Latest in Cyber Security November 7, 2013 TCIPG Annual Meeting - - PowerPoint PPT Presentation

Homeland Security Advanced Research Projects Agency

A View from Washington: The Latest in Cyber Security

November 7, 2013

TCIPG Annual Meeting Douglas Maughan Division Director

http://www.dhs.gov/cyber-research

Presenter’s Name June 17, 2003

Presentation Outline

• Threat Space
• National / Federal Activities
• DHS Activities
• Cyber Security Division (CSD) Overview
• What’s Ahead
• Summary
• Q&A

2

Environment: Greater Use of Technology, More Threats, Less Resources

Globalization & Transportation Natural Disasters & Pushing Beyond Design Limits Misuse of Technology Border Security & Immigration Cyber Domain

L E S S R E S O U R C E S MORE THREATS

Violent Extremism Nature of Innovation Both sides get to innovate Predictive & Reactive Aviation as an example … Low cost

• f entry

Strategic potential Anywhere in the world in 24 hours Historical Perspective Tenuous balance Insider Threat

“Cyber” – Where is it used?

 Business / Personal

• Shopping & Banking Point of Sale (in store or on line)
• Personnel
• Social Media
• …

DHS provides advice and alerts to the 16 critical infrastructure areas … … DHS collaborates with sectors through Sector Coordinating Councils (SCC)

X X

Presenter’s Name June 17, 2003

Cyber Threat Sources Ready to Exploit Weaknesses

Nation States Hackers/Hacktivists Cyber Criminals Insider Threats Terrorists, DTOs, etc.

Presenter’s Name June 17, 2003

• Malware – Malicious software to disrupt computers
• Viruses, worms, …
• Theft of Intellectual Property or Data
• Hactivism – Cyber protests that are socially or politically motivated
• Mobile Devices and Applications and their associated Cyber Attacks
• Social Engineering – Entice users to click on Malicious Links
• Spear Phishing – Deceptive communications (E-Mails, Texts, Tweets…)
• Domain Name System (DNS) Hijacking
• Router Security – BGP Hijacking
• Denial of Service (DOS) – blocking access to web sites
• Others …..

6

Cyber Threats

Presenter’s Name June 17, 2003

Recent Events

7

Presenter’s Name June 17, 2003

Targeting of DHS through Email

• The primary method of specifically targeting

DHS is through phishing emails

• Emails contain malicious attachment or link
• Recipients often “BCCed”
• A single compromise can provide an attacker

with a foothold for complete network access

• Notable Targeted Email Statistics:
• 60% of malicious emails sent from Gmail
• Account names are believable
• 17% spoof other Government agencies
• Total Emails per Year
• 2010 – 1108 emails (143 campaigns)
• 2011 – 1312 emails (157 campaigns)
• 2012 – 1497 emails (102 campaigns)

Targeted Malicious Email Detection and Response

2012 - Average new campaign every 3.6 days

Presenter’s Name June 17, 2003

Cyberspace Definitions

“The interdependent network of information and communications technology infrastructures, including the Internet, telecommunications networks, computer systems and networks, and embedded processors and controllers in facilities and industries.” White House Cyberspace Policy Review, May 2009

AND PEOPLE!!!

EO-13636 and PPD-21

• In February 2013, the President issued two new policies:

1) Executive Order 13636: Improving Critical Infrastructure Cybersecurity 2) Presidential Policy Directive – 21: Critical Infrastructure Security and Resilience

• America's national security and economic prosperity are

dependent upon the operation of critical infrastructure that are increasingly at risk to the effects of cyber attacks

• The vast majority of U.S. critical infrastructure is owned

and operated by private companies

• A strong partnership between government and industry is

indispensible to reducing the risk to these vital systems

Presenter’s Name June 17, 2003

Integrating Cyber-Physical Security

• Executive Order 13636: Improving

Critical Infrastructure Cybersecurity directs the Executive Branch to:

• Develop a technology-neutral

voluntary cybersecurity framework

• Promote and incentivize the

adoption of cybersecurity practices

• Increase the volume, timeliness and

quality of cyber threat information sharing

• Incorporate strong privacy and civil

liberties protections into every initiative to secure our critical infrastructure

• Explore the use of existing

regulation to promote cyber security

• Presidential Policy Directive-21:

Critical Infrastructure Security and Resilience replaces Homeland Security Presidential Directive-7 and directs the Executive Branch to:

• Develop a situational awareness

capability that addresses both physical and cyber aspects of how infrastructure is functioning in near- real time

• Understand the cascading

consequences of infrastructure failures

• Evaluate and mature the public-

private partnership

• Update the National Infrastructure

Protection Plan

• Develop comprehensive research

and development plan (CSD / RSD)

11

Presenter’s Name June 17, 2003

• Publish instructions: unclassified threat information
• Report on cybersecurity incentives
• Publish procedures: expand the Enhanced Cybersecurity Services

120 days – June 12, 2013

• Identify cybersecurity critical infrastructure
• Evaluate public-private partnership models
• Expedite security clearances for private sector

150 Days - July 12, 2013

• Develop a situational awareness capability
• Update the National Infrastructure Protection Plan
• Publish draft voluntary Cybersecurity Framework

240 Days – October 10, 2013

• Report on privacy and civil rights and civil liberties cybersecurity enhancement risks
• Stand up voluntary program based on finalized Cybersecurity Framework

365 days – February 12, 2014

• Critical Infrastructure Security and Resilience R&D Plan

Beyond 365 - TBD

12

C C

EO-PPD Deliverables

C

Presenter’s Name June 17, 2003

Cybersecurity Framework (NIST lead)

• Developed in collaboration with industry, provides guidance to an organization on

managing cybersecurity risk

• Supports the improvement of cybersecurity for the Nation’s Critical Infrastructure

using industry-known standards and best practices

• Provides a common language and mechanism for organizations to
• 1. describe current cybersecurity posture;
• 2. describe their target state for cybersecurity;
• 3. identify and prioritize opportunities for improvement within the context of risk

management;

• 4. assess progress toward the target state;
• 5. Foster communications among internal and external stakeholders.
• Composed of three parts: the Framework Core, the Framework Implementation

Tiers, and Framework Profiles

13

Presenter’s Name June 17, 2003

Cybersecurity Framework

Function Category IDENTIFY Asset Management Business Environment Governance Risk Assessment Risk Management PROTECT Access Control Awareness and Training Data Security Information Protection Processes and Procedures Protective Technology DETECT Anomalies and Events Security Continuous Monitoring Detection Processes RESPOND Communication Analysis Mitigation Improvements RECOVER Recovery Planning Improvements Communication

14

Presenter’s Name June 17, 2003

Areas:

“While these reports do not yet represent a final Administration policy, they do offer

an initial examination of how the critical infrastructure community could be incentivized to adopt the Cybersecurity Framework as envisioned in the Executive

• Order. We will be making more information on these efforts available as the

Framework and Program are completed.” Michael Daniel,

Special Assistant to the President and Cybersecurity Coordinator

White House Blog, August 6, 2013

• 1. Cybersecurity Insurance
• 2. Grants
• 3. Process Preference
• 4. Liability Limitation
• 5. Streamline Regulations
• 6. Public Recognition
• 7. Rate Recovery for Price Regulated

Industries

• 8. Cybersecurity Research

15

Recommended Incentives

Presenter’s Name June 17, 2003

R&D guidance from PPD-21

• Within 2 years, DHS in coordination with OSTP, SSA’s, DOC and other Federal

D&A, shall provide to the President a National Critical Infrastructure Security and Resilience R&D Plan that takes into account the evolving threat landscape, annual metrics, and other relevant information to identify priorities and guide R&D requirements and investments…plan issued every 4 years …updates as needed.

• Innovation and Research & Development: DHS in coordination with OSTP, SSA’s,

Commerce and other Federal D&A, shall provide input to align those Federal and Federally-funded R&D activities that seek to strengthen the security and resiliency

• f the Nation’s critical infrastructure, including:
• Promoting R&D to enable the secure and resilient design and construction of critical

infrastructure and more secure accompanying cyber technology;

• Enhancing modeling capabilities to determine potential impacts … and cascading effects;
• Facilitating initiatives to incentivize cyber security investments and the adoption of critical

infrastructure design features that strengthen all-hazards security and resilience;

• Prioritizing efforts to support the strategic guidance issued by the Secretary.
• Working Group headed up by DHS S&T

16

Presenter’s Name June 17, 2003

How to Engage

• National Infrastructure Protection Plan process
• Review and comment on Draft Documents
• www.dhs.gov/eo-ppd
• Provide input through dialogue on IdeaScale -- http://eoppd.ideascale.com
• Encourage partners to review and provide input
• PPD/EO Integrated Task Force Weekly Stakeholder Bulletin
• Current status of activities
• List of upcoming Open Forums, Webinars and other Engagement Opportunities
• Contact EO-PPDTaskForce@hq.dhs.gov for more information
• Also R&DWG@hq.dhs.gov for R&D plan information, participation

17

DHS S&T Mission

Strengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise

1) Create new technological capabilities and knowledge products 2) Provide Acquisition Support and Operational Analysis 3) Provide process enhancements and gain efficiencies 4) Evolve US understanding of current and future homeland security risks and

• pportunities

18

FOCUS AREAS

• Bio
• Explosives
• Cybersecurity
• First Responders
• Resilient Systems
• Borders / Maritime

Presenter’s Name June 17, 2003

Cyber Security Focus Areas

• Trustworthy Cyber Infrastructure
• Working with the global Internet community to secure cyberspace
• Research Infrastructure to Support Cybersecurity
• Developing necessary research infrastructure to support R&D community
• R&D Partnerships
• Establishing R&D partnerships with private sector, academia, and

international partners

• Innovation and Transition
• Ensuring R&D results become real solutions
• Cybersecurity Education
• Leading National and DHS cybersecurity education initiatives

19

Presenter’s Name June 17, 2003

R&D Partnerships

• Oil and Gas Sector
• LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity
• Electric Power Sector
• TCIPG – Trustworthy Computing Infrastructure for the Power Grid
• Banking and Finance Sector
• FI-VICS – Financial Institutions – Verification of Identity Credential Service
• DECIDE – Distributed Environment for Critical Incident Decision-making

Exercises (recent Quantum Dawn II exercise)

• State and Local
• PRISEM - Public Regional Information Security Event Management
• PIV-I/FRAC TTWG – State and Local and Private Sector First Responder

Authentication Credentials and Technology Transition

• Law Enforcement
• SWGDE – Special Working Group on Digital Evidence (FBI lead)
• CFWG – Cyber Forensics Working Group (CBP, ICE, USSS, FBI, S/L)

20

Presenter’s Name June 17, 2003

International Bilateral Agreements

• Government-to-government cooperative activities for 13 bilateral Agreements

S&T International Engagements

• Canada (2004)
• Australia (2004)
• United Kingdom (2005)
• Singapore (2007)
• Sweden (2007)
• Mexico (2008)
• Israel (2008)
• France (2008)
• Germany (2009)
• New Zealand (2010)
• European Commission (2010)
• Spain (2011)
• Netherlands (2013)

COUNTRY PROJECTS MONEY IN JOINT MONEY OUT Australia 3 $300K $400K Canada 11 $1.8M Germany 1 $300K Israel 2 $100K Netherlands 7 $450K $1.2M $150K Sweden 4 $650K United Kingdom 3 $1.2M $400K European Union 1 Japan 1

Over $6M of International co-funding

Presenter’s Name June 17, 2003

Transition To Practice (TTP) Program

22

R&D Sources

• DOE National

Labs

• FFRDC’s (Federally

Funded R&D Centers)

• Academia
• Small Business

Transition processes

• Testing &

evaluation

• Red Teaming
• Pilot

deployments

Utilization

• Open Sourcing
• Licensing
• New Companies
• Adoption by

cyber

• perations

analysts

• Direct private-

sector adoption

• Government

use

Implement Presidential Memorandum – “Accelerating Technology Transfer and Commercialization of Federal Research in Support

• f High-Growth Businesses” (Oct 28, 2011)

Presenter’s Name June 17, 2003

Cybersecurity Education

• Cyber Security Competitions (http://nationalccdc.org)
• National Initiative for Cybersecurity Education (NICE)
• NCCDC (Collegiate); U.S. Cyber Challenge (High School)
• Provide a controlled, competitive environment

to assess a student’s depth of understanding and

• perational competency in managing the challenges

inherent in protecting a corporate network infrastructure and business information systems.

• DHS Cyber Skills Task Force (CSTF)
• Established June 6, 2012 - Homeland Security Advisory Council
• Over 50 interviews (DHS internal and external)
• Identify best ways DHS can foster the development of a national security

workforce capable of meeting current and future cybersecurity challenges;

• Outline how DHS can improve its capability to recruit and retain sophisticated

cybersecurity talent.

• 11 recommendations in 5 key areas

23

Presenter’s Name June 17, 2003

White House Priorities – FY14+

• Secure Federal Networks
• Identity/Credential Access Mgmt (ICAM), Cloud Exchange, Fed-RAMP
• Protect Critical Infrastructure
• Public-Private Cyber Coordination, EO/PPD Initiatives
• Improve Incident Response and Reporting
• Information Sharing among Federal Centers
• Capacity Building for State/Local/Tribal/Territorial (SLTTs)
• Engage Internationally
• Foreign Assistance Capacity Building
• Build Workforce Capacity to Support International Cyber Engagement
• Shape the Future
• National Strategy for Trusted Identity in Cyberspace (NSTIC)
• National Initiative for Cybersecurity Education (NICE)
• Cybersecurity R&D – EO/PPD R&D Plan, Federal R&D Plan, Transition To

Practice, Foundational Research

24

Presenter’s Name June 17, 2003

• Cyber Physical Systems (CPS)
• “Smart networked systems with embedded sensors, processors

and actuators that are designed to sense and interact with the physical world (including the human users), and support real-time, guaranteed performance in safety-critical applications”

• Several workshops over the past year or two
• Transportation
• Automotive, UAVs, Aeronautical, Rail
• Manufacturing
• Healthcare
• Energy
• Agriculture
• Defense
• Emergency Response
• Others …..
• All with an eye towards society, economics, and impact

Future - Inter-Agency: CPS

25

Presenter’s Name June 17, 2003

CSD New Program Ideas

• Security for Cloud-Based Systems
• Data Privacy Technologies
• Mobile Wireless Investigations
• Mobile Device Security
• Next-Generation DDOS Defenses
• Application Security Threat Attack Modeling (ASTAM)
• Static Tool Analysis Modernization Project (STAMP)
• Network Reputation and Risk Analysis
• Data Analytics Methods for Cyber Security
• Cyber Security Education
• Designed-In Security
• Finance Sector Cybersecurity
• DNSSEC Applications
• Data Provenance for Cybersecurity
• Cyber Economic Incentives – based on EO/PPD

26

DHS S&T Long Range Broad Agency Announcement (LRBAA) 12-07

• S&T seeks R&D projects for revolutionary, evolving, and maturing

technologies that demonstrate the potential for significant improvement in homeland security missions and operations

• Offerors can submit a pre-submission inquiry prior to White Paper

submission that is reviewed by an S&T Program Manager

• CSD has 18 Topic Areas (CSD.01 – CSD.18) – SEE NEXT SLIDE
• LRBAA 12-07 has been extended and closes on 12/31/13
• S&T BAA Website: https://baa2.st.dhs.gov
• Additional information can be found on the Federal Business

Opportunities website (www.fbo.gov) (Solicitation #:DHSS- TLRBAA12-07)

27

• CSD.01 – Comprehensive National

Cybersecurity Initiative and Federal R&D Strategic Plan topics

• CSD.02 – Internet Infrastructure Security
• CSD.03 – National Research

Infrastructure

• CSD.04 –Homeland Open Security

Technology

• CSD.05 – Forensics support to law

enforcement

• CSD.06 – Identity Management
• CSD.07 – Data Privacy and Information

Flow technologies.

• CSD.08 – Software Assurance
• CSD.09 – Cyber security competitions,

education and curriculum development.

LRBAA Summary Listing

• CSD.10 – Process Control Systems and

Critical Infrastructure Security

• CSD.11 – Internet Measurement and

Attack Modeling

• CSD.12 – Securing the mobile

workforce

• CSD.13 - Security in cloud based

systems

• CSD.14 – Experiments – Test and

evaluation in experimental operational environments to facilitate transition.

• CSD.15 – Research Data Repository
• CSD.16 – Cybersecurity Economic

Incentives

• CSD.17 – Data Analytics – analysis

techniques, visualization,

• CSD.18 – Tailored Trustworthy Spaces

– trust negotiation, app anonymity

28

Presenter’s Name June 17, 2003

Summary

• Cybersecurity research is a key area of innovation to

support our global economic and national security futures

• DHS S&T continues with an aggressive cyber security

research agenda

• Working to solve the cyber security problems of our current (and

future) infrastructure and systems

• Working with academe and industry to improve research tools and

datasets

• Looking at future R&D agendas with the most impact for the nation
• Need to continue strong emphasis on technology transfer

and experimental deployments

• Must focus on the education, training, and awareness

aspects of our current and future cybersecurity workforce

29

Presenter’s Name June 17, 2003

Recent CSD Publications

30

Presenter’s Name June 17, 2003

For more information, visit

http://www.dhs.gov/cyber-research http://www.dhs.gov/st-csd

Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) douglas.maughan@dhs.gov 202-254-6145 / 202-360-3170

31