This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
DHS S&T Cyber Security Division (CSD) Overview
TCIPG Industry Workshop UIUC November 8, 2011
Dept. of Homeland Security Science & Technology Directorate
Greg Wigton Program Manager Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) [email protected] 202-254-6140
2
Comprehensive National Cybersecurity Initiative (CNCI)
Reduce the Number of Trusted Internet
Connections
Deploy Passive Sensors Across
Federal Systems
Pursue Deployment of Automated
Defense Systems
Coordinate and Redirect R&D Efforts
Establish a front line of defense
Connect Current Centers to Enhance
Situational Awareness
Develop Gov’t-wide Counterintelligence
Plan for Cyber
Increase Security of the Classified
Networks Expand Education
Resolve to secure cyberspace / set conditions for long-term success
Define and Develop Enduring Leap Ahead
Technologies, Strategies & Programs
Define and Develop Enduring Deterrence
Strategies & Programs
Manage Global Supply Chain Risk
Cyber Security in Critical Infrastructure
Domains
Shape future environment / secure U.S. advantage / address new threats
http://cybersecurity.whitehouse.gov 2
Federal Cybersecurity Research and Development
Program: Strategic Plan
3
Federal Cybersecurity R&D Strategic Plan Research Themes
Tailored Trustworthy Spaces Moving Target Defense Cyber Economics and Incentives Designed-In Security (New for FY12)
Support for National Priorities Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education),
Financial Services
4 28 October 2011
Quadrennial Homeland Security Review
5
The Core Missions
1. Preventing terrorism and enhancing security;
2. Securing and managing our borders;
3. Enforcing and administering our immigration laws;
4. Safeguarding and securing cyberspace; and
5. Ensuring resilience to disasters.
Mission 6: Maturing and Strengthening the Homeland Security Enterprise
Foster Innovative Solutions Through Science and Technology
• Ensure scientifically informed analyses and decisions are coupled to effective technological solutions
• Conduct scientific assessments of threats and vulnerabilities
• Foster collaborative efforts involving government, academia, and the private sector to create innovative approaches to key homeland security challenges
28 October 2011
DHS S&T Mission Strengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise
28 October 2011 6
28 October 2011 7
28 October 2011
Cyber Security Division (CSD) R&D Execution Model
8
29 October 2010 9
Cyber Security Program Areas Research Infrastructure to Support Cybersecurity
(RISC)
Trustworthy Cyber Infrastructure (TCI)
Cyber Technology Evaluation and Transition (CTET)
Foundational Elements of Cyber Systems (FECS)
Cybersecurity User Protection and Education (CUPE)
Research Infrastructure (RISC) Experimental Research Testbed (DETER)
Researcher and vendor-neutral experimental infrastructure DETER - http://www.isi.edu/deter/
Research Data Repository (PREDICT) Repository of network data for use by the U.S.- based
cyber security research community PREDICT – https://www.predict.org
Software Quality Assurance (SWAMP) A software assurance testing and evaluation facility and the
making Exercises) Provide a dedicated exercise capability to foster an effective, practiced business
continuity effort to deal with increasingly sophisticated cyber threats Enterprises initiate their own exercises, define their own scenarios, protect their
proprietary data, and learn vital lessons to enhance business continuity The Financial Services Sector Coordinating Council R&D Committee has
organized a user-group of subject matter experts paid by their respective financial institutions to support the project over the next two years.
LOGIIC – Linking the Oil & Gas Industry to Improve Cybersecurity A collaboration of oil and natural gas companies and DHS S&T to facilitate
cooperative research, development, testing, and evaluation procedures to improve cyber security in Industrial Automation and Control Systems Consortium under the Automation Federation
TCIPG – Trustworthy Computing Infrastructure for the Power Grid
Partnership with DOE funded at UIUC with several partner universities and industry participation
Drive the design of an adaptive, resilient, and trustworthy cyber infrastructure for transmission & distribution of electric power, including new resilient “smart” power grid
16
17
DECIDE (Distributed Environment for Critical Infrastructure Decision-making Exercises) Enable enterprise decision-makers to think through responses to operational disruptions
of market-based transactions across networks Sector(s), Market(s), Institution(s)
Provide a dedicated exercise capability for several critical infrastructures in the U.S. Beginning with Banking and Finance
Foster an effective, practiced business continuity effort to deal with increasingly sophisticated cyber threats Enterprises will be able to initiate their own large-scale exercises, define their own scenarios, protect
their proprietary data, and learn vital lessons to enhance business continuity, all from their desktops
Think through sector impacts of the National Planning Scenarios Enhance coordination during a large-scale disruption to key infrastructures
The concept has been reviewed by and developed with input from experts at ChicagoFIRST, the Options Clearing Corporation, ABN-AMRO, Eurex, Archipelago, Bank of New York, and CitiBank.
The Financial Services Sector Coordinating Council R&D Committee is organizing a user-group of subject matter experts paid by their respective financial institutions to support the project over the next two years.
DECIDE
Began as a gleam in the eye of a BNY Risk Manager in 2004 Seen as a logical follow-on the the 2003 Livewire Cyber Exercise Simulation Designed to stress the massive interdependencies of critical infrastructures and
help them prepare for low probability / high consequence disruptions
Prototyped in 2005 / 2006 with some Homeland Security funding
Gained FSSCC Support in 2006 Meets a priority FSCCC R&D Need
Transitioned to a $15 million full-scale R&D effort funded by the Department of Homeland Security in 2008 R&D team led by Norwich University Applied Research Institutes
18
•Goal: Create a Finance-sector requested, software-based simulation environment for sector-risk exercises
19
Partnership Project LOGIIC is a model for
government-industry technology integration and demonstration efforts to address critical R&D needs
Industry contributes Requirements and operational expertise Project management Product vendor channels
DHS S&T contributes National Security Perspective on threats Access to long term security research Independent researchers with technical expertise Testing facilities
20
Overview Opportunity: Reduce vulnerabilities
of oil & gas process control environments by correlating and analyzing abnormal events to identify and prevent cyber security threats
Approach: Identify new types of security
sensors for process control networks
Adapt a best-of-breed correlation engine to this environment
Integrate in testbed and demonstrate
Transfer technology to industry
•Business Network
•Process Control Network
•LOGIIC Correlation Engine
•External Events
•Attack Indications and •Warnings
21
Consortium
•Oil & Gas Sector •Participating Companies
•Project #1
•Project #2
•Project #3
•Project #4
•Project #N
•Researchers
•Vendors
•Labs
•DHS S&T •ISA Automation
Federation (AF)
•DHS PCII
SIS Project Security of Safety Instrumented Systems SIS Objective: bring a process plant to a safe state when an excursion
outside pre-established operating parameters occurs SIS increasingly integrated with PCS – is the integrity of production
facilities jeopardized? LOGIIC SIS will result in
Security improvements Characterization of residual risk Architectural recommendations Confidence in the architectural integrity of SIS
– Final summary report provides architectural recommendations
for PCS/SIS integration – Outreach to standards bodies and the sector is underway
Trustworthy Cyber Infrastructure for the Power Grid
Current TCIPG Effort
• $18.5 M over 5 years
Jointly funded with Department Of Energy • 5 universities, 20 senior investigators
University of Illinois at Urbana-Champaign Washington State University Cornell University Dartmouth University University of California at Davis
Over 40 Graduate and Undergraduate Students External Advisory Board (8 members) Industry interaction board (75 members)
23
Industrial Control Systems Joint Working Group (ICSJWG) Administered by the Dept. of Homeland Security’s Control Systems
Security Program. Provides a vehicle for collaboration between government and private
sector control systems stakeholders Government Coordinating Council Sector Coordinating Council Subject Matter Experts
Meets twice a year in conference as a plenary session, sub groups meet as needed.
Includes 5 subgroups plus 1 Pending ICS Roadmap Development International Research and Development Standards and Metrics (pending) Vendor / Public Coordination Workforce Development
24
ICSJWG Research & Development Subgroup
• The Research and Development Subgroup will identify existing and planned research and development needs and priorities as they relate to industrial control systems
• Objectives • Identify existing and planned R&D needs and priorities as they
relate to ICS • Identify desired areas of ICS research not currently under way • Evaluate if a more secure process or mechanism is needed for
sharing sensitive R&D information
• DHS S&T co-chairs the R&D subgroup
• For more information, visit: • http://www.us-cert.gov/control_systems/icsjwg
HSARPA Cyber Security R&D Broad Agency Announcement (BAA) 11-02 Delivers both near-term and medium-term solutions
To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure, based on customer requirements
To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging cybersecurity systems;
To facilitate the transfer of these technologies into operational environments.
Proposals Received According to 3 Levels of Technology Maturity
28 October 2011 26
Type I (New Technologies) Applied Research Phase Development Phase Demo in Op Environ. Funding ≤ $3M & 36 mos.
Type II (Prototype Technologies) More Mature Prototypes Development Phase Demo in Op Environ. Funding ≤ $2M & 24 mos.
Type III (Mature Technologies) Mature Technology Demo Only in Op Environ. Funding ≤ $750K & 12 mos.
Note: Technology Demonstrations = Test, Evaluation, and Pilot deployment in DHS “customer” environments
28 October 2011 27
Technical Topic Areas (TTAs) TTA-1 Software Assurance DHS, FSSCC TTA-2 Enterprise-level Security Metrics DHS, FSSCC TTA-3 Usable Security DHS, FSSCC TTA-4 Insider Threat DHS, FSSCC TTA-5 Resilient Systems and Networks DHS, FSSCC TTA-6 Modeling of Internet Attacks DHS TTA-7 Network Mapping and Measurement DHS TTA-8 Incident Response Communities DHS TTA-9 Cyber Economics CNCI TTA-10 Digital Provenance CNCI TTA-11 Hardware-enabled Trust CNCI TTA-12 Moving Target Defense CNCI TTA-13 Nature-inspired Cyber Health CNCI TTA-14 Software Assurance MarketPlace S&T (SWAMP)
28 October 2011 28
Small Business Innovative Research (SBIR) Important program for creating new innovation and
accelerating transition into the marketplace Since 2004, DHS S&T Cyber Security has had:
60 Phase I efforts 27 Phase II efforts 4 Phase II efforts currently in progress 9 commercial/open source products available Three acquisitions
Komoku, Inc. (MD) acquired by Microsoft in March 2008 Endeavor Systems (VA) acquired by McAfee in January 2009 Solidcore (CA) acquired by McAfee in June 2009
28 October 2011 29
Initial requirements working group held November 2008 Attendees from USSS, CBP, ICE, FLETC, FBI, NIJ, TSWG,
NIST, Miami-Dade PD, Albany NY PD
Initial list of project requirements - Mobile device and GPS forensic tools LE First responder “field analysis kit” High-speed data capture and deep packet inspection Live stream capture for gaming systems Memory analysis and malware tools Info Clearing House