U.S. Cybersecurity R&D Landscape Homeland Security Advanced Research Projects Agency Cyber Security Division Douglas Maughan, Ph.D. Division Director March 16, 2012 http://www.cyber.st.dhs.gov 1
Feb 09, 2016
1
U.S. Cybersecurity R&D Landscape
Homeland Security Advanced Research Projects AgencyCyber Security Division
Douglas Maughan, Ph.D.Division Director
March 16, 2012
http://www.cyber.st.dhs.gov
22
Comprehensive National Cybersecurity Initiative (CNCI)
Reduce the Number of Trusted Internet
Connections
Deploy Passive Sensors Across
Federal Systems
Pursue Deployment of Automated
Defense Systems
Coordinate and Redirect R&D Efforts
Establish a front line of defense
Connect Current Centers to Enhance
Situational Awareness
Develop Gov’t-wide Counterintelligence
Plan for Cyber
Increase Security of the Classified
NetworksExpand Education
Resolve to secure cyberspace / set conditions for long-term success
Define and Develop Enduring Leap Ahead
Technologies, Strategies & Programs
Define and Develop Enduring Deterrence
Strategies & Programs
Manage Global Supply Chain Risk
Cyber Security in Critical Infrastructure
Domains
Shape future environment / secure U.S. advantage / address new threats
http://cybersecurity.whitehouse.gov
3
Agency / Org Research Agenda Researchers Customers / ConsumersNational Science Foundation (NSF)
SW engineering/protection, HW/FW security, mobile wireless and sensor networks, trustworthy computing ; Several academic centers
Academics and Non-Profits
Basic Research - No specific customers
Defense Advanced Research Projects Agency (DARPA)
Lots of classified research; unclassified topics are focused on basic research (CRASH, MRC, SAFER, HACMS); National Cyber Range
Few academics; large system integrators; research and government labs
Mostly DOD; most solutions are GOTS, not COTS
National Security Agency (NSA)
Information Assurance Automation (ISAP), SELinux; Networking theory; CAEIAE centers
Mostly in-house Intelligence community; some NSA internal; some open source
Intelligence Advanced Research Projects Agency (IARPA)
Automatic Privacy Protection (APP,) Securely Taking on New Executable Software of Uncertain Provenance (STONESOUP)
Mostly research labs, system integrators, and national labs; Some academics
Intelligence community
National Institute of Standards & Technology (NIST)
Trusted Identities in Cyberspace, National Initiative for Cybersecurity Education (NICE)
In-house; Most R&D funding comes from other agencies
Federal agencies with some impact on state and locals
Department of Homeland Security (DHS) S&T
All unclassified; Secure Internet Protocols; Process Control Systems (PCS), Emerging Threats, Insider Threat, Cyber Forensics; Software Assurance, Open Security Technologies, Next Generation Technologies
Blend of academics, research and government labs, non-profits, private sector and small business
DHS Components (including NPPD, USSS, FLETC, FEMA, ICE, CBP); CI/KR Sectors; USG and Internet and Private Sector
Federal Gov’t Cyber Research Community
4
Federal Cybersecurity Research and Development
Program: Strategic Plan
Federal Cybersecurity R&D Strategic Plan Science of Cyber Security Research Themes
Tailored Trustworthy Spaces Moving Target Defense Cyber Economics and Incentives Designed-In Security (New for FY12)
Transition to Practice Technology Discovery Test & Evaluation / Experimental Deployment Transition / Adoption / Commercialization
Support for National Priorities Health IT, Smart Grid, NSTIC (Trusted Identity), NICE
(Education), Financial Services
5
6
Federal Investments across All R&D
Big Data Cloud Computing Cyber-Physical Systems Healthcare IT High End Computing Software Design and Productivity STEM Education
7
CSD R&D Execution Model
8
Examples of CSD Successes Ironkey – Secure USB
Standard Issue to S&T employees from S&T CIO Coverity – Open Source Hardening (SCAN)
Analyzes 150+ open source software packages daily Komoku – Rootkit Detection Technology
Acquired by Microsoft in 2008 Secure64 – DNSSEC Automation
Several commercial customers; Government pilots underway HBGary – Memory and Malware Analysis
Over 100 pilot deployments as part of Cyber Forensics project Endeavor Systems – Malware Analysis tools
Acquired by McAfee in 2009 Telcordia – Automated Vulnerability Analysis
In use by DOD, SEC GMU/ProInfo – Network Topology Analysis (Cauldron)
In use at FAA, several commercial customers Stanford – Anti-Phishing Technologies
Open source; most browsers have included Stanford R&D
Secure Decisions – Data Visualization
Pilot with DHS/NCSD/US-CERT
9
DHS S&T Cyber Security Program Areas Research Infrastructure to Support Cybersecurity
(RISC) Trustworthy Cyber Infrastructure (TCI) Cyber Technology Evaluation and Transition (CTET) Foundational Elements of Cyber Systems (FECS) Cybersecurity User Protection and Education (CUPE)
10
Research Infrastructure (RISC) Experimental Research Testbed (DETER)
Researcher and vendor-neutral experimental infrastructure Used by over 200 organizations from more than 20 states and 17 countries Used by over 40 classes, from 30 institutions involving 2,000+ students
http://www.deter-project.org Research Data Repository (PREDICT)
Repository of network data for use by the U.S.- based cyber security research community
More than 100 users (academia, industry, gov’t); Over 250TB of network data; Tools are used by major service providers and many companies
Phase 2: New datasets, ICTR Ethics, International (JP, DE) https://www.predict.org
Software Assurance Market Place (SWAMP) A software assurance testing and evaluation facility and the associated
research infrastructure services New FY12 initiative
11
Trustworthy Cyber Infrastructure Secure Protocols
DNSSEC – Domain Name System Security Govt and private sector worked together to make this happen Started in 2004; now 35 top level domains adopted globally including the Root
SPRI – Secure Protocols for Routing Infrastructure Working with ISPs (Verizon, Google), router vendors (Cisco, Juniper), others
Process Control Systems LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity
Consortium of super major O&G companies partnered with DHS TCIPG – Trustworthy Computing Infrastructure for the Power Grid
Partnered with DOE, Advisory Board of 30+ private sector companies Internet Measurement and Attack Modeling
Geographic mapping of Internet resources Logically and/or physically connected maps of Internet resources Monitoring and archiving of BGP route information Co-funding with Australia
12
Evaluation and Transition (CTET) Assessment and Evaluations
Red Teaming of DHS S&T-funded technologies Support of numerous outreach events
Annual IT Security Entrepreneurs’ Forum Quarterly Information Security Technology Transition Council (ITTC)
meetings Experiments and Pilots
Experimental Deployment of DHS S&T-funded technologies into operational environments
Partnerships with ICE, USSS, CBP, NCSD, S&T CIO Distributed Environment for Critical Incident Decision-making Exercises
(DECIDE) Tool for Finance Sector to conduct risk management exercises and identify improvements
Transition to Practice (CNCI) New FY12 Initiative
13
Foundational Elements (FECS) Homeland Open Security Technology (HOST)
Use open source to improve security at all levels of government Example: Suricata (open source IDS/IPS) – over $8M of comm. inv.
New FY12 Initiatives Enterprise Level Security Metrics and Usability
Requirements from DHS/NCSD and FSSCC Software Quality Assurance
Requirements from DHS/NCSD and FSSCC Cyber Economic Incentives (CNCI) Leap Ahead Technologies (CNCI) Moving Target Defense (CNCI) Tailored Trustworthy Spaces (CNCI)
14
Cybersecurity Users (CUPE) Cyber Security Competitions
National Initiative for Cybersecurity Education (NICE) NCCDC (Collegiate); U.S. Cyber Challenge (High School)
Cyber Security Forensics Support to DHS and other Law Enforcement
customers (USSS, CBP, ICE, FBI, CIA)
Identity Management & Data Privacy Technologies National Strategy for Trusted
Identities in Cyberspace (NSTIC)
15
DHS S&T Cybersecurity Program
PEOPLE
SYSTEMS
INFRASTRUCTURE
RESEARCH INFRASTRUCTURE
Secure Protocols
Identity ManagementEnterprise Level Security Metrics &
UsabilityData PrivacyCyber ForensicsCompetitions
Process Control SystemsInternet Measurement & Attack
Modeling
Experimental Research Testbed (DETER)Research Data Repository (PREDICT)Software Assurance Market Place (SWAMP)
Software Quality Assurance Homeland Open Security Technology Experiments & PilotsAssessments & Evaluations
Cyber Economic IncentivesMoving Target DefenseTailored Trustworthy
SpacesLeap Ahead Technologies Transition To Practice
16
Cyber Security R&D Broad Agency Announcement (BAA) Delivers both near-term and medium-term solutions
To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure, based on customer requirements
To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging cybersecurity systems;
To facilitate the transfer of these technologies into operational environments.
Proposals Received According to 3 Levels of Technology MaturityType I (New Technologies) Applied Research Phase Development Phase Demo in Op Environ. Funding ≤ $3M & 36 mos.
Type II (Prototype Technologies) More Mature Prototypes Development Phase Demo in Op Environ. Funding ≤ $2M & 24 mos.
Type III (Mature Technologies) Mature Technology Demo Only in Op Environ. Funding ≤ $750K & 12 mos.
Note: Technology Demonstrations = Test, Evaluation, and Pilot deployment in DHS “customer” environments
17
BAA 11-02 Technical Topic Areas (TTAs)TTA-1 Software Assurance DHS, FSSCCTTA-2 Enterprise-Level Security Metrics DHS, FSSCCTTA-3 Usable Security DHS, FSSCCTTA-4 Insider Threat DHS, FSSCCTTA-5 Resilient Systems and Networks DHS, FSSCCTTA-6 Modeling of Internet Attacks DHSTTA-7 Network Mapping and Measurement DHSTTA-8 Incident Response Communities DHSTTA-9 Cyber Economics CNCITTA-10 Digital Provenance CNCITTA-11 Hardware-Enabled Trust CNCITTA-12 Moving Target Defense CNCITTA-13 Nature-Inspired Cyber Health CNCITTA-14 Software Assurance MarketPlace (SWAMP) S&T
1003 White Papers 224 Full Proposals encouraged Expected awards in June 2012
18
A Roadmap for Cybersecurity Research http://www.cyber.st.dhs.gov
Scalable Trustrworthy Systems Enterprise Level Metrics System Evaluation Lifecycle Combatting Insider Threats Combatting Malware and Botnets Global-Scale Identity Management Survivability of Time-Critical
Systems Situational Understanding and Attack
Attribution Information Provenance Privacy-Aware Security Usable Security
19
US R&D Mapped to CSIT Themes
Adaptive Cyber Security Technologies Moving Target Defense Nature Inspired Cyber Health
Protection of Smart Utility Grids PCS Project – LOGIIC and TCIPG
Security of the Mobile Platform and Applications Identity Management Project - Combining Id Mgmt with mobile
devices (ala BYOD) Multi-faceted Approach to Cyber Security Research
Usable Security Cyber Economics and Incentives Incident Response Communities
20
Summary Cybersecurity research is a key area of innovation needed to support our
future Collaboration, both inter-agency and international, are essential to
producing next-generations solutions DHS S&T continues with an aggressive cyber security research agenda
Working to solve the cyber security problems of our current (and future) infrastructure and systems
Working with academe and industry to improve research tools and datasets Looking at future R&D agendas with the most impact for the nation, including
education Need to continue strong emphasis on technology transfer and experimental
deployments
21
For more information, visithttp://www.cyber.st.dhs.gov
Douglas Maughan, Ph.D.Division DirectorCyber Security DivisionHomeland Security Advanced Research Projects Agency (HSARPA)[email protected] / 202-360-3170
22
The Menlo Report"Ethical Principles Guiding Information and Communication Technology Research”, Supported by US Department of Homeland Security (Published in the Federal Register - Dec 2011).
Belmont Principle Menlo Application
Respect for Persons Identify stakeholdersInformed consent
Beneficence Identify potential benefits and harmsBalance risks and benefitsMitigate realized harms
Justice Fairness and equity
Additional Menlo Principle: Respect for the Law and Public Interest
ComplianceTransparency and accountability
Menlo Companion document – over 20 cases of unethical / illegal research activity