Upload
olesia
View
26
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Dept. of Homeland Security Science & Technology Directorate. Driving Security Improvements in Existing Technologies and Emerging Systems. EDUCAUSE Net@EDU Annual Mtg Tempe, AZ February 12, 2008. Douglas Maughan, Ph.D. Program Manager, CCI [email protected] - PowerPoint PPT Presentation
Citation preview
Driving Security Improvements in Existing Technologiesand Emerging Systems
EDUCAUSE Net@EDU Annual MtgTempe, AZFebruary 12, 2008
Dept. of Homeland Security Science & Technology Directorate
Douglas Maughan, Ph.D.
Program Manager, CCI
202-254-6145 / 202-360-3170
12 February 2008 2
Agenda
2007 Capitol Hill and Other WDC Activities DHS S&T Cyber Security R&D Program
PREDICT Broad Agency Announcements (BAAs) Outreach / Transition
University Programs Cyber R&D Background and Government R&D
Coordination
12 February 2008 3
Recent Hearings in Washington Cyber Insecurity: Hackers are Penetrating
Federal Systems and Critical Infrastructure http://homeland.house.gov/hearings/index.asp?ID=36
“These incidents have opened a lot of eyes in the halls of Congress. We need to get serious about this threat to our national security.”
Addressing the Nation’s Cybersecurity Challenges: Reducing Vulnerabilities Requires Strategic Investment and Immediate Action” http://homeland.house.gov/hearings/index.asp?ID=41
“I am deeply troubled by the lack of foresight that this Administration has demonstrated. The Homeland Security Committee is working to demonstrate the importance of R&D funding to this Administration.”
12 February 2008 4
Recent Hearings in Washington (cont’d)
House Homeland Security Committee investigation of DHS Networks http://homeland.house.gov/SiteDocuments/Charbo.pdf 13 questions to understand the security posture of DHS
networks
Senate Hearing on Terrorist use of the Internet http://hsgac.senate.gov/index.cfm?Fuseaction=
Hearings.Detail&HearingID=441
12 February 2008 5
More recent activity
May 2007 – DDOS attack on Estonia First example of “cyber warfare”?
Sep 2007 - “Chinese hack the Pentagon” Sep 2007 – “China hacks UK government” Oct 2007 – “White House initiative to defend against
hackers” Nov 2007 – “White House requests $154M
supplement for Cyber Initiative”
12 February 2008 6
(National) Cyber Initiative
Baltimore Sun Article on Cyber Initiative – Oct. 24, 2007 House panel chief demands details of cybersecurity plan
http://www.baltimoresun.com/technology/balte.cyber24oct24,0,782050,full.story
Rep. Bennie Thompson, Chairman of the House Homeland Security Committee, called on the Bush administration to delay the planned launch of a multi-billion-dollar cybersecurity initiative so that Congress could have time to evaluate it.
Initiative mostly focused on fixing operational problems that exist across government infrastructure E.g., Trusted Internet Connections (TIC) program announcement
Small component of total effort is aimed at R&D
12 February 2008 7
CSIS Commission for 44th Presidency Goal: Identify a strategy and set of recommendations for the next
administration to move ahead in securing cyberspace. The Commission will complete its work by December 2008.
The Commission will be a bipartisan group composed of thirty to thirty-five experts drawn from the cyber security policy community and from the private sector. Co-chaired by leaders from Congress and the private sector Reinforced by a private sector advisory group composed of representatives
from companies and associations The proposed working groups are:
(1) Federal Organization, Strategy and Doctrine; (2) Cybersecurity Norms and Authorities; (3) Budget and Acquisitions for Cybersecurity; (4) Government/Private Sector Interfaces and Engagement.
The final product would be a well-supported package of recommendations for improving cyber security that could help to guide both a legislative agenda and Presidential policy documents.
12 February 2008 8
Homeland Security Mission
Lead unified national effort to secure America
Prevent terrorist attacks within the U.S.
Respond to threats and hazards to the nation
Ensure safe and secure borders Welcome lawful immigrants
and visitors Promote free flow of
commerce
12 February 2008 9
DHS Goals: Secretary’s Priorities Keep terrorists, criminals and unlawful
entrants out of the U.S.
Prevent dangerous materials, weapons and illicit drugs from entering the country
Strengthen screening of workers/travelers
Secure critical infrastructure
Build nimble, effective emergency response system and culture of preparedness
Strengthen core management to ensure DHS is a great organization
12 February 2008 10
Department of Homeland SecurityOrganization Chart
SECRETARY
DEPUTY SECRETARY
DIRECTORTRANSPORTATION
SECURITY ADMINISTRATION
UNDER SECRETARY FOR POLICY
UNDER SECRETARY FOR SCIENCE & TECHNOLOGY
UNDER SECRETARY FOR MANAGEMENT
UNDER SECRETARY FOR
PREPAREDNESS
A/S CONGRESSIONAL & INTERGOVERNMENTAL
AFFAIRS
ASSISTANT SECRETARY PUBLIC
AFFAIRS
INSPECTOR GENERALGENERAL COUNSEL
CHIEF PRIVACY OFFICER
OMBUDSMAN CITIIZENSHIP & IMMIGRATION
SERVICES
DIRECTORCIVIL RIGHTS/CIVIL
LIBERTIES
DIRECTOR OFCOUNTER
NARCOTICS
DOMESTIC NUCLEAR
DETECTION OFFICE
SCREENING COORDINATION
OFFICE
CHIEF OF STAFF
EXECUTIVE SECRETARY
COMMISSIONERIMMIGRATION &
CUSTOMS ENFORCEMENT
COMMISSIONER CUSTOMS & BORDER
PROTECTION
DIRECTOR CITIZENSHIP & IMMIGRATION
SERVICES
DIRECTORFEMA
DIRECTOR US SECRET SERVICE
COMMANDANTUS COAST GUARD
DIRECTOR OF OPERATIONS
COORDINATION
ASSISTANT SECRETARYOFFICE OF
INTELLIGENCE & ANALYSIS
LABOR RELATIONS BOARD
FEDERAL LAW ENFORCEMENT
TRAINING CENTER
MILITARYLIAISON
12 February 2008 11
Science and Technology (S&T) Mission
Conduct, stimulate, and enable research, development, test, evaluation and timely transition of homeland security capabilities to federal, state and local operational end-users.
12 February 2008 12
12 February 2008 13
DHS S&T Investment PortfolioBalance of Risk, Cost, Impact, and Time to Delivery
Product Transition (0-3 yrs) Focused on delivering near-term
products/enhancements to acquisition
Customer IPT controlled Cost, schedule, capability metrics
Innovative Capabilities (2-5 yrs) High-risk/High payoff “Game changer/Leap ahead”
Prototype, Test and Deploy HSARPA
Basic Research (>8 yrs) Enables future paradigm changes Univ. fundamental research Gov’t lab discovery and invention
Mandated Spending (0-8+ yrs) Required by Administration
(HSPDs) Congressional direction/law
Customer Focused, Output Oriented
12 February 2008 14
R&D
SBIRsBAAs
DNSSEC
Cyber SecurityAssessment
SPRI
Emerging Threats
Rapid Prototyping External (e.g., I3P)
R&D Execution Model
Solicitation Preparation
Pre R&D
CIP Sector Roadmaps
Workshops
Customers
Critical Infrastructure
Providers
Critical Infrastructure
Providers
Customers * NCSD * NCS * OCIO * USSS * National
Documents
Other Sectorse.g., Banking &
Finance
PrioritizedRequirements
R&DCoordination – Government
& Industry
Experimentsand Exercises
Post R&D
Outreach – Venture Community &
Industry
Supporting Programs
PREDICTDETER
12 February 2008 15
Cyber Security Program Areas
Information Infrastructure Security Domain Name System Security (DNSSEC) Secure Protocols for the Routing Infrastructure (SPRI) Cyber Security Assessment
Cyber Security Research Tools and Techniques Cyber Security Testbed (DETER) Large Scale Datasets (PREDICT) Experiments and Exercises
Next Generation Technologies BAA 04-17, BAA 07-09
Other Activities (SBIR, RTAP, Emerging Threats)
12 February 2008 16
DHS / NSF Cyber Security Testbed “Justification and Requirements for a National DDOS
Defense Technology Evaluation Facility”, July 2002 We still lack large-scale deployment of security technology
sufficient to protect our vital infrastructures Recent investment in research on cyber security technologies by
government agencies (NSF, DARPA, armed services) and industry. One important reason is the lack of an experimental infrastructure
and rigorous scientific methodologies for developing and testing next-generation defensive cyber security technology
The goal is to create, operate, and support a researcher-and-vendor-neutral experimental infrastructure that is open to a wide community of users and produce scientifically rigorous testing frameworks and methodologies to support the development and demonstration of next-generation cyber defense technologies
12 February 2008 17
DETER Users Map – over 60 sites
12 February 2008 18
A Protected REpository for Defense of Infrastructure against Cyber Threats
PREDICT Program Objective“To advance the state of the research and commercial development (of network security ‘products’) we need to produce datasets for information security testing and evaluation of maturing networking technologies.”
Rationale / Background / Historical: Researchers with insufficient access to data unable to adequately test
their research prototypes Government technology decision-makers with no data to evaluate
competing “products”
End Goal: Improve the quality of defensive cyber security technologies
End Goal: Improve the quality of defensive cyber security technologies
12 February 2008 20
SponsorLetter
PREDICT Repository Access ProcessPREDICT Coordination Center(Government-funded, Externally hosted)
DataProviders
Researchers
DataHosting
Sites
DataListing
InstitutionalSponsorship
MOAMOA
MOAs
Accept / DenyNotification
PublicationReviewBoard
After Research(if required)
Get Data
ProposalReviewBoard
Proposal
MOA
12 February 2008 21
Data Collection Activities
Classes of data that are interesting, people want collected, and seem reasonable to collect Netflow Packet traces – headers and full packet (context dependent) Critical infrastructure – BGP and DNS data Topology data IDS / firewall logs Performance data Network management data (i.e., SNMP) VoIP (2200 IP-phone network) Blackhole Monitor traffic
12 February 2008 22
PREDICT Summary
Why do we think PREDICT has a chance for success? DHS has included the security and networking
communities DHS has included the legal community from the start DHS has included the privacy community from the start
EFF, CDT, ACLU comments incorporated into system processes Included government privacy officials
Managing external facing processes
What else are we doing? Recent BAA 07-09
Technical Topic Area (TTA) 8 – Data Anonymization– Focused on new ideas and techniques to improve data protection
12 February 2008 23
Cyber Security R&DBroad Agency Announcement (BAA) A critical area of focus for DHS is the development and
deployment of technologies to protect the nation’s cyber infrastructure including the Internet and other critical infrastructures that depend on computer systems for their mission. The goals of the Cyber Security Research and Development (CSRD) program are: To perform research and development (R&D) aimed at improving the
security of existing deployed technologies and to ensure the security of new emerging systems;
To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure.
To facilitate the transfer of these technologies into the national infrastructure as a matter of urgency.
http://www.hsarpabaa.com
12 February 2008 24
BAA Program / Proposal Structure NOTE: Deployment Phase = Test, Evaluation, and Pilot
deployment in (DHS) “customer” environments Type I (New Technologies)
New technologies with an applied research phase, a development phase, and a deployment phase (optional)
Funding not to exceed 36 months (including deployment phase)
Type II (Prototype Technologies) More mature prototype technologies with a development phase and a
deployment phase (optional) Funding not to exceed 24 months (including deployment phase)
Type III (Mature Technologies) Mature technology with a deployment phase only.
Funding not to exceed 12 months
12 February 2008 25
BAA 07-09 Technical Topic Areas Botnets and Other Malware: Detection and Mitigation Composable and Scalable Secure Systems Cyber Security Metrics Network Data Visualization for Information Assurance Internet Tomography / Topography Routing Security Management Tool Process Control System Security
Secure and Reliable Wireless Communication for Control Systems Real-Time Security Event Assessment and Mitigation
Data Anonymization Tools and Techniques Insider Threat Detection and Mitigation
12 February 2008 26
Partnership Project LOGIIC is a model for
government-industry technology integration and demonstration efforts to address critical R&D needs
Industry contributes Requirements and operational expertise Project management Product vendor channels
DHS S&T contributes National Security Perspective on threats Access to long term security research Independent researchers with technical expertise Testing facilities
12 February 2008 27
Assist commercial companies in providing technology to DHS and other government agencies Emerging Security Technology Forum (ESTF)
Assist DHS S&T-funded researchers in transferring technology to larger, established security technology companies System Integrator Forum (Feb. 21, 2008)
Partner with the venture capital community to transfer technology to existing portfolio companies, or to create new ventures Cyber Entrepreneurs Workshop (Mar. 11, 2008)
Commercial Outreach Strategy
EstablishedCommercialCompanies
EmergingCommercialCompanies
GovernmentFunder/Customer
DHSResearchers
CommercialCustomers
12 February 2008 28
System Integrator Forum 2008 IronKey, Palo Alto, CA
Secure USB Token HBGary, Chevy Chase, MD
Malware Discovery Tool Grammatech, Ithaca, NY
Software Analysis (Binary and Source) George Mason Univ, Fairfax, VA
Network Vulnerability Analysis/Discovery Endeavor Systems, Arlington, VA
Pattern Recognition and Signature Analysis
2008 SIF – February 21 in WDC (see website)
12 February 2008 29
IT Security Entrepreneur Forum (ITSEF)
Hot Topics - Current Market Trends and Conditions How to Optimize Having the Government as Your Partner Communicating Your Value Proposition The Risks and Rewards of Selling to the Government Navigating the Government Procurement Process from A to Z Financing Your Startup in the Information Security Space
through Government Funds 2008 ITSEF – March 11 @ Stanford
http://www.publicprivatepartnerships.org
12 February 2008 30
University ProgramsCenters of Excellence (COE) Program Goals
Develop the management and communications infrastructure to produce, share and transition Centers’ research results, data and technology to analysts and policymakers
Align existing Centers and establish new Centers and initiatives to align with S&T Divisions’ research and development activities, and address additional DHS needs
Deliver the Centers’ advanced research products, technology and educated workforce that DHS will need to protect the country for the foreseeable future
12 February 2008 31
Center for Risk & Economic Analysis of Terrorism Events (CREATE)Based at the Univ. of Southern California
National Center for Food Protection & Defense (NCFPD)Based at the Univ. of Minnesota
National Center for Foreign Animal & Zoonotic Disease Defense (FAZD)Based at Texas A&M Univ.
National Consortium for the Study of Terrorism & Responses to Terrorism (START)Based at the Univ. of Maryland
National Center for Preparedness & Catastrophic Event Response (PACER)Based at Johns Hopkins Univ.
Current Centers of Excellence
12 February 2008 32
Center for Advancing Microbial Risk Assessment (CAMRA)Based at Michigan State Univ., in Partnership with U.S. EPA
Univ. Affiliate Centers to the Institute for Discrete Sciences (IDS-UACs)In Partnership with Lawrence Livermore National Laboratory:
Rutgers Univ. (Lead Center), Univ. of Southern California,Univ. of Illinois at Urbana-Champaign, Univ. of Pittsburgh
Regional Visualization & Analytics Centers (RVACs)In Partnership with National VAC at Pacific Northwest National Laboratory:
Penn State Univ., Purdue Univ., Stanford Univ., Univ. of North Carolina at Charlotte, Univ. of Washington
Southeast Regional Research Initiative (SERRI)
Kentucky Critical Infrastructure Protection Institute (KCI)
Centers of Excellence, cont.
Other University Research Initiatives
12 February 2008 33
New Centers Beginning in FY 2007-08
• COE for Explosives Detection, Mitigation and Response (Funded FY2007)
• COE for Border Security and Immigration (Funded FY2007)
• Northern Forest Borders• Southwest Desert Borders
• COE for Maritime, Island & Remote/Extreme Environment Security (Funded FY2007)
• COE for Natural Disasters, Coastal Infrastructure and Emergency Management (Funded FY2008)
12 February 2008 34
Education Programs
Individual Scholarships and Fellowships Institutional Scholarships & Fellowships Summer Internships AAAS/AVMA Visiting Scholars Post-Doc Program
12 February 2008 35
R&D Studies / Reports 1997 - President’s Commission on Critical
Infrastructure Protection (PCCIP) Critical Foundations: Protecting America’s Infrastructures
1999 – National Research Council Computer Science and Telecommunication Board Trust in Cyberspace
2003 - National Strategy to Secure Cyberspace http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf
2003 – Institute for Information Infrastructure Protection (I3P) Cyber Security Research And Development Agenda
2003 – Computing Research Association Four Grand Challenges in Trustworthy Computing
12 February 2008 36
R&D Studies / Reports (2) 2004 – National Infrastructure Advisory Council (NIAC)
Hardening The Internet 2005 - President's Information Technology
AdvisoryCommittee (PITAC) Cyber Security: A Crisis of Prioritization
http://www.nitrd.gov/pitac/reports/20050301_cybersecurity/cybersecurity.pdf
2005 – Infosec Research Council (IRC) Hard Problems List
2006 – National Science and Technology Council (NSTC) Federal Plan for Cyber Security and Information Assurance Research
and Development 2007 – National Research Council Computer Science and
Telecommunication Board Toward a Safer and More Secure Cyberspace
12 February 2008 37
R&D Matrix
Document Date Iden
tity
Man
agem
ent
Insi
der
Thr
eat
Sys
tem
Ava
ilabi
lity
Bui
ld S
ecur
e S
yste
ms
Situ
atio
nal U
nder
stan
ding
Info
rmat
ion
Pro
vena
nce
Sec
urity
wity
Priv
acy
Sec
urity
Met
rics
Elim
inat
e A
ttac
ks
Ris
k A
naly
sis
Sec
ure
Ubi
quito
us C
ompu
ting
Ent
erpr
ise
Sec
urity
Man
agem
ent
Sec
urity
Vul
nera
bilit
y D
isco
very
Res
pons
e an
d R
ecov
ery
Tra
ceba
ck,
Att
ribut
ion,
and
For
ensi
cs
Law
, P
olic
y, a
nd E
cono
mic
Iss
ues
Inte
rnet
Inf
rast
ruct
ure
Ano
mal
y D
etec
tion
Too
ls
Inad
equa
te F
undi
ng f
or R
&D
Pro
mot
e re
crui
tmen
t of
res
earc
hers
and
stu
dent
s
Str
engt
hen
tech
nolo
gy t
rans
ition
Impr
ove
Gov
ernm
ent
R&
D C
oord
inat
ion
Tes
tbed
s
Impr
oved
Aut
hent
icat
ion
and
Key
Man
agem
ent
Pres Commission on CIP Oct. 1997 X X X X X X XTrust in Cyberspace 1999 X X X X X X X XI3P R&D Agenda Jan. 2003 X X X X X X X XNat'l Strategy to Secure Cyberspace Mar. 2003 X X X X XComputing Research AssocTrustworthy Computing
Nov. 2003 X X X X
NIAC Hardening the Internet Oct. 2004 X X X XPITAC - Cyber Security: ACrisis of Prioritization
Feb. 2005 X X X X X X X X X X X X X X
Infosec Research Council Hard Problems List
Nov. 2005 X X X X X X X X
Federal R&D Plan Apr. 2006 X X X X X X X X X X X X X X X X X X X X X X X XNRC - Safer Cyberspace Jul. 2007 X X X X X X X X
12 February 2008 38
High ConfidenceSoftware and
Systems (HCSS)Coordinating Group
Human Computer Interaction and
Information Management (HCI&IM)Coordinating Group
Software Design and Productivity (SDP)
Coordinating Group
Social, Economic, and Workforce
Implications of IT and IT Workforce
Development (SEW)Coordinating Group
NITRD Program Coordination
Office of Science and Technology Policy
National Coordination Office (NCO) for Networking and Information Technology
Research and Development
Cyber Security and Information Assurance (CSIA)
Interagency Working Group
Cyber Security and Information Assurance (CSIA)
Interagency Working Group
Large Scale Networking (LSN)
Coordinating Group
Subcommittee on Networking and Information Technology Research and
Development (NITRD)
NITRD AgencyAuthorization and Appropriations
Legislation
High End Computing (HEC)Interagency Working GroupHigh End Computing (HEC)Interagency Working Group
Subcommittee on Infrastructure
Subcommittee on Infrastructure
White HouseExecutive Office of the President
Committee on Homeland and
National Security
Committee on Homeland and
National Security
Committee on Technology
Committee on Technology
U.S. Congress
National Science and Technology CouncilNational Science and Technology Council
12 February 2008 39
Tackling Cyber Security R&D Challenges: Not Business as Usual
Key people (i.e., Congress) now paying attention Close coordination with other Federal agencies Outreach to communities outside of the Federal
government Building public-private partnerships (the industry-
government *dance* is a new tango) Need a stronger emphasis on technology diffusion
and technology transfer Migration paths to a more secure infrastructure Awareness of economic realities
12 February 2008 40
Douglas Maughan, Ph.D.
Program Manager, CCI
202-254-6145 / 202-360-3170
For more information, visithttp://www.cyber.st.dhs.gov