DHS S&T Cyber Security Division (CSD) Overview TCIPG Industry Workshop UIUC November 8, 2011 Dept. of Homeland Security Science & Technology Directorate Greg Wigton Program Manager Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) [email protected] 202-254-6140
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
DHS S&T Cyber Security Division (CSD) Overview
TCIPG Industry Workshop UIUC November 8, 2011
Dept. of Homeland Security Science & Technology Directorate
Greg Wigton Program Manager Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) [email protected] 202-254-6140
2
Comprehensive National Cybersecurity Initiative (CNCI)
Reduce the Number of Trusted Internet
Connections
Deploy Passive Sensors Across
Federal Systems
Pursue Deployment of Automated
Defense Systems
Coordinate and Redirect R&D Efforts
Establish a front line of defense
Connect Current Centers to Enhance
Situational Awareness
Develop Gov’t-wide Counterintelligence
Plan for Cyber
Increase Security of the Classified
Networks Expand Education
Resolve to secure cyberspace / set conditions for long-term success
Define and Develop Enduring Leap Ahead
Technologies, Strategies & Programs
Define and Develop Enduring Deterrence
Strategies & Programs
Manage Global Supply Chain Risk
Cyber Security in Critical Infrastructure
Domains
Shape future environment / secure U.S. advantage / address new threats
http://cybersecurity.whitehouse.gov 2
Federal Cybersecurity Research and Development
Program: Strategic Plan
3
Federal Cybersecurity R&D Strategic Plan Research Themes
Tailored Trustworthy Spaces Moving Target Defense Cyber Economics and Incentives Designed-In Security (New for FY12)
Science of Cyber Security Transition to Practice
Technology Discovery Test & Evaluation / Experimental Deployment Transition / Adoption / Commercialization
Support for National Priorities Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education),
Financial Services
4 28 October 2011
Quadrennial Homeland Security Review
5
The Core Missions
1. Preventing terrorism and enhancing security;
2. Securing and managing our borders;
3. Enforcing and administering our immigration laws;
4. Safeguarding and securing cyberspace; and
5. Ensuring resilience to disasters.
Mission 6: Maturing and Strengthening the Homeland Security Enterprise
Foster Innovative Solutions Through Science and Technology
• Ensure scientifically informed analyses and decisions are coupled to effective technological solutions
• Conduct scientific assessments of threats and vulnerabilities
• Foster collaborative efforts involving government, academia, and the private sector to create innovative approaches to key homeland security challenges
28 October 2011
DHS S&T Mission Strengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise
28 October 2011 6
28 October 2011 7
28 October 2011
Cyber Security Division (CSD) R&D Execution Model
8
29 October 2010 9
Cyber Security Program Areas Research Infrastructure to Support Cybersecurity
(RISC)
Trustworthy Cyber Infrastructure (TCI)
Cyber Technology Evaluation and Transition (CTET)
Foundational Elements of Cyber Systems (FECS)
Cybersecurity User Protection and Education (CUPE)
Research Infrastructure (RISC) Experimental Research Testbed (DETER)
Researcher and vendor-neutral experimental infrastructure DETER - http://www.isi.edu/deter/
Research Data Repository (PREDICT) Repository of network data for use by the U.S.- based
cyber security research community PREDICT – https://www.predict.org
Software Quality Assurance (SWAMP) A software assurance testing and evaluation facility and the
associated research infrastructure services
28 October 2011 10
Trustworthy Cyber Infrastructure (TCI) Secure Protocols
DNSSEC – Domain Name System Security SPRI – Secure Protocols for Routing Infrastructure
Process Control Systems LOGIIC – Linking Oil & Gas Industry to Improve
Cybersecurity TCIPG – Trustworthy Computing Infrastructure for the
Power Grid Internet Measurement and Attack Modeling
Geographic mapping of Internet resources Logically and/or physically connected maps of Internet
resources Monitoring and archiving of BGP route information
28 October 2011 11
Evaluation and Transition (CTET) Assessment and Evaluations
Red Teaming of DHS S&T-funded technologies Experiments and Pilots
Experimental Deployment of DHS S&T-funded technologies into operational environments
Transition to Practice (CNCI) New FY12 Initiative
28 October 2011 12
Foundational Elements (FECS) Enterprise Level Security Metrics and Usability Homeland Open Security Technology (HOST) Software Quality Assurance Cyber Economic Incentives (CNCI)
New FY12 Initiative Leap Ahead Technologies (CNCI) Moving Target Defense (CNCI)
New FY12 Initiative Tailored Trustworthy Spaces (CNCI)
New FY12 Initiative
28 October 2011 13
Cybersecurity Users (CUPE) Cyber Security Competitions
National Initiative for Cybersecurity Education (NICE) NCCDC (Collegiate); U.S. Cyber Challenge (High School)
Cyber Security Forensics More later
Identity Management National Strategy for Trusted Identities in Cyberspace (NSTIC)
Data Privacy Technologies New Start in FY13
28 October 2011 14
DHS S&T Cybersecurity Program
28 October 2011 15
PEOPLE
SYSTEMS
INFRASTRUCTURE
RESEARCH INFRASTRUCTURE
Secure Protocols
Identity Management Enterprise Level Security Metrics & Usability Data Privacy Cyber Forensics Competitions
Process Control Systems Internet Measurement & Attack Modeling
Experimental Research Testbed (DETER) Research Data Repository (PREDICT) Software Quality Assurance (SWAMP)
Software Quality Assurance Homeland Open Security Technology Experiments & Pilots Assessments & Evaluations
Cyber Economic Incentives Moving Target Defense Tailored Trustworthy Spaces Leap Ahead Technologies Transition To Practice
Critical Infrastructure / Key Resources DECIDE (Distributed Environment for Critical Infrastructure Decision-
making Exercises) Provide a dedicated exercise capability to foster an effective, practiced business
continuity effort to deal with increasingly sophisticated cyber threats Enterprises initiate their own exercises, define their own scenarios, protect their
proprietary data, and learn vital lessons to enhance business continuity The Financial Services Sector Coordinating Council R&D Committee has
organized a user-group of subject matter experts paid by their respective financial institutions to support the project over the next two years.
LOGIIC – Linking the Oil & Gas Industry to Improve Cybersecurity A collaboration of oil and natural gas companies and DHS S&T to facilitate
cooperative research, development, testing, and evaluation procedures to improve cyber security in Industrial Automation and Control Systems Consortium under the Automation Federation
TCIPG – Trustworthy Computing Infrastructure for the Power Grid
Partnership with DOE funded at UIUC with several partner universities and industry participation
Drive the design of an adaptive, resilient, and trustworthy cyber infrastructure for transmission & distribution of electric power, including new resilient “smart” power grid
16
17
DECIDE (Distributed Environment for Critical Infrastructure Decision-making Exercises) Enable enterprise decision-makers to think through responses to operational disruptions
of market-based transactions across networks Sector(s), Market(s), Institution(s)
Provide a dedicated exercise capability for several critical infrastructures in the U.S. Beginning with Banking and Finance
Foster an effective, practiced business continuity effort to deal with increasingly sophisticated cyber threats Enterprises will be able to initiate their own large-scale exercises, define their own scenarios, protect
their proprietary data, and learn vital lessons to enhance business continuity, all from their desktops
Think through sector impacts of the National Planning Scenarios Enhance coordination during a large-scale disruption to key infrastructures
The concept has been reviewed by and developed with input from experts at ChicagoFIRST, the Options Clearing Corporation, ABN-AMRO, Eurex, Archipelago, Bank of New York, and CitiBank.
The Financial Services Sector Coordinating Council R&D Committee is organizing a user-group of subject matter experts paid by their respective financial institutions to support the project over the next two years.
DECIDE
Began as a gleam in the eye of a BNY Risk Manager in 2004 Seen as a logical follow-on the the 2003 Livewire Cyber Exercise Simulation Designed to stress the massive interdependencies of critical infrastructures and
help them prepare for low probability / high consequence disruptions
Prototyped in 2005 / 2006 with some Homeland Security funding
Gained FSSCC Support in 2006 Meets a priority FSCCC R&D Need
Transitioned to a $15 million full-scale R&D effort funded by the Department of Homeland Security in 2008 R&D team led by Norwich University Applied Research Institutes
18
•Goal: Create a Finance-sector requested, software-based simulation environment for sector-risk exercises
19
Partnership Project LOGIIC is a model for
government-industry technology integration and demonstration efforts to address critical R&D needs
Industry contributes Requirements and operational expertise Project management Product vendor channels
DHS S&T contributes National Security Perspective on threats Access to long term security research Independent researchers with technical expertise Testing facilities
20
Overview Opportunity: Reduce vulnerabilities
of oil & gas process control environments by correlating and analyzing abnormal events to identify and prevent cyber security threats
Approach: Identify new types of security
sensors for process control networks
Adapt a best-of-breed correlation engine to this environment
Integrate in testbed and demonstrate
Transfer technology to industry
•Business Network
•Process Control Network
•LOGIIC Correlation Engine
•External Events
•Attack Indications and •Warnings
21
Consortium
•Oil & Gas Sector •Participating Companies
•Project #1
•Project #2
•Project #3
•Project #4
•Project #N
•Researchers
•Vendors
•Labs
•DHS S&T •ISA Automation
Federation (AF)
•DHS PCII
SIS Project Security of Safety Instrumented Systems SIS Objective: bring a process plant to a safe state when an excursion
outside pre-established operating parameters occurs SIS increasingly integrated with PCS – is the integrity of production
facilities jeopardized? LOGIIC SIS will result in
Security improvements Characterization of residual risk Architectural recommendations Confidence in the architectural integrity of SIS
– Final summary report provides architectural recommendations
for PCS/SIS integration – Outreach to standards bodies and the sector is underway
Trustworthy Cyber Infrastructure for the Power Grid
Current TCIPG Effort
• $18.5 M over 5 years
Jointly funded with Department Of Energy • 5 universities, 20 senior investigators
University of Illinois at Urbana-Champaign Washington State University Cornell University Dartmouth University University of California at Davis
Over 40 Graduate and Undergraduate Students External Advisory Board (8 members) Industry interaction board (75 members)
23
Industrial Control Systems Joint Working Group (ICSJWG) Administered by the Dept. of Homeland Security’s Control Systems
Security Program. Provides a vehicle for collaboration between government and private
sector control systems stakeholders Government Coordinating Council Sector Coordinating Council Subject Matter Experts
Meets twice a year in conference as a plenary session, sub groups meet as needed.
Includes 5 subgroups plus 1 Pending ICS Roadmap Development International Research and Development Standards and Metrics (pending) Vendor / Public Coordination Workforce Development
24
ICSJWG Research & Development Subgroup
• The Research and Development Subgroup will identify existing and planned research and development needs and priorities as they relate to industrial control systems
• Objectives • Identify existing and planned R&D needs and priorities as they
relate to ICS • Identify desired areas of ICS research not currently under way • Evaluate if a more secure process or mechanism is needed for
sharing sensitive R&D information
• DHS S&T co-chairs the R&D subgroup
• For more information, visit: • http://www.us-cert.gov/control_systems/icsjwg
25
HSARPA Cyber Security R&D Broad Agency Announcement (BAA) 11-02 Delivers both near-term and medium-term solutions
To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure, based on customer requirements
To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging cybersecurity systems;
To facilitate the transfer of these technologies into operational environments.
Proposals Received According to 3 Levels of Technology Maturity
28 October 2011 26
Type I (New Technologies) Applied Research Phase Development Phase Demo in Op Environ. Funding ≤ $3M & 36 mos.
Type II (Prototype Technologies) More Mature Prototypes Development Phase Demo in Op Environ. Funding ≤ $2M & 24 mos.
Type III (Mature Technologies) Mature Technology Demo Only in Op Environ. Funding ≤ $750K & 12 mos.
Note: Technology Demonstrations = Test, Evaluation, and Pilot deployment in DHS “customer” environments
28 October 2011 27
Technical Topic Areas (TTAs) TTA-1 Software Assurance DHS, FSSCC TTA-2 Enterprise-level Security Metrics DHS, FSSCC TTA-3 Usable Security DHS, FSSCC TTA-4 Insider Threat DHS, FSSCC TTA-5 Resilient Systems and Networks DHS, FSSCC TTA-6 Modeling of Internet Attacks DHS TTA-7 Network Mapping and Measurement DHS TTA-8 Incident Response Communities DHS TTA-9 Cyber Economics CNCI TTA-10 Digital Provenance CNCI TTA-11 Hardware-enabled Trust CNCI TTA-12 Moving Target Defense CNCI TTA-13 Nature-inspired Cyber Health CNCI TTA-14 Software Assurance MarketPlace S&T (SWAMP)
28 October 2011 28
Small Business Innovative Research (SBIR) Important program for creating new innovation and
accelerating transition into the marketplace Since 2004, DHS S&T Cyber Security has had:
60 Phase I efforts 27 Phase II efforts 4 Phase II efforts currently in progress 9 commercial/open source products available Three acquisitions
Komoku, Inc. (MD) acquired by Microsoft in March 2008 Endeavor Systems (VA) acquired by McAfee in January 2009 Solidcore (CA) acquired by McAfee in June 2009
28 October 2011 29
Initial requirements working group held November 2008 Attendees from USSS, CBP, ICE, FLETC, FBI, NIJ, TSWG,
NIST, Miami-Dade PD, Albany NY PD
Initial list of project requirements - Mobile device and GPS forensic tools LE First responder “field analysis kit” High-speed data capture and deep packet inspection Live stream capture for gaming systems Memory analysis and malware tools Info Clearing House
Cyber Forensics
SBIR Solicitation 2011.2 Mobile Device Forensics NAND/NOR Chip Forensics (Lab Tool)
Reading the data stored on the chip Reverse engineering of the wear-leveling algorithm Mounting the file system
Bypassing PIN/PUK Codes Tool to extract PIN / PUK codes from locked SIM cards
Disposable Cell Phone Analysis Demonstration and development of methods and tools
that will allow an investigator to acquire all: call logs, contacts, pictures, videos, and text messages stored within all disposable cell phones.
28 October 2011 30
28 October 2011 31
Timeline of Past Research Reports
1997
1998
2000
2001
2003
2004
2005
2006
1999
2002
2007
President’s Commission on CIP (PCCIP)
NRC CSTB Trust in Cyberspace
I3P R&D Agenda
National Strategy to Secure Cyberspace
Computing Research Association – 4 Challenges
NIAC Hardening the Internet
PITAC - Cyber Security: A Crisis of Prioritization
IRC Hard Problems List
NSTC Federal Plan for CSIA R&D
NRC CSTB Toward a Safer and More Secure Cyberspace
All documents available at http://www.cyber.st.dhs.gov
28 October 2011 32
A Roadmap for Cybersecurity Research
http://www.cyber.st.dhs.gov Scalable Trustrworthy Systems Enterprise Level Metrics System Evaluation Lifecycle Combatting Insider Threats Combatting Malware and Botnets Global-Scale Identity Management Survivability of Time-Critical
Systems Situational Understanding and Attack
Attribution Information Provenance Privacy-Aware Security Usable Security
Summary
Cybersecurity research is a key area of innovation needed to support our future
DHS S&T continues with an aggressive cyber security research agenda Working to solve the cyber security problems of our
current (and future) infrastructure and systems Working with academe and industry to improve research
tools and datasets Looking at future R&D agendas with the most impact for
the nation, including education Need to continue strong emphasis on technology
transfer and experimental deployments
28 October 2011 33
28 October 2011 34
For more information, visit http://www.cyber.st.dhs.gov
Greg Wigton Program Manager Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) [email protected] 202-254-6140
Related Documents
