hsarpa cyber security division
play

HSARPA Cyber Security Division Internet Measurement and Attack - PowerPoint PPT Presentation

Oct 29, 2022 •320 likes •545 views

HSARPA Cyber Security Division Internet Measurement and Attack Modeling Project Active Internet Measurement Systems Workshop (AIMS) February 6-8, 2013 Ann Cox, PhD. Program Manager Cyber Security Division Homeland Security Advanced Research

  1. HSARPA Cyber Security Division Internet Measurement and Attack Modeling Project Active Internet Measurement Systems Workshop (AIMS) February 6-8, 2013 Ann Cox, PhD. Program Manager Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA)

  2. CSD Mission  Develop new technologies, tools and techniques to defend and secure current systems and networks, and strengthen future systems and networks, to enable DHS and the U.S. to better protect critical infrastructures and respond to attacks from our adversaries;  Conduct and support technology transition efforts across DHS and through a full range of government, commercial and hybrid approaches;  Provide coordination and research and development leadership for internal DHS customers, agencies of the U.S. government that conduct or sponsor research and development, academia, private sector and international partners within the cybersecurity community. 2 Presenter’s Name June 17, 2003

  3. CSD R&D Execution Model 3 Presenter’s Name June 17, 2003

  4. Research Infrastructure (RISC)  Experimental Research Testbed (DETER)  Researcher and vendor-neutral experimental infrastructure  Used by over 200 organizations from more than 20 states and 17 countries since 2003  Used by over 40 classes, from 30 academic institutions involving 2,000+ students  http://www.deter-project.org  Research Data Repository (PREDICT)  Repository of network data for use by the U.S.- based cybersecurity research community  More than 200 users (academia, industry, gov’t); Over 350TB of network data; Tools are used by major service providers and many companies  Legal framework is US-based. Working to add international users (CA, AUS, JP, EU)  https://www.predict.org  Software Assurance Market Place (SWAMP)  A software assurance testing and evaluation facility and the associated research infrastructure services 4 Presenter’s Name June 17, 2003

  5. Foundational Elements (FECS)  Enterprise Level Security Metrics and Usability  Homeland Open Security Technology (HOST)  Software Quality Assurance  Cyber Economic Incentives (CNCI*)  Leap Ahead Technologies (CNCI*)  Moving Target Defense (CNCI*)  Tailored Trustworthy Spaces (CNCI*) *CNCI – Comprehensive National Cybersecurity Initiative launched by President George W. Bush in National Security Presidential Directive 54/Homeland Security Presidential Directive 23 (NSPD-54/ HSPD-23) in January 2008. http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative 5 Presenter’s Name June 17, 2003

  6. Cybersecurity Users (CUPE)  Cyber Security Competitions  National Initiative for Cybersecurity Education (NICE)  NCCDC (Collegiate); U.S. Cyber Challenge (High School)  Cyber Security Forensics  Support to DHS and other Law Enforcement customers (USSS, CBP, ICE, FBI, CIA)  Identity Management & Data Privacy Technologies  National Strategy for Trusted Identities in Cyberspace (NSTIC) 6 Presenter’s Name June 17, 2003

  7. Evaluation and Transition (CTET)  Assessment and Evaluations  Red Teaming of DHS S&T-funded technologies  Support of the Security Innovation Network (SINET)  Experiments and Pilots  Experimental Deployment of DHS S&T-funded technologies into operational environments  Partnerships with ICE, USSS, CBP, NCSD, S&T CIO  Distributed Environment for Critical Incident Decision-making Exercises (DECIDE) Tool for Finance Sector to conduct risk management exercises and identify improvements  Transition to Practice (CNCI)  Transitioning cyber security technologies developed through federally funded research and development (R&D) into broader utilization 7 Presenter’s Name June 17, 2003

  8. Trustworthy Cyber Infrastructure  Secure Protocols  DNSSEC – Domain Name System Security  Started in 2004; now 35 top level domains adopted globally including the Root  SPRI – Secure Protocols for Routing Infrastructure  Process Control Systems  LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity  TCIPG – Trustworthy Computing Infrastructure for the Power Grid  **Internet Measurement and Attack Modeling**  Geographic mapping of Internet resources  Logically and/or physically connected maps of Internet resources  Monitoring and archiving of BGP route information  Co-funding with multiple international partners 8 Presenter’s Name June 17, 2003

  9. Existing Effort: CLIQUE / Traffic Circle Correlation Layers for Information Query and Exploration (CLIQUE) (Performer: PNNL) Displays high-level overviews of network traffic using a new behavioral model-based anomaly detection technique. The CLIQUE system builds models for learning and classifying expected behavior on individual hosts on a network and then compares these modeled behaviors to real-time streaming data to generate early indicators of “non-normal” network activity. 9 Presenter’s Name June 17, 2003

  10. Existing Effort: CLIQUE / Traffic Circle Traffic Circle (Performer PNNL)  As network transactions occur, Traffic Circle displays them on a moving timeline. Via the “time wheel” analysts can dynamically zoom through data spanning months or years in just seconds. The tool allows for sophisticated filters that highlight important patterns. 10 Presenter’s Name June 17, 2003

  11. IMAM Efforts under BAA 11-02 Real-time Protocol Shepherd (RePS) Raytheon/BBN 10-month effort  Uses real-time proactive tools with Bro and Suricata systems to actively prevent network based attacks using chained rules and flow variables in Suricata and detection modules and scripts in Bro Methodology for Assessment of Security Properties Naval Postgraduate School (NPS) 36-month effort  A systematic methodology for security assessment and the construction of composite information systems, as well as a set of metrics and rules for security properties of individual components that will later be connected to such systems. 11 Presenter’s Name June 17, 2003

  12. IMAM Efforts under BAA 11-02 Comprehensive Understanding of Malicious Overlay Networks Georgia Tech Research Center (GTRC) 24-month effort  (1) Prevention of botnet infections using network- and host-based defenses (2) Detection of infections that take hold of operator networks (3) Comprehensive large-scale analysis of malware (4) Large-scale analysis of passive DNS data (5) Innovation of attribution and traceback technologies (6) Long-term remediation of botnets through the use of next-generation sinkholes and network management technologies. 12 Presenter’s Name June 17, 2003

  13. IMAM Efforts under BAA 11-02 Visually Fusing Contextual Data for Situational Understanding Oak Ridge National Laboratory (ORNL) 36-month effort  Contextual information integrated into STUCCO 1 to understand the significance of events, and a threat landscape service at a macro level that provides new threat indicators from social media and synthesis of open source reporting. 1 STUCCO - Situation and Threat Understanding by Correlating Contextual Observations. STUCCO will be a scalable visual analytics solution that enables both exploration of the efficacy of potential contextual data sources and real-time monitoring of high-value contextual data. 13 Presenter’s Name June 17, 2003

  14. IMAM Efforts under BAA 11-02 Advanced Situation Awareness of High Impact Malware Attacks Against the Internet Routing Infrastructure Columbia University 24-month effort  Develop and deploy an experimental system that injects intrusion detection functionality within the firmware of a (legacy) router that senses the unauthorized modification of router firmware. The technology may be developed and deployed as a sensor to detect attacks in an Early Attack Warning System, but also may be implemented to prevent firmware modifications. 14 Presenter’s Name June 17, 2003

  15. IMAM Efforts under BAA 11-02 The Retrospective Future in the Internet (Retro-Future) USC/ISI 36-month effort  An Internet ‘DVR’ that will record, abstract, and replay packet traces, DNS, and routing information to enable retrospective analysis of network security events (new 0-day attacks and worms, insider threats, etc.) High-Frequency Active Internet Topology Mapping Naval Postgraduate School (NPS) 36-month effort  Deployment of three recently developed discriminatory active topology primitives. These primitives maximize the utility of each individual path tracing probe, permitting additional probing within a fixed time or load budget. This will enable higher speed mapping, enumeration of load- balanced paths, and better resolution of router aliases. 15 Presenter’s Name June 17, 2003

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Division (CSD) Active Internet Measurements (AIMS) 2015 Conference B. Ann Cox, PhD. Program

Division (CSD) Active Internet Measurements (AIMS) 2015 Conference B. Ann Cox, PhD. Program

DHS S&T Cyber Security Division (CSD) Active Internet Measurements (AIMS) 2015 Conference B. Ann Cox, PhD. Program Manager Cyber Security Division (CSD) HSARPA Science and Technology (S&T) Directorate CSDs Going to RSA! The

813 views • 9 slides
Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial

ABB MINING USER CONFERENCE, MAY 02-05, 2017 Cyber Security in Mining Automation Ragnar Schierholz, Head of Cyber Security, Industrial Automation Division Agenda Why worry about cyber security? ABBs approach to cyber security Cyber security

1.07k views • 39 slides
DHS S&T Cyber Security Division (CSD) Overview TCIPG Industry Workshop UIUC November 8,

DHS S&T Cyber Security Division (CSD) Overview TCIPG Industry Workshop UIUC November 8,

Dept. of Homeland Security Science & Technology Directorate DHS S&T Cyber Security Division (CSD) Overview TCIPG Industry Workshop UIUC November 8, 2011 Greg Wigton Program Manager Cyber Security Division Homeland Security Advanced

454 views • 34 slides
DHS S&T Cyber Security Division (CSD) Overview AIMS-3 Workshop February 9-11, 2011 UCSD

DHS S&T Cyber Security Division (CSD) Overview AIMS-3 Workshop February 9-11, 2011 UCSD

Dept. of Homeland Security Science & Technology Directorate DHS S&T Cyber Security Division (CSD) Overview AIMS-3 Workshop February 9-11, 2011 UCSD Edward Rhyne Program Manager Cyber Security Division Homeland Security Advanced

627 views • 19 slides
Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford

16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, MidAtlantic Region National Cyber Security Division (NCSD) Office of Cybersecurity and Communications

443 views • 20 slides
Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework

Cyber Security Risk Using the Cyber Security Measurement Framework Cyber Security Framework Reporting Objectives Executive Summary Information Assess Current Cyber Security Posture Measure Progress Toward Improvement Assess

634 views • 5 slides
Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division

Homeland Security Advanced Research Projects Agency A View from Washington: The Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting Douglas Maughan Division Director http://www.dhs.gov/cyber-research Presentation Outline

794 views • 32 slides
Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web

Web Security Cyber Security Lab Spring '10 04/15/10 Cyber Security Lab 1 Outline Web application weaknesses XSS AJAX weaknesses SQL Injection Attacks (Slides from Lars Olson)

588 views • 41 slides
Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three

Cyber Security Maintaining Your Identity on the Net Why Cyber Security? There are three points of failure in any secure network: Technology (hardware and software) Technology Support (ITS) End Users (USD students and employees)

359 views • 23 slides
An Update from Washington: Whats Happening in the World of Cyber Security and Critical

An Update from Washington: Whats Happening in the World of Cyber Security and Critical

Homeland Security Advanced Research Projects Agency An Update from Washington: Whats Happening in the World of Cyber Security and Critical Infrastructure Douglas Maughan Division Director November 12, 2014 http://www.dhs.gov/cyber-research

489 views • 31 slides
CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY

CYBER SECURITY PROTECTING AGAINST CYBER FRAUD IN SCALEUP COMPANIES AND WHAT TO DO SHOULD THEY HAPPEN London June 2019 INTRODUCTION Cyber Security The activity or process, ability or capability, or state whereby information and

735 views • 24 slides
ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* *

ICSS2015: International Cyber Security Strategy Congress: Cyber Security and Forensic Readiness* * Preliminary programme, subject to revision/update status 16 December 2014 4 February 2015 Day 1: Cyber Security Readiness Registration KU

306 views • 4 slides
Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs !

Cyber security Current challenges Ludovic M, septembre 2019 Cyber security ? Three triptychs ! 3 properties ... Confidentiality (including personal data) Integrity Availability 2 -Sminaire LIRIMA: Cyber security: current

876 views • 64 slides
New York State Energy Planning Board Cyber Security and the Energy Infrastructure New York

New York State Energy Planning Board Cyber Security and the Energy Infrastructure New York

New York State Energy Planning Board Cyber Security and the Energy Infrastructure New York State Division of Homeland Security and Emergency Services Office of Cyber Security Office of Cyber Security Overview Established as the Office

451 views • 31 slides
2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor,

2018 Legislative Ag Chairs Summit Cyber Security Geoff Jenista, CISSP Cyber Security Advisor, Region VII Office of Cybersecurity and Communications (CS&C) National Protection and Programs Directorate (NPPD) FOUO / UNCLASS Cyber Security

333 views • 12 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
1 Basic Info n Breakfast, coffee breaks n Meals n Lunch provided both days n Supported by

1 Basic Info n Breakfast, coffee breaks n Meals n Lunch provided both days n Supported by

1 Basic Info n Breakfast, coffee breaks n Meals n Lunch provided both days n Supported by University of Pittsburgh Provosts Office, SCI n n Dinner on your own n WiFi password: n Need help? n Kelly Shaffer, Program Director at SCI n Runhua

951 views • 38 slides
This webinar is Parish Emergency Operations Planning Session 1: Beginning the Basic Plan October

This webinar is Parish Emergency Operations Planning Session 1: Beginning the Basic Plan October

This webinar is Parish Emergency Operations Planning Session 1: Beginning the Basic Plan October 22, 2018 Welcome Questions - Chat feature During our initial workshops, I introduced you to this model for capabilities- based planning. I want

497 views • 33 slides
Future of Privacy Forum Higher Education Working Group GLBA Safeguards Rule Dean Forbes Counsel

Future of Privacy Forum Higher Education Working Group GLBA Safeguards Rule Dean Forbes Counsel

Future of Privacy Forum Higher Education Working Group GLBA Safeguards Rule Dean Forbes Counsel September 29, 2017 Agenda Introductions Department of Education Publications on Protecting Student Information GLBA Privacy and

739 views • 45 slides
Updates Wednesday, August 24, 2016 Tucson, Arizona Prevent Terrorism/Enhance Security 2011

Updates Wednesday, August 24, 2016 Tucson, Arizona Prevent Terrorism/Enhance Security 2011

American Association of State Highway and Transportation Officials Special Committee on Transportation Security and Emergency Management 2016 Critical Infrastructure Committee Joint Annual Meeting Department of Homeland Security Updates

600 views • 17 slides
Emerging Risk Management and Coverage Challenges Presented by the Internet of Things and Vendor

Emerging Risk Management and Coverage Challenges Presented by the Internet of Things and Vendor

Emerging Risk Management and Coverage Challenges Presented by the Internet of Things and Vendor Breaches John D. Hackett & Margaret A. Shipitalo , Cassiday Schade LLP Kenneth K. Suh , Technology, Media, and Business Services, Beazley Group

391 views • 35 slides
Session 1 Introduction to Computer Security Sbastien Combfis Fall 2019 This work is

Session 1 Introduction to Computer Security Sbastien Combfis Fall 2019 This work is

I5020 Computer Security Session 1 Introduction to Computer Security Sbastien Combfis Fall 2019 This work is licensed under a Creative Commons Attribution NonCommercial NoDerivatives 4.0 International License. Objectives Computer

864 views • 61 slides
HIMSS Public Policy Initiatives in 2015: Using Health IT to Enable Healthcare Transformation

HIMSS Public Policy Initiatives in 2015: Using Health IT to Enable Healthcare Transformation

HIMSS Public Policy Initiatives in 2015: Using Health IT to Enable Healthcare Transformation Jeff Coughlin Senior Director Federal & State Affairs March 26, 2015 Agenda Meaningful Use Stage 3 NPRM 2015 Program Changes

738 views • 27 slides
August 5, 2015 Affordable Care Act (ACA) Requirements Health insurance/Medicaid Tax

August 5, 2015 Affordable Care Act (ACA) Requirements Health insurance/Medicaid Tax

August 5, 2015 Affordable Care Act (ACA) Requirements Health insurance/Medicaid Tax Credits for Premiums Health Care Exchanges Establishment Grants and Sustainability States with state-run exchanges States using the

530 views • 10 slides

More recommend