An Update from Washington Cybersecurity / R&D Douglas Maughan, - - PowerPoint PPT Presentation

An Update from Washington – Cybersecurity / R&D

Homeland Security Advanced Research Projects Agency

Douglas Maughan, Ph.D. Division Director October 30, 2012

http://www.cyber.st.dhs.gov

Environment: Greater Use of Technology, More Threats, Less Resources

Globalization & Transportation Natural Disasters & Pushing Beyond Design Limits Misuse of Technology Border Security & Immigration Cyber Domain

L E S S R E S O U R C E S MORE THREATS

Violent Extremism Nature of Innovation Both sides get to innovate Predictive & Reactive Aviation as an example … Low cost

• f entry

Strategic potential Anywhere in the world in 24 hours Historical Perspective Tenuous balance Insider Threat

September 2012 Cyber Events

• 3

Chinese Hackers Blamed for Intrusion at Energy Industry Giant Telvent - 09/25/2012 Secret account in mission- critical router opens power plants to tampering

• 9/5/2012

Unknown amount of Tiffany & Co. employees‘ account information exposed by unauthorized access to JPMorgan Chase Bank’s servers

• 9/5/12

Twitter users dealt malicious links via direct messages

• 9/26/12

Mozilla releases patches for more than 30 Firefox bugs - 9/1/12 DDoS attacks hit Wells Fargo, PNC Bank, U.S. Bancorp

• 9/27/12

DHS S&T Mission Guidance

Strategic Guidance Operational Directives

HSPD-5 National Incident Management System (2003) PPD-8 National Preparedness (2011) HSPD-22 Domestic Chemical Defense (2007) HSPD-9 Defense of U.S. Agriculture & Food (2004) HSPD-10 Biodefense for the 21st Century (2004) Homeland Security Act 2002 QHSR (Feb 2010) BUR (July 2010)

• 1. Preventing terrorism & enhancing security
• 2. Securing and managing our borders
• 3. Enforcing & administering immigration laws
• 4. Safeguarding and securing cyberspace
• 5. Ensuring resilience to disasters

Prevention, Protection, Mitigation, Response, Recovery

S&T Strategic Plan (2011)

Smaller Scale Terrorism Trafficking, Crime Pandemics, Accidents, Natural Hazards Violent Extremism High Consequence WMD Threats Core Missions

QHSR

Comprehensive National Cybersecurity Initiative (CNCI)

Reduce the Number of Trusted Internet Connections Deploy Passive Sensors Across Federal Systems Pursue Deployment of Automated Defense Systems Coordinate and Redirect R&D Efforts

Establish a front line of defense

Connect Current Centers to Enhance Situational Awareness Develop Gov’t-wide Counterintelligence Plan for Cyber Increase Security of the Classified Networks Expand Education

Resolve to secure cyberspace / set conditions for long-term success

Define and Develop Enduring Leap Ahead Technologies, Strategies & Programs Define and Develop Enduring Deterrence Strategies & Programs Manage Global Supply Chain Risk Cyber Security in Critical Infrastructure Domains

http://cybersecurity.whitehouse.gov Operational – NPPD and Inter-agency (S&T supporting NPPD) Classified – Intel Community/Inter-agency S&T CSD not involved S&T – part

• f SSG

NICE – S&T involved S&T – $18M FY12 OMB add NIPP -S&T involved Inter-agency Programs S&T CSD not involved Shape future environment / secure U.S. advantage / address new threats

A NATIONAL PROBLEM

• 6
• The Nation needs greater cybersecurity awareness and more

cybersecurity experts.

• There is a lack of communication between government, private

industry, and academia.

• Many cybersecurity training programs exist but there is little

consistency among programs, and potential employees lack information about the skills needed for jobs.

• Cybersecurity Career development and scholarships are available but

uncoordinated, and the resources that do exist are difficult to find.

NICE was established in support

• f the Comprehensive National

Cybersecurity Initiative (CNCI) – Initiative 8: Expand Cyber Education – Interim Way Forward and is comprised of over 20 federal departments and agencies.

Cybersecurity for the 18 Critical Infrastructure Sectors

In the future, DHS will provide cybersecurity for …  The .gov and critical .com domains with a mix of:

• Managed security services
• Developmental activities
• Information sharing

 Linkages to our U.S. – CERT (Computer Emergency Readiness Team) DHS provides advice and alerts to the 18 critical infrastructure areas … … DHS collaborates with sectors through Sector Coordinating Councils (SCC)

National Cybersecurity and Communications Integration Center (NCCIC) is a 24x7 center for production of a common

• perating picture …

DHS Cyber Skills Task Force (CSTF)

• Established June 6, 2012 as

part of the Homeland Security Advisory Council

• Over 50 interviews (DHS

internal and external)

• 1. Identify the best ways DHS

can foster the development of a national security workforce capable of meeting current and future cybersecurity challenges;

• 2. Outline how DHS can improve

its capability to recruit and retain that sophisticated cybersecurity talent.

8

Jeff Moss (Co-Chair) ICANN Alan Paller (Co-Chair) SANS Institute Steve Adegbite Lockheed Martin Asheem Chandna Greylock Partners Larry Cockell Time Warner, Inc. Robert Gallucci MacArthur Foundation John Gilligan Gilligan Group Steven Myers Steven Myers & Associates

• Dr. Michael Papay

Northrop Grumman Tony Sager National Security Agency Nicole Seligman Sony Corporation of America Michael Steed Paladin Capital Group Joe Sullivan Facebook Roy Vallee Avnet, Inc. Rita Wells Idaho National Laboratory

DHS Cyber Skills Task Force (CSTF) - 1

• Objective I: Ensure that the people given

responsibility for mission-critical cybersecurity roles and tasks at DHS have demonstrated that they have high proficiency in those areas.

• Recommendation 1: Adopt and maintain an authoritative list of

mission-critical cybersecurity tasks (Page 6).

• Recommendation 2: Develop training scenarios that enable

evaluation of mission-critical cybersecurity talent for each of the mission-critical tasks (Page 9).

• Recommendation 3: Adopt a sustainable model for assessing

the competency and progress of the existing and future DHS mission-critical cybersecurity workforce (Page 10).

9

DHS Cyber Skills Task Force (CSTF) - 2

• Objective II: Help DHS employees develop

and maintain advanced technical cybersecurity skills and render their working environment so supportive that qualified candidates will prefer to work at DHS.

• Recommendation 4: Establish a Department-level infrastructure

with direct responsibility for the development and oversight of the cybersecurity workforce (Page 12).

• Recommendation 5: Make the hiring process smooth and

supportive and make mission-critical cybersecurity jobs for the federal civilian workforce enticing in every dimension: in mission and service, skills, growth potential, and “total value proposition” (Page 14).

10

DHS Cyber Skills Task Force (CSTF) - 3

• Objective III: Radically expand the pipeline of highly

qualified candidates for technical mission-critical jobs through innovative partnerships with community colleges, universities, organizers of cyber competitions, and other federal agencies.

• Recommendation 6: Establish a two-year, community-college-

based program that identifies and trains large numbers of talented men and women to prepare them for mission-critical jobs in cybersecurity (Page 17).

• Recommendation 7: Raise the eligibility criteria for designation

as CAE and SFS schools to ensure that graduates are prepared to perform technical critical cybersecurity jobs (Page 19).

• Recommendation 8: Launch a major, sustained initiative to

enhance the opportunities for U.S. veterans to be trained for and hired in mission-critical cybersecurity jobs (Page 21).

11

DHS Cyber Skills Task Force (CSTF) - 4

• Objective IV: Focus the large majority of DHS’s near

term efforts in cybersecurity hiring, training, and human capital development on ensuring that the Department builds a team of approximately 600 federal employees with mission-critical cybersecurity skills.

• Recommendation 9: Until 600 employees are on board with

mission-critical skills, apply the large majority of direct hire authority related to information technology in the Department to bringing on people with technical mission critical cybersecurity skills (Page 22).

• Recommendation 10: Specify the mission-critical skills and level
• f proficiency needed in all cybersecurity-related contracting

(Page 23).

12

DHS Cyber Skills Task Force (CSTF) - 5

• Objective V: Establish a “CyberReserve”

program to ensure a cadre of technically proficient cybersecurity professionals are ready to be called upon if and when the nation needs them.

• Recommendation 11: Establish a pilot DHS CyberReserve

program that ensures DHS cyber alumni and other talented cybersecurity experts outside of government are known and available to DHS in times of need and determine how this program may be implemented long-term (Page 24).

13

DHS S&T Mission

Strengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise

1) Create new technological capabilities and knowledge products 2) Provide Acquisition Support and Operational Analysis 3) Provide process enhancements and gain efficiencies 4) Evolve US understanding of current and future homeland security risks and

• pportunities

14

FOCUS AREAS

• Bio
• Explosives
• Cybersecurity
• First Responders

CSD R&D Execution Model

• Ironkey – Secure USB

– Standard Issue to S&T employees from S&T CIO

• Komoku – Rootkit Detection

Technology

– Acquired by Microsoft

• HBGary – Memory and Malware

Analysis

– Over 100 pilot deployments as part of Cyber Forensics

• Endeavor Systems – Malware

Analysis tools

– Acquired by McAfee

• Stanford – Anti-Phishing

Technologies

– Open source; most browsers have included Stanford R&D

• Secure Decisions – Data

Visualization

– Pilot with DHS/NCSD/US-CERT; Acquisition

Successes Research Development Test and Evaluation & Transition (RDTE&T)

• Research Infra. to Support Cybersecurity (RISC)
• DETER Testbed; PREDICT Data Repository; SWAMP T&E

Environment for Software Assurance and SW Tools

• Trustworthy Cyber Infrastructure (TCI)
• Secure Protocols (DNSSEC, BGPSEC); LOGIIC (O&G); TCIPG

(E.S. w/DOE); DECIDE (F.S. w/FSSCC); Internet Measurement and Attack Modeling

• Foundational Elements of Cyber Systems (FECS)
• HOST Open Source Security, New areas from CNCI
• Cybersecurity User Protection and Education (CUPE)
• Competitions (NCCDC, USCC); Cyber Forensics; ID Mgmt / Data

Privacy (w/GSA for HSPD-12 and NSTIC more broadly)

• Cyber Technology Evaluation and Transition (CTET)
• Internal Red Teaming; Experiments and Pilots; Transition To

Practice (TTP)

16

Cyber Security R&D Program Areas

CSD Programs and Relationships - Across Layers

PEOPLE SYSTEMS INFRASTRUCTURE RESEARCH INFRASTRUCTURE

Secure Protocols Identity Management Enterprise Level Security Metrics & Usability Data Privacy Cyber Forensics Competitions - Education Process Control Systems Internet Measurement & Attack Modeling Experimental Research Testbed Research Data Repository Software Quality Assurance (SWAMP) Software Quality Assurance Homeland Open Security Technology Assessments & Evaluations Experiments & Pilots Cyber Economic Incentives Moving Target Defense Tailored Trustworthy Spaces Leap Ahead Technologies Transition To Practice

Cyber Security R&D Broad Agency Announcement (BAA)

• Delivers both near-term and medium-term solutions
• To develop new and enhanced technologies for the detection of,

prevention of, and response to cyber attacks on the nation’s critical information infrastructure, based on customer requirements

• To perform research and development (R&D) aimed at improving the

security of existing deployed technologies and to ensure the security of new emerging cybersecurity systems;

• To facilitate the transfer of these technologies into operational

environments.

• Proposals Received According to 3 Levels of Technology Maturity

Type I (New Technologies)  Applied Research Phase  Development Phase  Demo in Op Environ.  Funding ≤ $3M & 36 mos. Type II (Prototype Technologies)  More Mature Prototypes  Development Phase  Demo in Op Environ.  Funding ≤ $2M & 24 mos. Type III (Mature Technologies)  Mature Technology  Demo Only in Op Environ.  Funding ≤ $750K & 12 mos.

Note: Technology Demonstrations = Test, Evaluation, and Pilot deployment in DHS “customer” environments

18

BAA 11-02 Technical Topic Areas (TTAs)

TTA-1 Software Assurance DHS, FSSCC TTA-2 Enterprise-Level Security Metrics DHS, FSSCC TTA-3 Usable Security DHS, FSSCC TTA-4 Insider Threat DHS, FSSCC TTA-5 Resilient Systems and Networks DHS, FSSCC TTA-6 Modeling of Internet Attacks DHS TTA-7 Network Mapping and Measurement DHS TTA-8 Incident Response Communities DHS TTA-9 Cyber Economics CNCI TTA-10 Digital Provenance CNCI TTA-11 Hardware-Enabled Trust CNCI TTA-12 Moving Target Defense CNCI TTA-13 Nature-Inspired Cyber Health CNCI TTA-14 Software Assurance MarketPlace (SWAMP) S&T

• 1003 White Papers
• 224 Full Proposals encouraged
• 34 Awards – Sep/Oct 2012

19

• Int’l participation from AUS,

UK, CA, NL, SWE

• Over $4M of joint funding

BAA 11-02 Winning Awards

20

Applied Visions, Inc Oak Ridge National Laboratory Carnegie-Mellon University Pacific NW National Laboratory Columbia University Purdue University Def-Logix Raytheon BBN Technologies George Mason University Rutgers University Georgia Tech Research Corp. Princeton University HRL Laboratories, LLC University of Alabama at Birmingham IBM Research University of North Carolina International Computer Science Institute Dartmouth College ITT Advanced Engineering & Sciences Division Indiana University Kestrel Technology, LLC, Palo Alto, CA University of California, San Diego Merit Network Inc University of Houston Morgridge Institute for Research

University of Illinois at Urbana-Champaign

Naval Postgraduate School University of Maryland Northrop Grumman Information Systems USC Information Sciences Institute

Quad Chart

21 Operational Capability: Performance Targets:

• Deepen compliance testing & accelerate audits

Quantify Performance

• Complete flow analysis of system with 50 firewalls

and 1000 hosts in under 24 hours. Cost of Ownership

• Licensing terms are being studied

Meeting BAA Goals

• Delivers degree of compliance and defense-in-depth

metrics at enterprise level

• Metrics provide practical decision aid for

designing/modifying network architecture Schedule, Cost, Deliverables, & Contact Info. Deliverables NetAPT transitioned to commercial support Extensive training material Compliance and defense-in-depth metrics Vigorous promotion of use supporting NERC-CIP audits Contact Information Offeror : University of Illinois at Urbana-Champaign POC : Professor David M. Nicol Coordinated Science Lab 1308 West Main Street, Urbana, IL 61801 217 244-1925 dmnicol@illinois.edu Proposed Technical Approach Will bring enterprise-scale network connectivity metrics into practice in a significant critical infrastructure Tasks : * Develop training materials * Develop off-site NetAPT analysis capability * Develop/implement defense-in-depth metrics * Include layer-2 analysis Status --- NetAPT in use under evaluation licenses. Actions --- NetAPT used in NERC-CIP compliance testing of large electric utility On-going --- small effort in bug fixes, documentation

DHS S&T Long Range Broad Agency Announcement (LRBAA) 12-07

• S&T seeks R&D projects for revolutionary, evolving, and maturing

technologies that demonstrate the potential for significant improvement in homeland security missions and operations

• Offerors can submit a pre-submission inquiry prior to White Paper

submission that is reviewed by an S&T Program Manager

• CSD has 14 Topic Areas (CSD.01 – CSD.14) – SEE NEXT SLIDE
• LRBAA 12-07 Closes on 12/31/12 at 11:59 PM
• S&T BAA Website: https://baa2.st.dhs.gov
• Additional information can be found on the Federal Business

Opportunities website (www.fbo.gov) (Solicitation #:DHSS- TLRBAA12-07)

• 22

• CSD.01 – Comprehensive

National Cybersecurity Initiative and Federal R&D Strategic Plan topics

• CSD.02 – Internet Infrastructure

Security

• CSD.03 – National Research

Infrastructure

• CSD.04 –Homeland Open

Security Technology

• CSD.05 – Forensics support to

law enforcement

• CSD.06 – Identity Management
• CSD.07 – Data Privacy and

Information Flow technologies.

LRBAA Summary Listing

• CSD.08 – Software Assurance
• CSD.09 – Cyber security

competitions and education and curriculum development.

• CSD.10 – Process Control

Systems and Critical Infrastructure Security

• CSD.11 – Internet Measurement

and Attack Modeling

• CSD.12 – Securing the mobile

workforce

• CSD.13 - Security in cloud based

systems

• CSD.14 – Experiments –

Technologies developed through federally funded research requiring test and evaluation in experimental operational

• 23

History of National Cyber Security Work

24

1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012

NRC CSTB Trust in Cyberspace National Strategy to Secure Cyberspace NIAC Hardening the Internet PITAC – Cyber Security: A Crisis of Prioritization IRC Hard Problems List NSTC Federal Plan for CSIA R&D NRC CSTB Toward a Safer and More Secure Cyberspace White House Cyberspace Policy Review NSPD-54/HSPD-23 DHS S&T Roadmap for Cybersecurity Research Trustworthy Cyberspace – Federal Cybersecurity R&D Strategic Plan

DHS S&T Produced DHS S&T Led

All documents available at: http://www.cyber.st.dhs.gov/resources/

A Roadmap for Cybersecurity Research

Identified critical research gaps in:

• Scalable Trustworthy Systems
• Enterprise Level Metrics
• System Evaluation Lifecycle
• Combating Insider Threats
• Combating Malware and Botnets
• Global-Scale Identity Management
• Survivability of Time-Critical Systems
• Situational Understanding and Attack

Attribution

• Information Provenance
• Privacy-Aware Security
• Usable Security

25

http://www.cyber.st.dhs.gov

Federal Cybersecurity R&D Strategic Plan

• Science of Cyber Security
• Research Themes

– Tailored Trustworthy Spaces – Moving Target Defense – Cyber Economics and Incentives – Designed-In Security (New for FY12)

• Transition to Practice

– Technology Discovery – Test & Evaluation / Experimental Deployment – Transition / Adoption / Commercialization

• Support for National Priorities

– Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education), Financial Services

Released Dec 6, 2011

http://www.whitehouse.gov/blog/2011/12/06/f ederal-cybersecurity-rd-strategic-plan-released

• 26

Annual Report and Research Topics Cyber Security Division

FY 2011 Annual Report

• Security in Cloud-based Systems
• Data Privacy
• Mobile and Wireless Security
• (Big) Data Analytics for Cyber

Security Applications

• Embedded Device Security (e.g.,

CPS, medical, vehicle)

• Network Attribution / Traceback
• System Composition
• Cyber Forensics
• Cyber Education / Curriculum

Available NOW!

27

Summary

• Cybersecurity research is a key area of innovation needed to

support our future

• DHS S&T continues with an aggressive cyber security research

agenda

• Working to solve the cyber security problems of our current (and future)

infrastructure and systems

• Working with academe and industry to improve research tools and

datasets

• Looking at future R&D agendas with the most impact for the nation,

including education

• Need to continue strong emphasis on technology transfer and

experimental deployments

28

For more information, visit

http://www.cyber.st.dhs.gov

Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) douglas.maughan@dhs.gov 202-254-6145 / 202-360-3170

29