10 DHS S&T Mission Guidance Strategic Guidance Homeland Security Act 2002 QHSR (Feb 2010) BUR (July 2010) S&T Strategic Plan (2011) QHSR Threats Core Missions Operational Directives Smaller Scale Terrorism Trafficking, Crime Pandemics, Accidents, Natural Hazards 1. Preventing terrorism & enhancing security 2. Securing and managing our borders 3. Enforcing & administering immigration laws HSPD-5 National Incident Management System (2003) HSPD-9 Defense of U.S. Agriculture & Food (2004) Violent Extremism High Consequence WMD 4. Safeguarding and securing cyberspace 5. Ensuring resilience to disasters HSPD-10 Biodefense for the 21st Century (2004) HSPD-22 Domestic Chemical Defense (2007) PPD-8 National Preparedness (2011) Prevention, Protection, Mitigation, Response, Recovery Cybersecurity for the 16 Critical Infrastructure Sectors DHS provides advice and alerts to the 16 critical infrastructure areas … … DHS collaborates with sectors through Sector Coordinating Councils (SCC) X X Business / Personal Shopping & Banking Point of Sale (in store or on line) Personnel Social Media … EO-13636 and PPD-21 In February 2013, the President issued two new policies: 1) Executive Order 13636: Improving Critical Infrastructure Cybersecurity 2) Presidential Policy Directive – 21: Critical Infrastructure Security and Resilience America's national security and economic prosperity are dependent upon the operation of critical infrastructure that are increasingly at risk to the effects of cyber attacks The vast majority of U.S. critical infrastructure is owned and operated by private companies A strong partnership between government and industry is indispensible to reducing the risk to these vital systems Integrating Cyber-Physical Security Executive Order 13636: Improving Critical Infrastructure Cybersecurity directs the Executive Branch to: Develop a technology-neutral voluntary cybersecurity framework Promote and incentivize the adoption of cybersecurity practices Increase the volume, timeliness and quality of cyber threat information sharing Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure Explore the use of existing regulation to promote cyber security Presidential Policy Directive-21: Critical Infrastructure Security and Resilience replaces Homeland Security Presidential Directive-7 and directs the Executive Branch to: Develop a situational awareness capability that addresses both physical and cyber aspects of how infrastructure is functioning in nearreal time Understand the cascading consequences of infrastructure failures Evaluate and mature the publicprivate partnership Update the National Infrastructure Protection Plan Develop comprehensive research and development plan (CSD / RSD) Presenter’s Name June 17, 2003 14 EO-PPD Deliverables 120 days – June 12, 2013 C • Publish instructions: unclassified threat information • Report on cybersecurity incentives • Publish procedures: expand the Enhanced Cybersecurity Services 150 Days - July 12, 2013 C C • Identify cybersecurity critical infrastructure • Evaluate public-private partnership models • Expedite security clearances for private sector 240 Days – October 10, 2013 • Develop a situational awareness capability • Update the National Infrastructure Protection Plan • Publish draft voluntary Cybersecurity Framework 365 days – February 12, 2014 • Report on privacy and civil rights and civil liberties cybersecurity enhancement risks • Stand up voluntary program based on finalized Cybersecurity Framework Beyond 365 - TBD • Critical Infrastructure Security and Resilience R&D Plan Presenter’s Name June 17, 2003 15 Cybersecurity Framework (NIST lead) Developed in collaboration with industry, provides guidance to an organization on managing cybersecurity risk Supports the improvement of cybersecurity for the Nation’s Critical Infrastructure using industry-known standards and best practices Provides a common language and mechanism for organizations to 1. describe current cybersecurity posture; 2. describe their target state for cybersecurity; 3. identify and prioritize opportunities for improvement within the context of risk management; 4. assess progress toward the target state; 5. Foster communications among internal and external stakeholders. Composed of three parts: the Framework Core, the Framework Implementation Tiers, and Framework Profiles Presenter’s Name June 17, 2003 16 Cybersecurity Framework Function IDENTIFY PROTECT DETECT RESPOND RECOVER Category Asset Management Business Environment Governance Risk Assessment Risk Management Access Control Awareness and Training Data Security Information Protection Processes and Procedures Protective Technology Anomalies and Events Security Continuous Monitoring Detection Processes Communication Analysis Mitigation Improvements Recovery Planning Improvements Communication Presenter’s Name June 17, 2003 17 Recommended Incentives Areas: 1. Cybersecurity Insurance 6. Public Recognition 2. Grants 3. Process Preference 7. Rate Recovery for Price Regulated Industries 4. Liability Limitation 8. Cybersecurity Research 5. Streamline Regulations “While these reports do not yet represent a final Administration policy, they do offer an initial examination of how the critical infrastructure community could be incentivized to adopt the Cybersecurity Framework as envisioned in the Executive Order. We will be making more information on these efforts available as the Framework and Program are completed.” Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator White House Blog, August 6, 2013 Presenter’s Name June 17, 2003 18 R&D guidance from PPD-21 Within 2 years, DHS in coordination with OSTP, SSA’s, DOC and other Federal D&A, shall provide to the President a National Critical Infrastructure Security and Resilience R&D Plan that takes into account the evolving threat landscape, annual metrics, and other relevant information to identify priorities and guide R&D requirements and investments…plan issued every 4 years …updates as needed. Innovation and Research & Development: DHS in coordination with OSTP, SSA’s, Commerce and other Federal D&A, shall provide input to align those Federal and Federally-funded R&D activities that seek to strengthen the security and resiliency of the Nation’s critical infrastructure, including: Promoting R&D to enable the secure and resilient design and construction of critical infrastructure and more secure accompanying cyber technology; Enhancing modeling capabilities to determine potential impacts … and cascading effects; Facilitating initiatives to incentivize cyber security investments and the adoption of critical infrastructure design features that strengthen all-hazards security and resilience; Prioritizing efforts to support the strategic guidance issued by the Secretary. Working Group headed up by DHS S&T Presenter’s Name June 17, 2003 19 How to Engage National Infrastructure Protection Plan process Review and comment on Draft Documents www.dhs.gov/eo-ppd Provide input through dialogue on IdeaScale -- http://eoppd.ideascale.com Encourage partners to review and provide input PPD/EO Integrated Task Force Weekly Stakeholder Bulletin Current status of activities List of upcoming Open Forums, Webinars and other Engagement Opportunities Contact EO-PPDTaskForce@hq.dhs.gov for more information Also R&DWG@hq.dhs.gov for R&D plan information, participation Presenter’s Name June 17, 2003 20 DHS S&T Mission Strengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise 1) Create new technological capabilities and knowledge products 2) Provide Acquisition Support and Operational Analysis 3) Provide process enhancements and gain efficiencies 4) Evolve US understanding of current and future homeland security risks and opportunities FOCUS AREAS • Bio • Explosives • Cybersecurity • First Responders • Resilient Systems • Borders / Maritime 21 Cyber Security Focus Areas Trustworthy Cyber Infrastructure Working with the global Internet community to secure cyberspace Research Infrastructure to Support Cybersecurity Developing necessary research infrastructure to support R&D community R&D Partnerships Establishing R&D partnerships with private sector, academia, and international partners Innovation and Transition Ensuring R&D results become real solutions Cybersecurity Education Leading National and DHS cybersecurity education initiatives Presenter’s Name June 17, 2003 22 Trustworthy Cyber Infrastructure Secure Protocols DNSSEC – Domain Name System Security Govt and private sector worked together to make this happen Started in 2004; now 111 top level (gTLD) and country code (ccTLD) domains adopted globally including the Root SPRI – Secure Protocols for Routing Infrastructure Internet Measurement and Attack Modeling Geographic mapping of Internet resources Logically and/or physically connected maps of Internet resources Monitoring and archiving of BGP route information Co-funding with Australia Presenter’s Name http://www.isi.edu/ant/address/browse/ June 17, 2003 23 Research Infrastructure Experimental Research Testbed (DETER) Researcher and vendor-neutral experimental infrastructure Used by over 200 organizations from more than 20 states and 17 countries Used by over 40 classes, from 30 institutions involving 2,000+ students http://www.deter-project.org Research Data Repository (PREDICT) Repository of network data for use by the U.S.- based cyber security research community More than 200 users (academia, industry, gov’t); Over 600TB of network data; Tools are used by major service providers and many companies Phase 2: New datasets, ICTR Ethics, International (CA, AUS, JP, EU) https://www.predict.org Software Assurance Market Place (SWAMP) A software assurance testing and evaluation facility and the associated research infrastructure services Presenter’s Name June 17, 2003 24 R&D Partnerships Oil and Gas Sector LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity Electric Power Sector TCIPG – Trustworthy Computing Infrastructure for the Power Grid Banking and Finance Sector FI-VICS – Financial Institutions – Verification of Identity Credential Service DECIDE – Distributed Environment for Critical Incident Decision-making Exercises (recent Quantum Dawn II exercise) State and Local PRISEM - Public Regional Information Security Event Management PIV-I/FRAC TTWG – State and Local and Private Sector First Responder Authentication Credentials and Technology Transition Law Enforcement SWGDE – Special Working Group on Digital Evidence (FBI lead) CFWG – Cyber Forensics Working Group (CBP, ICE, USSS, FBI, S/L) Presenter’s Name June 17, 2003 25 S&T International Engagements International Bilateral Agreements Government-to-government cooperative activities for 13 bilateral Agreements • • • • • • • • • • • • • Canada (2004) Australia (2004) United Kingdom (2005) Singapore (2007) Sweden (2007) Mexico (2008) Israel (2008) France (2008) Germany (2009) New Zealand (2010) European Commission (2010) Spain (2011) COUNTRY Netherlands (2013) Over $6M of International co-funding PROJECTS MONEY IN JOINT MONEY OUT Australia 3 $300K $400K Canada 11 $1.8M Germany 1 $300K Israel 2 $100K Netherlands 7 $450K $1.2M $150K Sweden 4 $650K United Kingdom 3 $1.2M $400K European Union 1 Presenter’s Name June 17, 2003 Japan 1 CSD R&D Execution Model Successes • Ironkey – Secure USB – – • Research Development Test and Evaluation & Transition (RDTE&T) Komoku – Rootkit Detection Technology – • • • Over 100 pilot deployments as part of Cyber Forensics Endeavor Systems – Malware Analysis tools – Acquired by McAfee Stanford – Anti-Phishing Technologies – Example: DARPA has provided $9M to CSD for development and transition of Military Networking Protocol (MNP) technology and has started discussions for testing and evaluation of Automated Malware Analysis technology Acquired by Microsoft HBGary – Memory and Malware Analysis – • Standard Issue to S&T employees from S&T CIO Acquired by Imation Open source; most browsers have included Stanford R&D Secure Decisions – Data Visualization – Pilot with DHS/NCSD/US-CERT; Acquisition Presenter’s Name June 17, 2003 Transition To Practice (TTP) Program R&D Sources DOE National Labs FFRDC’s (Federally Funded R&D Centers) Academia Small Business Transition processes Testing & evaluation Red Teaming Pilot deployments Implement Presidential Memorandum – “Accelerating Technology Transfer and Commercialization of Federal Research in Support of High-Growth Businesses” (Oct 28, 2011) Utilization Open Sourcing Licensing New Companies Adoption by cyber operations analysts Direct privatesector adoption Government use Presenter’s Name June 17, 2003 28 A NATIONAL PROBLEM The Nation needs greater cybersecurity awareness and more cybersecurity experts. There is a lack of communication between government, private industry, and academia. Many cybersecurity training programs exist but there is little consistency among programs, and potential employees lack information about the skills needed for jobs. Cybersecurity Career development and scholarships are available but uncoordinated, and the resources that do exist are difficult to find. NICE was established in support of the Comprehensive National Cybersecurity Initiative (CNCI) – Initiative 8: Expand Cyber Education – Interim Way Forward and is comprised of over 20 federal departments and agencies. 29 Cybersecurity Education Cyber Security Competitions (http://nationalccdc.org) National Initiative for Cybersecurity Education (NICE) NCCDC (Collegiate); U.S. Cyber Challenge (High School) Provide a controlled, competitive environment to assess a student’s depth of understanding and operational competency in managing the challenges inherent in protecting a corporate network infrastructure and business information systems. DHS Cyber Skills Task Force (CSTF) Established June 6, 2012 - Homeland Security Advisory Council Over 50 interviews (DHS internal and external) Identify best ways DHS can foster the development of a national security workforce capable of meeting current and future cybersecurity challenges; Outline how DHS can improve its capability to recruit and retain sophisticated cybersecurity talent. 11 recommendations in 5 key areas Presenter’s Name June 17, 2003 30 DHS Cyber Skills Task Force (CSTF) - Objectives Objective I: Ensure that the people given responsibility for mission-critical cybersecurity roles and tasks at DHS have demonstrated that they have high proficiency in those areas. Objective II: Help DHS employees develop and maintain advanced technical cybersecurity skills and render their working environment so supportive that qualified candidates will prefer to work at DHS. Objective III: Radically expand the pipeline of highly qualified candidates for technical mission-critical jobs through partnerships with community colleges, universities, organizers of cyber competitions, and other federal agencies. Objective IV: Focus the large majority of DHS’s near term efforts in cybersecurity hiring, training, and human capital development on ensuring that the Department builds a team of approximately 600 federal employees with mission-critical cybersecurity skills. Objective V: Establish a “CyberReserve” program to ensure a cadre of technically proficient cybersecurity professionals are ready to be called upon if and when the nation needs them. 31 ICE Homeland Security Investigations (HSI) Cyber Student Initiative (7/10/13) 36 HSI offices volunteered to participate 291 Applicants of which 203 were Qualified Applicants 27 Candidates Selected (of which 2 declined) – Atlanta, Baltimore, Boston, Buffalo, Charleston, Charlotte, Chicago, Denver, El Paso, Long Beach, Los Angeles, New York, Orlando, Pensacola, Philadelphia, Phoenix, San Antonio, San Francisco, Savannah, Seattle, DC. Twenty three (23) candidates employed between JulySeptember 2013 32 Intern Program – Round 1 Number of Interns 1intern 1 intern 1 intern 1 intern 1intern 1 intern 1 intern EOD Date 7/22/13 7/15/13 1 intern 1 intern 1 intern 1 intern 1 intern 1 intern 1 intern 1 intern 1 intern 1 intern 1 intern 1 intern 1 intern 1 intern 1 intern 1 intern 1 intern 1 intern 7/22/13 7/09/13 7/09/13 7/09/13 7/08/13 7/09/13 7/08/13 College Chattahoochee Technical College Anne Arundel Community College Anne Arundel Community College Bunker Hill Community College Westchester Community College Trident Technical College Location Central Piedmont Community College Atlanta, GA Baltimore, MD Baltimore, MD Boston, MA Buffalo, NY Charleston, NC Charlotte, NC Moraine Valley Community College Garden City Community College Community College of Denver El Paso Community College Prince George’s Community College DeVry University New York Institute Technology SUNY Orange Middletown NY Valencia College Valencia College Pensacola State College Anne Arundel Community College Mesa Community College Alamo Colleges Diablo Valley College Cochise College Edmonds Community College Chattahoochee Technical College Chicago, IL Denver, CO Denver, CO El Paso, TX Fairfax, VA (C3) Los Angeles, CA New York, NY New York, NY Orlando, FL Orlando, FL Pensacola, FL Philadelphia, PA Phoenix, AZ San Antonio, TX San Francisco, CA San Francisco, CA Savannah, GA Seattle, WA 33 White House Priorities – FY14+ Secure Federal Networks Identity/Credential Access Mgmt (ICAM), Cloud Exchange, Fed-RAMP Protect Critical Infrastructure Public-Private Cyber Coordination, EO/PPD Initiatives Improve Incident Response and Reporting Information Sharing among Federal Centers Capacity Building for State/Local/Tribal/Territorial (SLTTs) Engage Internationally Foreign Assistance Capacity Building Build Workforce Capacity to Support International Cyber Engagement Shape the Future National Strategy for Trusted Identity in Cyberspace (NSTIC) National Initiative for Cybersecurity Education (NICE) Cybersecurity R&D – EO/PPD R&D Plan, Federal R&D Plan, Transition To Practice, Foundational Research Presenter’s Name June 17, 2003 34 Future - Inter-Agency: CPS Cyber Physical Systems (CPS) “Smart networked systems with embedded sensors, processors and actuators that are designed to sense and interact with the physical world (including the human users), and support real-time, guaranteed performance in safety-critical applications” Several workshops over the past year or two Transportation Automotive, UAVs, Aeronautical, Rail Manufacturing Healthcare Energy Agriculture Defense Emergency Response Others ….. All with an eye towards society, economics, and impact Presenter’s Name June 17, 2003 35 CSD New Program Ideas Security for Cloud-Based Systems Data Privacy Technologies Mobile Wireless Investigations Mobile Device Security Next-Generation DDOS Defenses Application Security Threat Attack Modeling (ASTAM) Static Tool Analysis Modernization Project (STAMP) Network Reputation and Risk Analysis Data Analytics Methods for Cyber Security Cyber Security Education Designed-In Security Finance Sector Cybersecurity DNSSEC Applications Data Provenance for Cybersecurity Cyber Economic Incentives – based on EO/PPD June 17, 2003 Presenter’s Name 36 Programs for U. S. Small Business Small Business Innovation Research •2.5% (SBIR) Set-aside program for small business concerns to engage in federal R&D -- with potential for commercialization Small Business Technology Transfer •.3% (STTR) Set-aside program to facilitate cooperative R&D between small business concerns and research institutions -- with potential for commercialization SBIR - A 3 Phase Program •PHASE I • Feasibility Study • $100K (in general) and 6 month effort (amounts are changing) •PHASE II • Full Research/R&D • $750K and 24 month effort (amounts are changing) • Commercialization plan required •PHASE III • Commercialization Stage • Use of non-SBIR Funds Agency SBIR Differences Number and timing of solicitations R&D Topic Areas – Broad vs. Focused Dollar Amount of Award (Phase I and II) Proposal preparation instructions Financial details (e.g., Indirect Cost Rates) Proposal review process Proposal success rates Types of award Commercialization assistance And more………… Small Business Innovative Research (SBIR) FY04 Network-based Boundary Controllers (3) Botnet Detection and Mitigation (4) FY07 Mobile Device Forensics (1) FY12 Large-Scale Network Survivability, Rapid Recovery, and Reconstitution (1) FY11 Software Testing and Vulnerability Analysis (3) FY10 FY06 Hardware-assisted System Security Monitoring (4) FY09 FY05 Cross-Domain Attack Correlation Technologies (2) Real-Time Malicious Code Identification (2) Advanced SCADA and Related Distributed Control Systems (5) Moving Target Defense (2) Solid State Drive (SSD) Analysis (1) FY13 Hybrid Analysis Mapping Software Based Roots of Trust for Enhanced Mobile Device Security Secure and Reliable Wireless Communication for Control Systems (2) 40 Small Business Innovative Research (SBIR) Important program for creating new innovation and accelerating transition into the marketplace Since 2004, DHS S&T Cyber Security has had: 74 Phase I efforts 28 Phase II efforts 4 Phase II efforts currently in progress 10 commercial/open source products available Four acquisitions Komoku, Inc. (MD) acquired by Microsoft in March 2008 Endeavor Systems (VA) acquired by McAfee in January 2009 Solidcore (CA) acquired by McAfee in June 2009 HBGary (CA) acquired by ManTech in February 2012 41 Cyber Security R&D Broad Agency Announcement (BAA) Delivers both near-term and medium-term solutions To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure, based on customer requirements To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging cybersecurity systems; To facilitate the transfer of these technologies into operational environments. Proposals Received According to 3 Levels of Technology Maturity Type I (New Technologies) Applied Research Phase Development Phase Demo in Op Environ. Funding ≤ $3M & 36 mos. Type II (Prototype Technologies) More Mature Prototypes Development Phase Demo in Op Environ. Funding ≤ $2M & 24 mos. Type III (Mature Technologies) Mature Technology Demo Only in Op Environ. Funding ≤ $750K & 12 mos. Note: Technology Demonstrations = Test, Evaluation, and Pilot deployment in DHS “customer” environments 42 DHS S&T Long Range Broad Agency Announcement (LRBAA) 12-07 S&T seeks R&D projects for revolutionary, evolving, and maturing technologies that demonstrate the potential for significant improvement in homeland security missions and operations Offerors can submit a pre-submission inquiry prior to White Paper submission that is reviewed by an S&T Program Manager CSD has 18 Topic Areas (CSD.01 – CSD.18) – SEE NEXT SLIDE LRBAA 12-07 has been extended and closes on 12/31/13 S&T BAA Website: https://baa2.st.dhs.gov Additional information can be found on the Federal Business Opportunities website (www.fbo.gov) (Solicitation #:DHSSTLRBAA12-07) 43 LRBAA Summary Listing CSD.01 – Comprehensive National Cybersecurity Initiative and Federal R&D Strategic Plan topics CSD.02 – Internet Infrastructure Security CSD.03 – National Research Infrastructure CSD.04 –Homeland Open Security Technology CSD.05 – Forensics support to law enforcement CSD.06 – Identity Management CSD.07 – Data Privacy and Information Flow technologies. CSD.08 – Software Assurance CSD.09 – Cyber security competitions, education and curriculum development. CSD.10 – Process Control Systems and Critical Infrastructure Security CSD.11 – Internet Measurement and Attack Modeling CSD.12 – Securing the mobile workforce CSD.13 - Security in cloud based systems CSD.14 – Experiments – Test and evaluation in experimental operational environments to facilitate transition. CSD.15 – Research Data Repository CSD.16 – Cybersecurity Economic Incentives CSD.17 – Data Analytics – analysis techniques, visualization, CSD.18 – Tailored Trustworthy Spaces – trust negotiation, app anonymity 44 Summary Cybersecurity research is a key area of innovation to support our global economic and national security futures DHS S&T continues with an aggressive cyber security research agenda Working to solve the cyber security problems of our current (and future) infrastructure and systems Working with academe and industry to improve research tools and datasets Looking at future R&D agendas with the most impact for the nation Need to continue strong emphasis on technology transfer and experimental deployments Must focus on the education, training, and awareness aspects of our current and future cybersecurity workforce Presenter’s Name June 17, 2003 45 Recent CSD Publications Presenter’s Name June 17, 2003 46 Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) douglas.maughan@dhs.gov 202-254-6145 / 202-360-3170 For more information, visit http://www.dhs.gov/cyber-research http://www.dhs.gov/st-csd Presenter’s Name June 17, 2003 47
