530 likes | 764 Views
Homeland Security Advanced Research Projects Agency . An Update on the Cyber Security R&D Landscape. December 4, 2013. SINET Showcase Douglas Maughan Division Director. http:// www.dhs.gov/cyber-research. Past SINET Participation. 2007 ITSEF - Opening Doors to the Federal Government
E N D
Homeland Security Advanced Research Projects Agency An Update on the Cyber Security R&D Landscape December 4, 2013 SINET Showcase Douglas Maughan Division Director http://www.dhs.gov/cyber-research
Past SINET Participation • 2007 ITSEF - Opening Doors to the Federal Government • 2008 ITSEF Panel - Federal Government Strategic Investment Funds • 2009 ITSEF Panel - Critical Infrastructure • 2010 ITSEF Panel - Moving Forward with a Roadmap for the IT, Banking & Finance and Energy Sectors • 2010 Showcase Workshop and 2011 ITSEF Workshop - Obtaining Federal Research Funding • 2011 ITSEF Panel - Partnering Practitioners & Theory - Creating Centers of Excellence • 2012 ITSEF Panel - What are the Key Attributes that Lead to Successful Technology Transfer? • 2012 Showcase Panel - DHS and DoD Efforts at Improving Cyber Innovation Intake into the Federal Government
Threat Space National / Federal Activities DHS Activities Cyber Security Division (CSD) Overview What’s Ahead Funding Opportunities Summary Q&A Presentation Outline
Environment: Greater Use of Technology, More Threats, Less Resources Anywhere in the world in 24 hours Globalization & Transportation LESS RESOURCES Tenuous balance Border Security & Immigration Violent Extremism Insider Threat Low cost of entry Strategic potential Cyber Domain Both sides get to innovate Aviation as an example … Predictive & Reactive Nature of Innovation Historical Perspective Misuse of Technology Natural Disasters & Pushing Beyond Design Limits MORE THREATS
Cyber Threat Sources Ready to Exploit Weaknesses Nation States Cyber Criminals Terrorists, DTOs, etc. Insider Threats Hackers/Hacktivists
Cyber Threats • Malware – Malicious software to disrupt computers • Viruses, worms, … • Theft of Intellectual Property or Data • Hactivism – Cyber protests that are socially or politically motivated • Mobile Devices and Applications and their associated Cyber Attacks • Social Engineering – Entice users to click on Malicious Links • Spear Phishing – Deceptive communications (E-Mails, Texts, Tweets…) • Domain Name System (DNS) Hijacking • Router Security – Border Gateway Protocol (BGP) Hijacking • Denial of Service (DOS) – blocking access to web sites • Others …..
Comprehensive National Cybersecurity Initiative (CNCI) Establish a front line of defense Reduce the Number of Trusted Internet Connections Deploy Passive Sensors Across Federal Systems Pursue Deployment of Automated Defense Systems Coordinate and Redirect R&D Efforts Resolve to secure cyberspace / set conditions for long-term success Develop Gov’t-wide Counterintelligence Plan for Cyber Increase Security of the Classified Networks Expand Education Connect Current Centers to Enhance Situational Awareness Shape future environment / secure U.S. advantage / address new threats Define and Develop Enduring Leap Ahead Technologies, Strategies & Programs Define and Develop Enduring Deterrence Strategies & Programs Manage Global Supply Chain Risk Cyber Security in Critical Infrastructure Domains http://cybersecurity.whitehouse.gov
NITRD Participating Agencies Networking Information Technology R&D
Federal Cybersecurity R&D Strategic Plan • Science of Cyber Security • Research Themes • Tailored Trustworthy Spaces • Moving Target Defense • Cyber Economics and Incentives • Designed-In Security (New for FY13) • Transition to Practice • Technology Discovery • Test & Evaluation / Experimental Deployment • Transition / Adoption / Commercialization • Support for National Priorities • Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education), Financial Services Released Dec 6, 2011 http://www.whitehouse.gov/blog/2011/12/06/federal-cybersecurity-rd-strategic-plan-released
DHS S&T Mission Guidance Strategic Guidance Homeland Security Act 2002 QHSR (Feb 2010) BUR (July 2010) S&T Strategic Plan (2011) Operational Directives QHSR High Consequence WMD Pandemics, Accidents, Natural Hazards Violent Extremism Smaller Scale Terrorism Trafficking, Crime Threats Core Missions HSPD-5 National Incident Management System (2003) HSPD-9 Defense of U.S. Agriculture & Food (2004) HSPD-10 Biodefense for the 21st Century (2004) HSPD-22 Domestic Chemical Defense (2007) PPD-8 National Preparedness (2011) Prevention, Protection, Mitigation, Response, Recovery
Cybersecurity for the 16 Critical Infrastructure Sectors DHS provides advice and alerts to the 16 critical infrastructure areas … … DHS collaborates with sectors through Sector Coordinating Councils (SCC) X X • Business / Personal • Shopping & Banking Point of Sale (in store or on line) • Personnel • Social Media • …
EO-13636 and PPD-21 • In February 2013, the President issued two new policies: • Executive Order 13636: Improving Critical Infrastructure Cybersecurity • Presidential Policy Directive – 21: Critical Infrastructure Security and Resilience • America's national security and economic prosperity are dependent upon the operation of critical infrastructure that are increasingly at risk to the effects of cyber attacks • The vast majority of U.S. critical infrastructure is owned and operated by private companies • A strong partnership between government and industry is indispensible to reducing the risk to these vital systems
Integrating Cyber-Physical Security • Executive Order 13636: Improving Critical Infrastructure Cybersecuritydirects the Executive Branch to: • Develop a technology-neutral voluntary cybersecurity framework • Promote and incentivize the adoption of cybersecurity practices • Increase the volume, timeliness and quality of cyber threat information sharing • Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure • Explore the use of existing regulationto promote cyber security • Presidential Policy Directive-21: Critical Infrastructure Security and Resilience replaces Homeland Security Presidential Directive-7 and directs the Executive Branch to: • Develop a situational awareness capabilitythat addresses both physical and cyber aspects of how infrastructure is functioning in near-real time • Understand the cascading consequences of infrastructure failures • Evaluate and mature the public-private partnership • Update the National Infrastructure Protection Plan • Develop comprehensive research and development plan (CSD / RSD)
Cybersecurity Framework (NIST lead) • Developed in collaboration with industry, provides guidance to an organization on managing cybersecurity risk • Supports the improvement of cybersecurity for the Nation’s Critical Infrastructure using industry-known standards and best practices • Provides a common language and mechanism for organizations to • describe current cybersecurity posture; • describe their target state for cybersecurity; • identify and prioritize opportunities for improvement within the context of risk management; • assess progress toward the target state; • Foster communications among internal and external stakeholders. • Composed of three parts: the Framework Core, the Framework Implementation Tiers, and Framework Profiles
Areas: “While these reports do not yet represent a final Administration policy, they do offer an initial examination of how the critical infrastructure community could be incentivized to adopt the Cybersecurity Framework as envisioned in the Executive Order. We will be making more information on these efforts available as the Framework and Program are completed.” Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator White House Blog, August 6, 2013 Recommended Incentives Cybersecurity Insurance Grants Process Preference Liability Limitation Streamline Regulations Public Recognition Rate Recovery for Price Regulated Industries Cybersecurity Research
R&D guidance from PPD-21 • Within 2 years, DHS in coordination with OSTP, SSA’s, DOC and other Federal D&A, shall provide to the President a National Critical Infrastructure Security and Resilience R&D Plan that takes into account the evolving threat landscape, annual metrics, and other relevant information to identify priorities and guide R&D requirements and investments…plan issued every 4 years …updates as needed. • Innovation and Research & Development: DHS in coordination with OSTP, SSA’s, Commerce and other Federal D&A, shall provide input to align those Federal and Federally-funded R&D activities that seek to strengthen the security and resiliency of the Nation’s critical infrastructure, including: • Promoting R&D to enable the secure and resilient design and construction of critical infrastructure and more secure accompanying cyber technology; • Enhancing modeling capabilities to determine potential impacts … and cascading effects; • Facilitating initiatives to incentivize cyber security investments and the adoption of critical infrastructure design features that strengthen all-hazards security and resilience; • Prioritizing efforts to support the strategic guidance issued by the Secretary. • Working Group headed up by DHS S&T
How to Engage • National Infrastructure Protection Plan process • Review and comment on Draft Documents • www.dhs.gov/eo-ppd • Provide input through dialogue on IdeaScale -- http://eoppd.ideascale.com • Encourage partners to review and provide input • PPD/EO Integrated Task Force Weekly Stakeholder Bulletin • Current status of activities • List of upcoming Open Forums, Webinars and other Engagement Opportunities • Contact EO-PPDTaskForce@hq.dhs.gov for more information • Also R&DWG@hq.dhs.gov for R&D plan information, participation
DHS S&T Mission • Strengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise Create new technological capabilities and knowledge products Provide Acquisition Support and Operational Analysis Provide process enhancements and gain efficiencies Evolve US understanding of current and future homeland security risks and opportunities • FOCUS AREAS • Bio • Explosives • Cybersecurity • First Responders • Resilient Systems • Borders / Maritime
Trustworthy Cyber Infrastructure Working with the global Internet community to secure cyberspace Research Infrastructure to Support Cybersecurity Developing necessary research infrastructure to support R&D community R&D Partnerships Establishing R&D partnerships with private sector, academia, and international partners Innovation and Transition Ensuring R&D results become real solutions Cybersecurity Education Leading National and DHS cybersecurity education initiatives Cyber Security Focus Areas
Trustworthy Cyber Infrastructure • Secure Protocols • DNSSEC – Domain Name System Security • Govt and private sector worked together to make this happen • Started in 2004; now 111 top level (gTLD) and country code (ccTLD) domains adopted globally including the Root • SPRI – Secure Protocols for Routing Infrastructure • Internet Measurement and Attack Modeling • Geographic mapping of Internet resources • Logically and/or physically connected maps of Internet resources • Monitoring and archiving of BGP route information • Co-funding with Australia • http://www.isi.edu/ant/address/browse/
Research Infrastructure • Experimental Research Testbed (DETER) • Researcher and vendor-neutral experimental infrastructure • Used by over 200 organizations from more than 20 states and 17 countries • Used by over 40 classes, from 30 institutions involving 2,000+ students • http://www.deter-project.org • Research Data Repository (PREDICT) • Repository of network data for use by the U.S.- based cyber security research community • More than 200 users (academia, industry, gov’t); Over 600TB of network data; Tools are used by major service providers and many companies • Phase 2: New datasets, ICTR Ethics, International (CA, AUS, JP, EU) • https://www.predict.org • Software Assurance Market Place (SWAMP) • A software assurance testing and evaluation facility and the associated research infrastructure services
R&D Partnerships • Oil and Gas Sector • LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity • Electric Power Sector • TCIPG – Trustworthy Computing Infrastructure for the Power Grid • Banking and Finance Sector • FI-VICS – Financial Institutions – Verification of Identity Credential Service • DECIDE – Distributed Environment for Critical Incident Decision-making Exercises (recent Quantum Dawn II exercise) • State and Local • PRISEM - Public Regional Information Security Event Management • PIV-I/FRAC TTWG – State and Local and Private Sector First Responder Authentication Credentials and Technology Transition • Law Enforcement • SWGDE – Special Working Group on Digital Evidence (FBI lead) • CFWG – Cyber Forensics Working Group (CBP, ICE, USSS, FBI, S/L)
S&T International Engagements • International Bilateral Agreements • Government-to-government cooperative activities for 13 bilateral Agreements • Canada (2004) • Australia (2004) • United Kingdom (2005) • Singapore (2007) • Sweden (2007) • Mexico (2008) • Israel (2008) • France (2008) • Germany (2009) • New Zealand (2010) • European Commission (2010) • Spain (2011) • Netherlands (2013) Over $6M of International co-funding
CSD R&D Execution Model Successes • Ironkey – Secure USB • Standard Issue to S&T employees from S&T CIO • Acquired by Imation • Komoku – Rootkit Detection Technology • Acquired by Microsoft • HBGary – Memory and Malware Analysis • Over 100 pilot deployments as part of Cyber Forensics • Endeavor Systems – Malware Analysis tools • Acquired by McAfee • Stanford – Anti-Phishing Technologies • Open source; most browsers have included Stanford R&D • Secure Decisions – Data Visualization • Pilot with DHS/NCSD/US-CERT; Acquisition Research Development Test and Evaluation & Transition (RDTE&T) Example: DARPA has provided $9M to CSD for development and transition of Military Networking Protocol (MNP) technology and has started discussions for testing and evaluation of Automated Malware Analysis technology
Transition To Practice (TTP) Program R&D Sources • DOE National Labs • FFRDC’s (Federally Funded R&D Centers) • Academia • Small Business Transition processes • Testing & evaluation • Red Teaming • Pilot deployments Utilization • Open Sourcing • Licensing • New Companies • Adoption by cyber operations analysts • Direct private-sector adoption • Government use • Implement Presidential Memorandum – “Accelerating Technology Transfer and Commercialization of Federal Research in Support of High-Growth Businesses” (Oct 28, 2011)
A National Problem NICE was established in support of the Comprehensive National Cybersecurity Initiative (CNCI) – Initiative 8: Expand Cyber Education – Interim Way Forward and is comprised of over 20 federal departments and agencies. • The Nation needs greater cybersecurity awareness and more cybersecurity experts. • There is a lack of communication between government, private industry, and academia. • Many cybersecurity training programs exist but there is little consistency among programs, and potential employees lack information about the skills needed for jobs. • Cybersecurity Career development and scholarships are available but uncoordinated, and the resources that do exist are difficult to find.
Cybersecurity Education • Cyber Security Competitions (http://nationalccdc.org) • National Initiative for Cybersecurity Education (NICE) • NCCDC (Collegiate); U.S. Cyber Challenge (High School) • Provide a controlled, competitive environment to assess a student’s depth of understanding and operational competency in managing the challenges inherent in protecting a corporate network infrastructure and business information systems. • DHS Cyber Skills Task Force (CSTF) • Established June 6, 2012 - Homeland Security Advisory Council • Over 50 interviews (DHS internal and external) • Identify best ways DHS can foster the development of a national security workforce capable of meeting current and future cybersecurity challenges; • Outline how DHS can improve its capability to recruit and retain sophisticated cybersecurity talent. • 11 recommendations in 5 key areas
DHS Cyber Skills Task Force (CSTF) - Objectives • Objective I:Ensure that the people given responsibility for mission-critical cybersecurity roles and tasks at DHS have demonstrated that they have high proficiency in those areas. • Objective II: Help DHS employees develop and maintain advanced technical cybersecurity skills and render their working environment so supportive that qualified candidates will prefer to work at DHS. • Objective III: Radically expand the pipeline of highly qualified candidates for technical mission-critical jobs through partnerships with community colleges, universities, organizers of cyber competitions, and other federal agencies. • Objective IV: Focus the large majority of DHS’s near term efforts in cybersecurity hiring, training, and human capital development on ensuring that the Department builds a team of approximately 600 federal employees with mission-critical cybersecurity skills. • Objective V:Establish a “CyberReserve” program to ensure a cadre of technically proficient cybersecurity professionals are ready to be called upon if and when the nation needs them.
ICE Homeland Security Investigations (HSI) Cyber Student Initiative (7/10/13) • 36 HSI offices volunteered to participate • 291 Applicants of which 203 were Qualified Applicants • 27 Candidates Selected (of which 2 declined) – Atlanta, Baltimore, Boston, Buffalo, Charleston, Charlotte, Chicago, Denver, El Paso, Long Beach, Los Angeles, New York, Orlando, Pensacola, Philadelphia, Phoenix, San Antonio, San Francisco, Savannah, Seattle, DC. • Twenty three (23) candidates employed between July-September 2013
White House Priorities – FY14+ • Secure Federal Networks • Identity/Credential Access Mgmt (ICAM), Cloud Exchange, Fed-RAMP • Protect Critical Infrastructure • Public-Private Cyber Coordination, EO/PPD Initiatives • Improve Incident Response and Reporting • Information Sharing among Federal Centers • Capacity Building for State/Local/Tribal/Territorial (SLTTs) • Engage Internationally • Foreign Assistance Capacity Building • Build Workforce Capacity to Support International Cyber Engagement • Shape the Future • National Strategy for Trusted Identity in Cyberspace (NSTIC) • National Initiative for Cybersecurity Education (NICE) • Cybersecurity R&D – EO/PPD R&D Plan, Federal R&D Plan, Transition To Practice, Foundational Research
Future - Inter-Agency: CPS • Cyber Physical Systems (CPS) • “Smart networked systems with embedded sensors, processors and actuators that are designed to sense and interact with the physical world (including the human users), and support real-time, guaranteed performance in safety-critical applications” • Several workshops over the past year or two • Transportation • Automotive, UAVs, Aeronautical, Rail • Manufacturing • Healthcare • Energy • Agriculture • Defense • Emergency Response • Others ….. • All with an eye towards society, economics, and impact
CSD New Program Ideas • Security for Cloud-Based Systems • Data Privacy Technologies • Mobile Wireless Investigations • Mobile Device Security • Next-Generation DDOS Defenses • Application Security Threat Attack Modeling (ASTAM) • Static Tool Analysis Modernization Project (STAMP) • Network Reputation and Risk Analysis • Data Analytics Methods for Cyber Security • Cyber Security Education • Designed-In Security • Finance Sector Cybersecurity • DNSSEC Applications • Data Provenance for Cybersecurity • Cyber Economic Incentives – based on EO/PPD
Small Business Innovation Research (SBIR) Set-aside program for small business concerns to engage in federal R&D -- with potential for commercialization Small Business Technology Transfer (STTR) Set-aside program to facilitate cooperative R&D between small business concerns and research institutions -- with potential for commercialization Programs for U. S. Small Business • 2.5% • .3%
PHASE I • Feasibility Study • $100K (in general) and 6 month effort (amounts are changing) • PHASE II • Full Research/R&D • $750K and 24 month effort (amounts are changing) • Commercialization plan required • PHASE III • Commercialization Stage • Use of non-SBIR Funds SBIR - A 3 Phase Program
Number and timing of solicitations R&D Topic Areas – Broad vs. Focused Dollar Amount of Award (Phase I and II) Proposal preparation instructions Financial details (e.g., Indirect Cost Rates) Proposal review process Proposal success rates Types of award Commercialization assistance And more………… Agency SBIR Differences
Small Business Innovative Research (SBIR) • FY04 • Cross-Domain Attack Correlation Technologies (2) • Real-Time Malicious Code Identification (2) • Advanced SCADA and Related Distributed Control Systems (5) • FY05 • Hardware-assisted System Security Monitoring (4) • FY06 • Network-based Boundary Controllers (3) • Botnet Detection and Mitigation (4) • FY07 • Secure and Reliable Wireless Communication for Control Systems (2) • FY09 • Software Testing and Vulnerability Analysis (3) • FY10 • Large-Scale Network Survivability, Rapid Recovery, and Reconstitution (1) • FY11 • Mobile Device Forensics (1) • FY12 • Moving Target Defense (2) • Solid State Drive (SSD) Analysis (1) • FY13 • Hybrid Analysis Mapping • Software Based Roots of Trust for Enhanced Mobile Device Security
Small Business Innovative Research (SBIR) • Important program for creating new innovation and accelerating transition into the marketplace • Since 2004, DHS S&T Cyber Security has had: • 74 Phase I efforts • 28 Phase II efforts • 4 Phase II efforts currently in progress • 10 commercial/open source products available • Four acquisitions • Komoku, Inc. (MD) acquired by Microsoft in March 2008 • Endeavor Systems (VA) acquired by McAfee in January 2009 • Solidcore (CA) acquired by McAfee in June 2009 • HBGary (CA) acquired by ManTech in February 2012
Cyber Security R&D Broad Agency Announcement (BAA) • Delivers both near-term and medium-term solutions • To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure, based on customer requirements • To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging cybersecurity systems; • To facilitate the transfer of these technologies into operational environments. • Proposals Received According to 3 Levels of Technology Maturity Type I (New Technologies) • Applied Research Phase • Development Phase • Demo in Op Environ. • Funding ≤ $3M & 36 mos. Type III (Mature Technologies) • Mature Technology • Demo Only in Op Environ. • Funding ≤ $750K & 12 mos. Type II (Prototype Technologies) • More Mature Prototypes • Development Phase • Demo in Op Environ. • Funding ≤ $2M & 24 mos. Note: Technology Demonstrations = Test, Evaluation, and Pilot deployment in DHS “customer” environments
DHS S&T Long Range Broad Agency Announcement (LRBAA) 12-07 • S&T seeks R&D projects for revolutionary, evolving, and maturing technologies that demonstrate the potential for significant improvement in homeland security missions and operations • Offerors can submit a pre-submission inquiry prior to White Paper submission that is reviewed by an S&T Program Manager • CSD has 18 Topic Areas (CSD.01 – CSD.18) – SEE NEXT SLIDE • LRBAA 12-07 has been extended and closes on 12/31/13 • S&T BAA Website: https://baa2.st.dhs.gov • Additional information can be found on the Federal Business Opportunities website (www.fbo.gov) (Solicitation #:DHSS-TLRBAA12-07)
LRBAA Summary Listing • CSD.01 – Comprehensive National Cybersecurity Initiative and Federal R&D Strategic Plan topics • CSD.02 – Internet Infrastructure Security • CSD.03 – National Research Infrastructure • CSD.04 –Homeland Open Security Technology • CSD.05 – Forensics support to law enforcement • CSD.06 – Identity Management • CSD.07 – Data Privacy and Information Flow technologies. • CSD.08 – Software Assurance • CSD.09 – Cyber security competitions, education and curriculum development. • CSD.10 – Process Control Systems and Critical Infrastructure Security • CSD.11 – Internet Measurement and Attack Modeling • CSD.12 – Securing the mobile workforce • CSD.13 - Security in cloud based systems • CSD.14 – Experiments – Test and evaluation in experimental operational environments to facilitate transition. • CSD.15 – Research Data Repository • CSD.16 – Cybersecurity Economic Incentives • CSD.17 – Data Analytics – analysis techniques, visualization, • CSD.18 – Tailored Trustworthy Spaces – trust negotiation, app anonymity
Cybersecurity research is a key area of innovation to support our global economic and national security futures DHS S&T continues with an aggressive cyber security research agenda Working to solve the cyber security problems of our current (and future) infrastructure and systems Working with academe and industry to improve research tools and datasets Looking at future R&D agendas with the most impact for the nation Need to continue strong emphasis on technology transfer and experimental deployments Must focus on the education, training, and awareness aspects of our current and future cybersecurity workforce Summary
Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) douglas.maughan@dhs.gov 202-254-6145 / 202-360-3170 For more information, visithttp://www.dhs.gov/cyber-research http://www.dhs.gov/st-csd