Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

HSARPA Cyber Security R&D

advertisement 
Homeland Security Advanced Research Projects Agency
Cyber Security Division
U.S. Cybersecurity R&D Landscape
Douglas Maughan, Ph.D.
Division Director
March 16, 2012
http://www.cyber.st.dhs.gov
1
Comprehensive National Cybersecurity
Initiative (CNCI)
Establish a front line of defense
Reduce the Number
of Trusted Internet
Connections
Deploy Passive
Sensors Across
Federal Systems
Pursue Deployment
of Automated
Defense Systems
Coordinate and
Redirect R&D Efforts
Resolve to secure cyberspace / set conditions for long-term success
Connect Current
Centers to Enhance
Situational Awareness
Develop Gov’t-wide
Counterintelligence
Plan for Cyber
Increase Security of
the Classified
Networks
Expand Education
Shape future environment / secure U.S. advantage / address new threats
Define and Develop
Enduring Leap Ahead
Technologies,
Strategies & Programs
Define and Develop
Enduring Deterrence
Strategies & Programs
Manage Global
Supply Chain Risk
Cyber Security in
Critical Infrastructure
Domains
http://cybersecurity.whitehouse.gov
2
2
Federal Gov’t Cyber Research Community
Agency / Org
Research Agenda
Researchers
Customers / Consumers
National Science
Foundation (NSF)
SW engineering/protection, HW/FW security,
mobile wireless and sensor networks, trustworthy
computing ; Several academic centers
Academics and NonProfits
Basic Research - No specific
customers
Defense Advanced
Research Projects Agency
(DARPA)
Lots of classified research; unclassified topics are
focused on basic research (CRASH, MRC, SAFER,
HACMS); National Cyber Range
Few academics; large
system integrators;
research and
government labs
Mostly DOD; most solutions
are GOTS, not COTS
National Security Agency
(NSA)
Information Assurance Automation (ISAP),
SELinux; Networking theory; CAEIAE centers
Mostly in-house
Intelligence community; some
NSA internal; some open
source
Intelligence Advanced
Research Projects Agency
(IARPA)
Automatic Privacy Protection (APP,) Securely
Taking on New Executable Software of Uncertain
Provenance (STONESOUP)
Mostly research labs,
system integrators, and
national labs; Some
academics
Intelligence community
National Institute of
Standards & Technology
(NIST)
Trusted Identities in Cyberspace, National
Initiative for Cybersecurity Education (NICE)
In-house; Most R&D
funding comes from
other agencies
Federal agencies with some
impact on state and locals
Department of Homeland
Security (DHS) S&T
All unclassified; Secure Internet Protocols;
Process Control Systems (PCS), Emerging Threats,
Insider Threat, Cyber Forensics; Software
Assurance, Open Security Technologies, Next
Generation Technologies
Blend of academics,
research and
government labs, nonprofits, private sector
and small business
DHS Components (including
NPPD, USSS, FLETC, FEMA, ICE,
CBP); CI/KR Sectors; USG and
Internet and Private Sector 3
Federal Cybersecurity
Research and Development
Program: Strategic Plan
4
Federal Cybersecurity R&D Strategic Plan
 Science of Cyber Security
 Research Themes




Tailored Trustworthy Spaces
Moving Target Defense
Cyber Economics and Incentives
Designed-In Security (New for FY12)
 Transition to Practice
 Technology Discovery
 Test & Evaluation / Experimental Deployment
 Transition / Adoption / Commercialization
 Support for National Priorities
 Health IT, Smart Grid, NSTIC (Trusted Identity), NICE
(Education), Financial Services
5
Federal Investments across All R&D







Big Data
Cloud Computing
Cyber-Physical Systems
Healthcare IT
High End Computing
Software Design and Productivity
STEM Education
6
CSD R&D Execution Model
7
Examples of CSD Successes

Ironkey – Secure USB


Coverity – Open Source Hardening (SCAN)


In use by DOD, SEC
GMU/ProInfo – Network Topology Analysis (Cauldron)


Acquired by McAfee in 2009
Telcordia – Automated Vulnerability Analysis


Over 100 pilot deployments as part of Cyber Forensics project
Endeavor Systems – Malware Analysis tools


Several commercial customers; Government pilots underway
HBGary – Memory and Malware Analysis


Acquired by Microsoft in 2008
Secure64 – DNSSEC Automation


Analyzes 150+ open source software packages daily
Komoku – Rootkit Detection Technology


Standard Issue to S&T employees from S&T CIO
In use at FAA, several commercial customers
Stanford – Anti-Phishing Technologies

Open source; most browsers have included Stanford R&D
 Secure Decisions –
Data Visualization
 Pilot with
DHS/NCSD/USCERT
8
DHS S&T Cyber Security Program Areas
 Research Infrastructure to Support Cybersecurity (RISC)
 Trustworthy Cyber Infrastructure (TCI)
 Cyber Technology Evaluation and Transition (CTET)
 Foundational Elements of Cyber Systems (FECS)
 Cybersecurity User Protection and Education (CUPE)
9
Research Infrastructure (RISC)
 Experimental Research Testbed (DETER)
 Researcher and vendor-neutral experimental infrastructure
 Used by over 200 organizations from more than 20 states and 17 countries
 Used by over 40 classes, from 30 institutions involving 2,000+ students
 http://www.deter-project.org
 Research Data Repository (PREDICT)
 Repository of network data for use by the U.S.- based cyber security
research community
 More than 100 users (academia, industry, gov’t); Over 250TB of network
data; Tools are used by major service providers and many companies
 Phase 2: New datasets, ICTR Ethics, International (JP, DE)
 https://www.predict.org
 Software Assurance Market Place (SWAMP)
 A software assurance testing and evaluation facility and the associated
research infrastructure services
 New FY12 initiative
10
Trustworthy Cyber Infrastructure
 Secure Protocols
 DNSSEC – Domain Name System Security
 Govt and private sector worked together to make this happen
 Started in 2004; now 35 top level domains adopted globally including the Root
 SPRI – Secure Protocols for Routing Infrastructure
 Working with ISPs (Verizon, Google), router vendors (Cisco, Juniper), others
 Process Control Systems
 LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity
 Consortium of super major O&G companies partnered with DHS
 TCIPG – Trustworthy Computing Infrastructure for the Power Grid
 Partnered with DOE, Advisory Board of 30+ private sector companies
 Internet Measurement and Attack Modeling




Geographic mapping of Internet resources
Logically and/or physically connected maps of Internet resources
Monitoring and archiving of BGP route information
Co-funding with Australia
11
Evaluation and Transition (CTET)
 Assessment and Evaluations
 Red Teaming of DHS S&T-funded technologies
 Support of numerous outreach events


Annual IT Security Entrepreneurs’ Forum
Quarterly Information Security Technology Transition Council (ITTC)
meetings
 Experiments and Pilots
 Experimental Deployment of DHS S&T-funded technologies into
operational environments

Partnerships with ICE, USSS, CBP, NCSD, S&T CIO
 Distributed Environment for Critical Incident Decision-making Exercises
(DECIDE) Tool for Finance Sector to conduct risk management
exercises and identify improvements
 Transition to Practice (CNCI)
 New FY12 Initiative
12
Foundational Elements (FECS)
 Homeland Open Security Technology (HOST)
 Use open source to improve security at all levels of government

Example: Suricata (open source IDS/IPS) – over $8M of comm. inv.
 New FY12 Initiatives
 Enterprise Level Security Metrics and Usability

Requirements from DHS/NCSD and FSSCC
 Software Quality Assurance





Requirements from DHS/NCSD and FSSCC
Cyber Economic Incentives (CNCI)
Leap Ahead Technologies (CNCI)
Moving Target Defense (CNCI)
Tailored Trustworthy Spaces (CNCI)
13
Cybersecurity Users (CUPE)
 Cyber Security Competitions
 National Initiative for Cybersecurity Education (NICE)
 NCCDC (Collegiate); U.S. Cyber Challenge (High School)
 Cyber Security Forensics
 Support to DHS and other Law Enforcement
customers (USSS, CBP, ICE, FBI, CIA)
 Identity Management &
Data Privacy Technologies
 National Strategy for Trusted
Identities in Cyberspace
(NSTIC)
14
DHS S&T Cybersecurity Program
Cyber Economic Incentives
Moving Target Defense
Tailored Trustworthy
Spaces
Leap Ahead Technologies
Transition To Practice
PEOPLE
SYSTEMS
Software Quality Assurance
Homeland Open Security
Technology
Experiments & Pilots
Assessments & Evaluations
INFRASTRUCTURE
Identity Management
Enterprise Level Security Metrics &
Usability
Data Privacy
Cyber Forensics
Competitions
Secure Protocols
Process Control Systems
Internet Measurement & Attack
Modeling
RESEARCH INFRASTRUCTURE
Experimental Research Testbed (DETER)
Research Data Repository (PREDICT)
Software Assurance Market Place (SWAMP)
15
Cyber Security R&D Broad Agency
Announcement (BAA)
 Delivers both near-term and medium-term solutions
 To develop new and enhanced technologies for the detection of,
prevention of, and response to cyber attacks on the nation’s critical
information infrastructure, based on customer requirements
 To perform research and development (R&D) aimed at improving the
security of existing deployed technologies and to ensure the
security of new emerging cybersecurity systems;
 To facilitate the transfer of these technologies into operational
environments.
 Proposals Received According to 3 Levels of Technology Maturity
Type I (New Technologies)
 Applied Research Phase
 Development Phase
 Demo in Op Environ.
 Funding ≤ $3M & 36 mos.
Type II (Prototype Technologies)
 More Mature Prototypes
 Development Phase
 Demo in Op Environ.
 Funding ≤ $2M & 24 mos.
Type III (Mature Technologies)
 Mature Technology
 Demo Only in Op Environ.
 Funding ≤ $750K & 12 mos.
Note: Technology Demonstrations = Test,
Evaluation, and Pilot deployment in
DHS “customer” environments
16
BAA 11-02 Technical Topic Areas (TTAs)
TTA-1
Software Assurance
DHS, FSSCC
TTA-2
Enterprise-Level Security Metrics
DHS, FSSCC
TTA-3
Usable Security
DHS, FSSCC
TTA-4
Insider Threat
DHS, FSSCC
TTA-5
Resilient Systems and Networks
DHS, FSSCC
TTA-6
Modeling of Internet Attacks
DHS
TTA-7
Network Mapping and Measurement
DHS
TTA-8
Incident Response Communities
DHS
TTA-9
Cyber Economics
CNCI
TTA-10
Digital Provenance
CNCI
TTA-11
Hardware-Enabled Trust
CNCI
TTA-12
Moving Target Defense
CNCI
TTA-13
Nature-Inspired Cyber Health
CNCI
TTA-14
Software Assurance MarketPlace (SWAMP)
S&T
 1003 White Papers
 224 Full Proposals encouraged
 Expected awards in June 2012
17
A Roadmap for Cybersecurity Research
 http://www.cyber.st.dhs.gov











Scalable Trustrworthy Systems
Enterprise Level Metrics
System Evaluation Lifecycle
Combatting Insider Threats
Combatting Malware and Botnets
Global-Scale Identity Management
Survivability of Time-Critical
Systems
Situational Understanding and
Attack Attribution
Information Provenance
Privacy-Aware Security
Usable Security
18
US R&D Mapped to CSIT Themes
 Adaptive Cyber Security Technologies
 Moving Target Defense
 Nature Inspired Cyber Health
 Protection of Smart Utility Grids
 PCS Project – LOGIIC and TCIPG
 Security of the Mobile Platform and Applications
 Identity Management Project - Combining Id Mgmt with mobile
devices (ala BYOD)
 Multi-faceted Approach to Cyber Security Research
 Usable Security
 Cyber Economics and Incentives
 Incident Response Communities
19
Summary
 Cybersecurity research is a key area of innovation needed to
support our future
 Collaboration, both inter-agency and international, are essential to
producing next-generations solutions
 DHS S&T continues with an aggressive cyber security research
agenda
 Working to solve the cyber security problems of our current (and future)
infrastructure and systems
 Working with academe and industry to improve research tools and
datasets
 Looking at future R&D agendas with the most impact for the nation,
including education
 Need to continue strong emphasis on technology transfer and
experimental deployments
20
Douglas Maughan, Ph.D.
Division Director
Cyber Security Division
Homeland Security Advanced
Research Projects Agency (HSARPA)
douglas.maughan@dhs.gov
202-254-6145 / 202-360-3170
For more information, visit
http://www.cyber.st.dhs.gov
21
The Menlo Report
"Ethical Principles Guiding Information and Communication Technology
Research”, Supported by US Department of Homeland Security (Published
in the Federal Register - Dec 2011).
Belmont Principle
Menlo Application
Respect for Persons
Identify stakeholders
Informed consent
Beneficence
Identify potential benefits and harms
Balance risks and benefits
Mitigate realized harms
Justice
Fairness and equity
Additional Menlo Principle: Respect
for the Law and Public Interest
Compliance
Transparency and accountability
Menlo Companion document – over 20 cases of
unethical / illegal research activity
22
Related documents
RADM Day (USCG Cyber) - Feb 2013
RADM Day (USCG Cyber) - Feb 2013
apdf nov 4 - 0910 sakada
apdf nov 4 - 0910 sakada
Joining the Cybersecurity Revolution: What it means, where the jobs
Joining the Cybersecurity Revolution: What it means, where the jobs
Jorge Valenzuela
Jorge Valenzuela
Day 4 Index - 507 Access 13, 15, 40, 56, 71, 76
Day 4 Index - 507 Access 13, 15, 40, 56, 71, 76
solving national security challenges with information technology by
solving national security challenges with information technology by
Cyber US Government Silicon Valley Opportunites and Challenges
Cyber US Government Silicon Valley Opportunites and Challenges
Download
advertisement