Opportunities for Cyber Trust Researchers at IARPA

1. Opportunities for Cyber Trust Researchers at IARPA Carl Landwehr NICIAR Program Manager Intelligence Advanced Research Projects Activity (IARPA) 301-226-9100 email: CarlL@dni.gov

2. The Nation’s Intelligence Community • New DNI, Mike McConnell: • Intelligence Community Integration • Acquisition emphasis • Information sharing: • Need to know vs. responsibility to provide • Analyst at the center: • Know the customer needs • Know the sensors and source

3. IARPA Genesis • Created 1 Oct. 2007 • Within the Office of the Director of National Intelligence • First Director: Dr. Lisa Porter, on board Feb. 2008 • Extra-mural research, driven by Program Managers • Mix of unclassified and classified research programs • Unclassified research largely solicited through targeted BAAs • Watch FedBizOpps for opportunities • IARPA Web site coming soon: • Keep your eye on www.iarpa.gov ! • Location: College Park, MD • Rotational staff of Program Managers • People with new program ideas encouraged to apply!

4. IARPA • No kidding, high-risk/high payoff research • This is NOT about “quick wins,” “low-hanging fruit,” “sure things”, etc. • Failure is completely acceptable as long as • It is not due to failure to maintain technical or programmatic integrity • Results are fully documented • Best and brightest • Competitive awards and world-class PMs • Every IARPA program will start with a good idea and a good person to lead it. Without both, IARPA will not start a program. • Cross community focus • Address cross-agency challenges • Leverage agency expertise (both R&D and operational perspectives) • Work transition strategies and plans • The “P” in IARPA is very important • Each Program will have a clearly defined and measurable end-goal, typically 3-5 years out. Intermediate milestones to measure progress are also required • IARPA does not “institutionalize” programs • Fresh ideas and fresh perspectives are always coming in; status quo is constantly questioned

5. The Heilmeier Questions • What are you trying to do? • How is it done now? Who does it? What are the limitations of present approaches? • Are you aware of the present state-of-the-art and have you thought through all the options? • What is new about your approach? Why do you think you can succeed at this time? • Given that you’ve provided clear answers to 1 & 2, have you created a compelling option? • What does a first order analysis of your approach reveal? • If you succeed, what difference will it make? • Why should we care? • How long will it take? How much will it cost? What are the mid-term and final exams? • What is your program plan? How will you measure progress? What are your milestones/metrics? What is your transition strategy?

6. Offense Defense Flawed software Spoofable network protocols Complex security management National Intelligence CommunityInformation Assurance Research Program Vision: Level the cybersecurity playing field • Dramatically improve the fundamental trustworthiness of the NIC cyber infrastructure • Defend existing NIC cyber infrastructure from external and internal threats; enable operation despite attacks Goals: • Use accountability as a lever to reduce vulnerabilities and foster information sharing • Increase the attacker’s cost to penetrate NIC systems • Provide usable and flexible security mechanisms Defense has an uphill battle!

7. Goals • Doubleattacker’s time/resource costto compromise NIC systems through remote exploits • Unmodified system as baseline • Applications: reduce vulnerability windows in time (patch generation/installation, reconfiguration) and space (flaw/fault detection and removal) • Decrease by halfthe time and effort required to attribute a specific computational event/information flow to a (human/software/hardware) initiator • Unmodified system as baseline • Applications: sanitization, information sharing (credit), leakage (blame) • Stretch goal:Reduce by a factor of 10the time/effort required to certify/accredit a new, conforming software component for use in a general purpose environment based on accountable information flow technologies • Existing system and certification/accreditation process as baseline

8. Large Scale System Defense Accountable Information Flow Vulnerable monoculture Robust polyculture Intended configuration • Goals: • Incorporate accountable information flow mechanisms at all system layers • Develop and demonstrate network designs in which today’s attacks are engineered out Actual configuration • Goals: • Increase attacker’s cost • Enable system operation during attack • Improve system configuration assurance • Technologies: • Dynamic, diverse programs and systems • Configuration specification and verification • Technologies: • Physical unclonable functions, secure coprocessors, static/dynamic analysis Current NICIAR Research Topics

9. NICECAP Timeline Topic areas: • Accountable Information flow • New focus area 10/07: • Privacy Protecting Technologies • Large scale system defense BAA release 4/24/06 Round I Work begins 6/1/07 Updated BAA release 10/2/07 White papers due 11/2/07 (received ~ 135 WPs) 35 Full Proposals invited 1/15/08 Proposals due 2/14/08 Contract negotiations begin 4/15/08 Awards made 7/15/08 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12 1 2006 2007 2008 2009 NICECAP BAA available at (or Google (NICECAP)): http://www.fbo.gov/spg/USAF/AFMC/AFRLRRS/Reference-Number-BAA-06-11-IFKA/listing.html

10. On the Horizon:Secure System Engineering Competitions • How do we build systems of realistic scale that • Have a sound assurance argument • Can be extended without sabotaging it • Are usable and manageable • How do we structure a competition to teach us these things? • What would be a compelling thing (or series of things) to build? • How would we evaluate it? • How would we measure progress? • What toolkits could we make available to competitors?

11. Thank You!Questions? Carl Landwehr NICIAR Program Manager 301-226-9100 email: CarlL@dni.gov