DHS S&T Cyber Security Division (CSD) Overview TCIPG Industry - PowerPoint PPT Presentation

Dept. of Homeland Security Science & Technology Directorate DHS S&T Cyber Security Division (CSD) Overview TCIPG Industry Workshop UIUC November 8, 2011 Greg Wigton Program Manager Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) Gregory.Wigton@dhs.gov 202-254-6140

Comprehensive National Cybersecurity Initiative (CNCI) Establish a front line of defense Reduce the Number Deploy Passive Pursue Deployment Coordinate and of Trusted Internet Sensors Across of Automated Redirect R&D Efforts Connections Federal Systems Defense Systems Resolve to secure cyberspace / set conditions for long-term success Increase Security of Develop Gov’t-wide Connect Current Counterintelligence the Classified Expand Education Centers to Enhance Plan for Cyber Networks Situational Awareness Shape future environment / secure U.S. advantage / address new threats Define and Develop Define and Develop Cyber Security in Enduring Leap Ahead Manage Global Enduring Deterrence Critical Infrastructure Technologies, Supply Chain Risk Strategies & Programs Domains Strategies & Programs http://cybersecurity.whitehouse.gov 2 2

Federal Cybersecurity Research and Development Program: Strategic Plan 3

Federal Cybersecurity R&D Strategic Plan  Research Themes  Tailored Trustworthy Spaces  Moving Target Defense  Cyber Economics and Incentives  Designed-In Security (New for FY12)  Science of Cyber Security  Transition to Practice  Technology Discovery  Test & Evaluation / Experimental Deployment  Transition / Adoption / Commercialization  Support for National Priorities  Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education) , Financial Services 28 October 2011 4

Quadrennial Homeland Security Review The Core Missions 1. Preventing terrorism and enhancing security; 2. Securing and managing our borders; 3. Enforcing and administering our immigration laws; 4. Safeguarding and securing cyberspace; and 5. Ensuring resilience to disasters. Mission 6: Maturing and Strengthening the Homeland Security Enterprise Foster Innovative Solutions Through Science and Technology • Ensure scientifically informed analyses and decisions are coupled to effective technological solutions • Conduct scientific assessments of threats and vulnerabilities • Foster collaborative efforts involving government, academia, and the private sector to create innovative approaches to key homeland security challenges 28 October 2011 5

DHS S&T Mission Strengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise 28 October 2011 6

28 October 2011 7

Cyber Security Division (CSD) R&D Execution Model 28 October 2011 8

Cyber Security Program Areas  Research Infrastructure to Support Cybersecurity (RISC)  Trustworthy Cyber Infrastructure (TCI)  Cyber Technology Evaluation and Transition (CTET)  Foundational Elements of Cyber Systems (FECS)  Cybersecurity User Protection and Education (CUPE) 29 October 2010 9

Research Infrastructure (RISC)  Experimental Research Testbed (DETER)  Researcher and vendor-neutral experimental infrastructure  DETER - http://www.isi.edu/deter/  Research Data Repository (PREDICT)  Repository of network data for use by the U.S.- based cyber security research community  PREDICT – https://www.predict.org  Software Quality Assurance (SWAMP)  A software assurance testing and evaluation facility and the associated research infrastructure services 28 October 2011 10

Trustworthy Cyber Infrastructure (TCI)  Secure Protocols  DNSSEC – Domain Name System Security  SPRI – Secure Protocols for Routing Infrastructure  Process Control Systems  LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity  TCIPG – Trustworthy Computing Infrastructure for the Power Grid  Internet Measurement and Attack Modeling  Geographic mapping of Internet resources  Logically and/or physically connected maps of Internet resources  Monitoring and archiving of BGP route information 28 October 2011 11

Evaluation and Transition (CTET)  Assessment and Evaluations  Red Teaming of DHS S&T-funded technologies  Experiments and Pilots  Experimental Deployment of DHS S&T-funded technologies into operational environments  Transition to Practice (CNCI)  New FY12 Initiative 28 October 2011 12

Foundational Elements (FECS)  Enterprise Level Security Metrics and Usability  Homeland Open Security Technology (HOST)  Software Quality Assurance  Cyber Economic Incentives (CNCI)  New FY12 Initiative  Leap Ahead Technologies (CNCI)  Moving Target Defense (CNCI)  New FY12 Initiative  Tailored Trustworthy Spaces (CNCI)  New FY12 Initiative 28 October 2011 13

Cybersecurity Users (CUPE)  Cyber Security Competitions  National Initiative for Cybersecurity Education (NICE)  NCCDC (Collegiate); U.S. Cyber Challenge (High School)  Cyber Security Forensics  More later  Identity Management  National Strategy for Trusted Identities in Cyberspace (NSTIC)  Data Privacy Technologies  New Start in FY13 28 October 2011 14

DHS S&T Cybersecurity Program Identity Management Enterprise Level Security Metrics & Cyber Economic Incentives Usability PEOPLE Moving Target Defense Data Privacy Tailored Trustworthy Cyber Forensics Spaces Competitions Leap Ahead Technologies Transition To Practice SYSTEMS Secure Protocols Software Quality Assurance Homeland Open Security Technology Experiments & Pilots Assessments & Evaluations Process Control Systems INFRASTRUCTURE Internet Measurement & Attack Modeling RESEARCH INFRASTRUCTURE Experimental Research Testbed (DETER) Research Data Repository (PREDICT) 28 October 2011 15 Software Quality Assurance (SWAMP)

Critical Infrastructure / Key Resources  DECIDE (Distributed Environment for Critical Infrastructure Decision- making Exercises)  Provide a dedicated exercise capability to foster an effective, practiced business continuity effort to deal with increasingly sophisticated cyber threats  Enterprises initiate their own exercises, define their own scenarios, protect their proprietary data, and learn vital lessons to enhance business continuity  The Financial Services Sector Coordinating Council R&D Committee has organized a user-group of subject matter experts paid by their respective financial institutions to support the project over the next two years.  LOGIIC – Linking the Oil & Gas Industry to Improve Cybersecurity  A collaboration of oil and natural gas companies and DHS S&T to facilitate cooperative research, development, testing, and evaluation procedures to improve cyber security in Industrial Automation and Control Systems  Consortium under the Automation Federation  TCIPG – Trustworthy Computing Infrastructure for the Power Grid  Partnership with DOE funded at UIUC with several partner universities and industry participation  Drive the design of an adaptive, resilient, and trustworthy cyber infrastructure for transmission & distribution of electric power, including new resilient “smart” power grid 16

DECIDE (Distributed Environment for Critical Infrastructure Decision-making Exercises) Enable enterprise decision-makers to think through responses to operational disruptions  of market-based transactions across networks  Sector(s), Market(s), Institution(s) Provide a dedicated exercise capability for several critical infrastructures in the U.S.   Beginning with Banking and Finance Foster an effective, practiced business continuity effort to deal with increasingly  sophisticated cyber threats Enterprises will be able to initiate their own large-scale exercises, define their own scenarios, protect  their proprietary data, and learn vital lessons to enhance business continuity, all from their desktops Think through sector impacts of the National Planning Scenarios  Enhance coordination during a large-scale disruption to key infrastructures  The concept has been reviewed by and developed with input from experts at  ChicagoFIRST, the Options Clearing Corporation, ABN-AMRO, Eurex, Archipelago, Bank of New York, and CitiBank. The Financial Services Sector Coordinating Council R&D Committee is organizing a  user-group of subject matter experts paid by their respective financial institutions to support the project over the next two years. 17

DECIDE •Goal: Create a Finance-sector requested, software-based simulation environment for sector-risk exercises Began as a gleam in the eye of a BNY Risk Manager in 2004   Seen as a logical follow-on the the 2003 Livewire Cyber Exercise Simulation  Designed to stress the massive interdependencies of critical infrastructures and help them prepare for low probability / high consequence disruptions Prototyped in 2005 / 2006 with some Homeland Security funding  Gained FSSCC Support in 2006   Meets a priority FSCCC R&D Need Transitioned to a $15 million full-scale R&D effort funded by the Department  of Homeland Security in 2008 R&D team led by Norwich University Applied Research Institutes  18