1 / 42

Current R&D Initiatives in Cybersecurity

Dept. of Homeland Security Science & Technology Directorate. Current R&D Initiatives in Cybersecurity. UMD / Google College Park, MD December 1, 2011. Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA)

howell
Download Presentation

Current R&D Initiatives in Cybersecurity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dept. of Homeland Security Science & Technology Directorate Current R&D Initiatives in Cybersecurity UMD / Google College Park, MD December 1, 2011 Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) douglas.maughan@dhs.gov 202-254-6145 / 202-360-3170

  2. Cyberspace Definitions “Cyberspace is [our nation’s critical infrastructures’] nervous system—the control system of our country. Cyberspace is composed of hundreds of thousands of interconnected computers, servers, routers, switches, and fiber optic cables that allow our critical infrastructures to work.” National Strategy to Secure Cyberspace, 2003 “Cyberspace means the interdependent network of IT infrastructures, and includes the internet, telecomms networks, computer systems, and embedded processors and controllers in critical industries” NSPD 54, 8 Jan 2008 “The interdependent network of information and communications technology infrastructures, including the Internet, telecommunications networks, computer systems and networks, and embedded processors and controllers in facilities and industries.” White House Cyberspace Policy Review, May 2009 “The terms cyber security and information assurance refer to measures for protecting computer systems, networks, and information from disruption or unauthorized access, use, disclosure, modification, or destruction.” Federal Plan for Cyber Security and Information Assurance Research and Development, Apr 2006 “A cyber environment includes users, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks. International Telecommunications Union X.1205, Overview of Cybersecurity, Oct 2008

  3. Comprehensive National Cybersecurity Initiative (CNCI) Establish a front line of defense Reduce the Number of Trusted Internet Connections Deploy Passive Sensors Across Federal Systems Pursue Deployment of Automated Defense Systems Coordinate and Redirect R&D Efforts Resolve to secure cyberspace / set conditions for long-term success Develop Gov’t-wide Counterintelligence Plan for Cyber Increase Security of the Classified Networks Expand Education Connect Current Centers to Enhance Situational Awareness Shape future environment / secure U.S. advantage / address new threats Define and Develop Enduring Leap Ahead Technologies, Strategies & Programs Define and Develop Enduring Deterrence Strategies & Programs Manage Global Supply Chain Risk Cyber Security in Critical Infrastructure Domains http://cybersecurity.whitehouse.gov 3

  4. NITRD Structure for Cybersecurity R&D Coordination OSTP OMB National Science and Technology Council Senior representatives from agencies conducting NIT R&D NITRD Subcommittee National Coordination Office for NITRD Senior representatives from agencies with national cybersecurity missions National security systems R&D Cybersecurity R&D Senior Steering Group Special Cyber Operations Research and Engineering (SCORE) Interagency Working Group Program managers with cybersecurity R&D portfolios Cyber Security and Information Assurance Interagency Working Group (CSIA IWG)

  5. Federal Gov’t Cyber Research Community

  6. Federal CybersecurityResearch and Development Program: Strategic Plan

  7. Federal Cybersecurity R&D Strategic Plan • Research Themes • Tailored Trustworthy Spaces • Moving Target Defense • Cyber Economics and Incentives • Designed-In Security (New for FY12) • Science of Cyber Security • Transition to Practice • Technology Discovery • Test & Evaluation / Experimental Deployment • Transition / Adoption / Commercialization • Support for National Priorities • Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education), Financial Services

  8. Quadrennial Homeland Security Review

  9. DHS S&T Mission Strengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise

  10. Cyber Security Division (CSD) R&D Execution Model

  11. Sample Product List • Ironkey – Secure USB • Standard Issue to S&T employees from S&T CIO • Coverity – Open Source Hardening (SCAN) • Analyzes 150+ open source software packages daily (later) • USURF – Cyber Exercise Planning tool • Recently used in MA & WA state cyber exercises • Secure64 – DNSSEC Automation • Several commercial customers; Government pilots underway • HBGary – Memory and Malware Analysis • 12-15 pilot deployments as part of Cyber Forensics program

  12. Sample Product List - 2 • Grammatech – Binary Analysis tools • Used by several Intel agencies; commercially available • Telcordia – Automated Vulnerability Analysis • In use by DOD, SEC • GMU – Network Topology Analysis (Cauldron) • In use at FAA, several commercial customers • Stanford – Anti-Phishing Technologies • Open source; most browsers have included Stanford R&D • Secure Decisions – Data Visualization • Pilot with DHS/NCSD/US-CERT in progress

  13. Cyber Security Program Areas • Research Infrastructure to Support Cybersecurity (RISC) • Trustworthy Cyber Infrastructure (TCI) • Cyber Technology Evaluation and Transition (CTET) • Foundational Elements of Cyber Systems (FECS) • Cybersecurity User Protection and Education (CUPE)

  14. Research Infrastructure (RISC) • Experimental Research Testbed (DETER) • Researcher and vendor-neutral experimental infrastructure • DETER - http://www.isi.edu/deter/ • Research Data Repository (PREDICT) • Repository of network data for use by the U.S.- based cyber security research community • PREDICT – https://www.predict.org • Software Quality Assurance (SWAMP) • A software assurance testing and evaluation facility and the associated research infrastructure services

  15. Trustworthy Cyber Infrastructure • Secure Protocols • DNSSEC – Domain Name System Security • SPRI – Secure Protocols for Routing Infrastructure • Process Control Systems • LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity • TCIPG – Trustworthy Computing Infrastructure for the Power Grid • Internet Measurement and Attack Modeling • Geographic mapping of Internet resources • Logically and/or physically connected maps of Internet resources • Monitoring and archiving of BGP route information

  16. Evaluation and Transition (CTET) • Assessment and Evaluations • Red Teaming of DHS S&T-funded technologies • Experiments and Pilots • Experimental Deployment of DHS S&T-funded technologies into operational environments • Transition to Practice (CNCI) • New FY12 Initiative

  17. Foundational Elements (FECS) • Enterprise Level Security Metrics and Usability • Homeland Open Security Technology (HOST) • Software Quality Assurance • Cyber Economic Incentives (CNCI) • New FY12 Initiative • Leap Ahead Technologies (CNCI) • Moving Target Defense (CNCI) • New FY12 Initiative • Tailored Trustworthy Spaces (CNCI) • New FY12 Initiative

  18. Cybersecurity Users (CUPE) • Cyber Security Competitions • National Initiative for Cybersecurity Education (NICE) • NCCDC (Collegiate); U.S. Cyber Challenge (High School) • Cyber Security Forensics • Support to DHS and other Law Enforcement customers • Identity Management • National Strategy for Trusted Identities in Cyberspace (NSTIC) • Data Privacy Technologies • New Start in FY13

  19. DHS S&T Cybersecurity Program PEOPLE Cyber Economic Incentives Moving Target Defense Tailored Trustworthy Spaces Leap Ahead Technologies Transition To Practice Identity Management Enterprise Level Security Metrics & Usability Data Privacy Cyber Forensics Competitions SYSTEMS Secure Protocols Software Quality Assurance Homeland Open Security Technology Experiments & Pilots Assessments & Evaluations INFRASTRUCTURE Process Control Systems Internet Measurement & Attack Modeling RESEARCH INFRASTRUCTURE Experimental ResearchTestbed (DETER) Research Data Repository (PREDICT) Software Quality Assurance (SWAMP)

  20. Small Business Innovative Research (SBIR) • FY04 • Cross-Domain Attack Correlation Technologies (2) • Real-Time Malicious Code Identification (2) • Advanced SCADA and Related Distributed Control Systems (5) • FY05 • Hardware-assisted System Security Monitoring (4) • FY06 • Network-based Boundary Controllers (3) • Botnet Detection and Mitigation (4) • FY07 • Secure and Reliable Wireless Communication for Control Systems (2) • FY09 • Software Testing and Vulnerability Analysis (3) • FY10 • Large-Scale Network Survivability, Rapid Recovery, and Reconstitution (1) • FY11 • Mobile Device Forensics • FY12 • Moving Target Defense

  21. Small Business Innovative Research (SBIR) • Important program for creating new innovation and accelerating transition into the marketplace • Since 2004, DHS S&T Cyber Security has had: • 60 Phase I efforts • 27 Phase II efforts • 4 Phase II efforts currently in progress • 9 commercial/open source products available • Three acquisitions • Komoku, Inc. (MD) acquired by Microsoft in March 2008 • Endeavor Systems (VA) acquired by McAfee in January 2009 • Solidcore (CA) acquired by McAfee in June 2009

  22. HSARPA Cyber Security R&D Broad Agency Announcement (BAA) 11-02 • Delivers both near-term and medium-term solutions • To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure, based on customer requirements • To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging cybersecurity systems; • To facilitate the transfer of these technologies into operational environments. • Proposals Received According to 3 Levels of Technology Maturity Type I (New Technologies) • Applied Research Phase • Development Phase • Demo in Op Environ. • Funding ≤ $3M & 36 mos. Type III (Mature Technologies) • Mature Technology • Demo Only in Op Environ. • Funding ≤ $750K & 12 mos. Type II (Prototype Technologies) • More Mature Prototypes • Development Phase • Demo in Op Environ. • Funding ≤ $2M & 24 mos. Note: Technology Demonstrations = Test, Evaluation, and Pilot deployment in DHS “customer” environments

  23. Technical Topic Areas (TTAs) • TTA-1 Software Assurance DHS, FSSCC • TTA-2 Enterprise-level Security Metrics DHS, FSSCC • TTA-3 Usable Security DHS, FSSCC • TTA-4Insider Threat DHS, FSSCC • TTA-5Resilient Systems and Networks DHS, FSSCC • TTA-6Modeling of Internet Attacks DHS • TTA-7 Network Mapping and Measurement DHS • TTA-8 Incident Response Communities DHS • TTA-9 Cyber Economics CNCI • TTA-10 Digital Provenance CNCI • TTA-11 Hardware-enabled Trust CNCI • TTA-12 Moving Target Defense CNCI • TTA-13Nature-inspired Cyber Health CNCI • TTA-14Software Assurance MarketPlaceS&T (SWAMP)

  24. President’s Commission on CIP (PCCIP) NRC CSTB Trust in Cyberspace I3P R&D Agenda National Strategy to Secure Cyberspace Computing Research Association – 4 Challenges NIAC Hardening the Internet PITAC - Cyber Security: A Crisis of Prioritization IRC Hard Problems List NSTC Federal Plan for CSIA R&D NRC CSTB Toward a Safer and More Secure Cyberspace 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 Timeline of Past Research Reports All documents available at http://www.cyber.st.dhs.gov

  25. A Roadmap for Cybersecurity Research • http://www.cyber.st.dhs.gov • Scalable Trustrworthy Systems • Enterprise Level Metrics • System Evaluation Lifecycle • Combatting Insider Threats • Combatting Malware and Botnets • Global-Scale Identity Management • Survivability of Time-Critical Systems • Situational Understanding and Attack Attribution • Information Provenance • Privacy-Aware Security • Usable Security

  26. So what if I take over a botnet to do my research? An examination of the current state of Ethics in Information and Communications Technology Research

  27. What are ethics? • “The field of ethics (or moral philosophy) involves systematizing, defending, and recommending concepts of right and wrong behavior.” • Normative ethics, is concerned with developing a set of morals or guiding principles intended to influence the conduct of individuals and groups within a population (i.e., a profession, a religion, or society at large).

  28. Ethics != Law • “Law can be defined as a consistent set of universal rules that are widely published, generally accepted, and usually enforced” • Interrelated but by no means identical (e.g., legal but not ethical, ethical but not legal) • Adherence to ethical principles may be required to meet regulatory requirements surrounding academic research • A law may illuminate the line between beneficial acts and harmful ones. • If the computer security research community develops ethical principals and standards that are acceptable to the profession and integrates those as standard practice, it makes it easier for legislatures and courts to effectively perform their functions.

  29. (Normative) Computer Ethics “A typical problem in computer ethics arises because there is a policy vacuum about how computer technology should be used. Computers provide us with new capabilities and these in turn give us new choices for action. Often, either no policies for conduct in these situations exist or existing policies seem inadequate. A central task of computer ethics is to determine what we should do in such cases, i.e., to formulate policies to guide our actions.” - James Moor, 1985

  30. The Belmont Report "Ethical Principles and Guidelines for the Protection of Human Subjects of Research”, US Department of Health, Education, and Welfare, April 18,1979 IRBs help ensure that research conforms with the ethical principles of the Belmont Report

  31. What is the role of an IRB? Institutional Review Board (IRBs) are responsible for: • Protecting “human subjects”involved in research • Proper informed consent – or waiver of consent • Special protections for vulnerable populations • Strong privacy and confidentiality protections • Can allow deception in some research • IRBs generally review medical or social/behavioral/educational research, not network/security research. Question: Should the IRB review network/security research?

  32. What is a “human subject” ? The Federal human subjects regulations (45 CFR 46.102(f)) define a human subject as: “a living individual about whom an investigator…conducting research obtains either: (1) data through intervention or interaction with the individual -OR- (2) identifiable private information.”

  33. What is Network and Security Research? Network and Security Research, or Information Communication Technology (ICT) Research involves: • the collection, use and disclosure of information collected via networks or using hardware and software associated with information technology • Examples include: • Phishing experiments • Botnets • Honeypots • Analysis of internet network traffic

  34. Ethical Challenges in ICT Research ICT research differs from traditional human subjects research which poses new ethical challenges: • Interactions with humans are often indirect with intervening technology • It is often not feasible to obtain informed consent • Deception may be necessary • There are varying degrees of linkage between data and individuals’ identities for behaviors • Researchers can easily engage millions of “subjects” and billions of associated data “objects” simultaneously.

  35. Comparing ICTR and Medical Research How is ICTR like researching health issues? • Identity of subjects • Risk of harm to subjects • Subjects of research are also the beneficiaries How is ICTR not likeresearching health issues? • Research “subjects” could be criminals, their tools, or computers owned by innocent 3rd parties • Researchers are sometimes indistinguishable from criminals controlling a botnet • Viruses/cancers don’t adapt due to our publications • Harm primarily financial, but unintended consequences could affect uninvolved 3rd parties (and their customers)

  36. The Menlo Report "Ethical Principles Guiding Information and Communication Technology Research” Supported by US Department of Homeland Security (unpublished 2011).

  37. Our Education Problem Problem: The U.S. is not producing enough computer scientists and CS degrees • CS/CE enrollments are down 50% from 5 years ago1 • CS jobs are growing faster than the national average2 Taulbee Survey, CRA BLS Computer Science/STEM have been the basis for American growth for 60 years The gap in production of CS threatens continued growth and also national security Defense, DHS, CNCI and industry all need more CS and CE competencies now 1Taulbee Survey 2006-2007, Computer Research Association, May 2008 Computing Research News, Vol. 20/No. 3 2Nicholas Terrell, Bureau of Labor Statistics, STEM Occupations, Occupational Outlook Quarterly, Spring 2007

  38. National Initiative for Cybersecurity Education (NICE) • National Cybersecurity Awareness (Lead: DHS). • Public service campaigns to promote cybersecurity and responsible use of the Internet • Formal Cybersecurity Education (Co-Leads: DoEd and OSTP). • Education programs encompassing K-12, higher education, and vocational programs related to cybersecurity • Federal Cybersecurity Workforce Structure (Lead: OPM). • Defining government cybersecurity jobs and skills and competencies required. • New strategies to ensure federal agencies attract, recruit, and retain skilled employees to accomplish cybersecurity missions. • Cybersecurity Workforce Training and Professional Development (Tri-Leads: DoD, ODNI, DHS). • Cybersecurity training and professional development required for federal government civilian, military, and contractor personnel.

  39. CCDC Mission • The mission of the Collegiate Cyber Defense Competition (CCDC) system is to provide institutions with an information assurance or computer security curriculum a controlled, competitive environment to assess a student's depth of understanding and operational competency in managing the challenges inherent in protecting a corporate network infrastructure and business information systems. • CCDC Events are designed to: • Build a meaningful mechanism by which institutions of higher education may evaluate their current educational programs • Provide an educational venue in which students are able to apply the theory and practical skills they have learned in their course work • Foster a spirit of teamwork, ethical behavior, and effective communication both within and across teams • Create interest and awareness among participating institutions and students

  40. U.S. Cyber Challenge • DC3 Digital Forensics Challenge • An Air Force Association national high school cyber defense competition • CyberPatriot Defense Competition • A Department of Defense Cyber Crime Center competition focusing on cyber investigation and forensics • Netwars Capture-the-Flag Competition • A SANS Institute challenge testing mastery of vulnerabilities

  41. Summary • Cybersecurity research is a key area of innovation needed to support our future • DHS S&T continues with an aggressive cyber security research agenda • Working to solve the cyber security problems of our current (and future) infrastructure and systems • Working with academe and industry to improve research tools and datasets • Looking at future R&D agendas with the most impact for the nation, including education • Need to continue strong emphasis on technology transfer and experimental deployments

  42. Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) douglas.maughan@dhs.gov 202-254-6145 / 202-360-3170 For more information, visithttp://www.cyber.st.dhs.gov

More Related