the future of cyber experimentation and testing
play

The Future of Cyber Experimentation and Testing T he U.S. NAT I - PowerPoint PPT Presentation

Oct 22, 2023 •190 likes •319 views

s The Future of Cyber Experimentation and Testing T he U.S. NAT I O NAL C YBER RANG E Michael VanPutte, Ph.D. Program Manager Distribution Statement A (Approved for Public Release, Distribution Unlimited #14014) DISCLAIMER: The

  1. • s The Future of Cyber Experimentation and Testing T he U.S. NAT I O NAL C YBER RANG E Michael VanPutte, Ph.D. Program Manager Distribution Statement “A” (Approved for Public Release, Distribution Unlimited #14014) DISCLAIMER: The views, opinions, and/or findings contained in this article/presentation are those of the author/presenter and should not be interpreted as representing the official views or policies, either expressed or implied, of the Defense Advanced Research Projects Agency or the Department of Defense.

  2. 2 DARPA Mission “… maintain the technological superiority of the U.S. military and prevent technological surprise from harming the U.S. national security by sponsoring revolutionary, high-payoff research bridging the gap between fundamental discoveries and their military use.” Since the very beginning, DARPA has been the place for people with ideas too crazy, too far out and too risky for most research organizations. DARPA is an organization willing to take a risk on an idea long before it is proven. Providing the environment to solve the Nation’s Cyber problems UNCL ASSIF IE D: Distr ibution State me nt “A” (Appr ove d for Public R e le ase , Distr ibution Unlimite d)

  3. 3 DARPA Accomplishments SATURN 1960 Command Post of the Future Phraselator Transit Autonomous Ground Vehicles M-16 VELA Hotel ALTAIR X-45 Ground Surveillance Mobile Robots Radar SUO SAS ARPANET 1970 Mouse MEMS 2000 ATACMS JSF Engine 1970 Assault Breaker Global Hawk JSTARS Center for 1980 Monitoring LSTAT Predator Research Uncooled IR Stealth TALON GOLD BAT Fighter 1990 Advanced Cruise Missile Pegasus Launch Vehicle MIMIC Sea Shadow GPS Taurus Providing the environment to solve the Nation’s Cyber problems Speech Launch UNCL ASSIF IE D: Distr ibution State me nt “A” (Appr ove d for Public R e le ase , Distr ibution Unlimite d) Recognition Vehicle DARPASAT Approved for Public Release, Distribution Unlimited (Case 11216, 4/3/08)

  4. Cyber Testing Today Cyber operational community forced to deal with: • Inflexible, expensive, special purpose testbeds • Manual configuration and management • Sacrificing test complexity for testbeds that are “good enough” • Modifying systems under test to accommodate substandard, unrealistic testbed • Constraining bureaucratic, operationally focused policies • Rigid tests schedules planned months in advance Results: • Unrealistic testing and questionable results • Slow research-to-operations transition loop • Less functional production tools • Expensive testing that restricts quantity of research performed • Counter-threat research focused on today’s threat Unconstrained cyber research environment supporting the CNCI UNCL ASSIF IE D: Distr ibution State me nt “A” (Appr ove d for Public R e le ase , Distr ibution Unlimite d)

  5. 5 Operational vs Research and Experimentation Operational Research • Operational testing and demonstration; train • Test and experimentation of radically new ideas from Mission today’s warfighters the research community • Confirm or deny system meets today’s • Advance understanding of the effects, consequences, stated warfighter requirements for the Goal and validity of potential systems on potential future acquisition and fielding of warfighting environment systems. Systems • Production or production ready systems; • Potential unstable research systems Tested • Explore research space, drive future vision, create • Confirm or deny vendor claims within future requirements Process realistic, operational tests, assessments on current weapons, equipment, and doctrine • Dynamic hypothesis generation and validation • Integrate future technologies and protocols • Integrate current commercial & operational • Rapid test and testbed configuration technology • Rapid reset of tests to clean, new state for full- Range • Protect classified information spectrum experimentation Requirements • Technical support is focused on current • Protect classified and proprietary information commercial technology • Technical staff is more dynamic, interactive, and requires greater technical expertise Providing the environment to solve the Nation’s Cyber problems UNCL ASSIF IE D: Distr ibution State me nt “A” (Appr ove d for Public R e le ase , Distr ibution Unlimite d)

  6. National Cyber Range Provide a realistic quantifiable assessment of the U.S. cyber research and development technologies to enable a revolution in national cyber capabilities and accelerate transition of these technologies in support of the Comprehensive National Cybersecurity Initiative (CNCI). Why Is It Needed? Leap ‐ ahead research and quantifiable Over the ages scientific progress has been held back assessment of cyber tools, processes, and by the ability to make measurements at the level of architectures facilitates; the environment for which the scientific research was • Revolution in national cyber technologies being done: Telescopes, microscopes, particle accelerators, etc. • Rapid technology development The National Cyber Range is the measurement • Accelerated deployment capability for cyber research in both classified and unclassified environments. Without it, research wil be done in darkness and only stumble accidently into the light. Unconstrained cyber research environment supporting the CNCI UNCL ASSIF IE D: Distr ibution State me nt “A” (Appr ove d for Public R e le ase , Distr ibution Unlimite d)

  7. Challenge Today’s Ranges National Cyber Range DARPA Hard •Single test at single •Multiple simultaneous tests at different security levels security level •Forensic resources sanitization Security •A safe, instrumented environment for our national cyber security •System protected at research organizations to test the security of information systems system ‐ high Range •Manual configuration of •Dynamically and securely allocate thousands of heterogeneous Configuration & machines and tests w/ resources across multiple simultaneous tests Management scripts •Manual configuration •Graphic User Interface used for configuring tests Test Configuration and management of & Management •High level language for test management and resource assignment tests w/ scripts •Customer must bring • Technology and configurations recipes automatically loaded Usability everything to the range • Malware repository to assist experiments •Technology drives • Scientific observers, attackers, & defenders provided as a service CONOPS • Large ‐ scale (10K+) combinations of physical, virtual, and emulation •Tradeoff between • Emulate commercial and tactical wireless & control systems physical (realism) and scale (emulation) Realism • Extensible for new technologies and external ranges •Limited wireless and • Chip level heterogeneous virtual machines MANET capability • Integrates new protocols using or replacing the TCP/IP protocol stack •Accelerate test time to reduce time for results •Constrained by real Test Time time •Decelerate test time to analyze and develop alternative results •Qualitative and quantitative security assessment of cyber technologies Scientific •Test specific raw data •Forensic data collection, analysis, and presentation Measurement collection •Time synchronization across devices Traffic Generation •Automatons •Traffic generators realistically emulate human behavior and frailties

  8. 8 Program Timeline Phase I Phase II Phase III Phase IV Design Prototype Construct Operate Jan 09 – Sep 09 max 15 mo max 24 mo ICD PDR 6 Mo CDR Demonstration 2 Mo IOC - 1 De c 09 FOC Determination Deliverables Deliverables Deliverables Operations •Detailed Engr Plan •Phase III Proposal • Build NCR Phase •System Demo Plan •Phase IV Proposal • NCR Testing •CONOPS •Phase III SDP •Phase II Proposal •Develop Prototype •Revised OCI Plan •Prototype Demonstration ICD - Initial Conc e ptual De sign PDR - Pr e liminar y De sign R e vie w CDR - Cr itic al De sign R e vie w F OC- F ull Ope r ational Capability Providing the environment to solve the Nation’s Cyber problems UNCL ASSIF IE D: Distr ibution State me nt “A” (Appr ove d for Public R e le ase , Distr ibution Unlimite d)

  9. 9 NCR Team * As of F e b 09 Providing the environment to solve the Nation’s Cyber problems UNCL ASSIF IE D: Distr ibution State me nt “A” (Appr ove d for Public R e le ase , Distr ibution Unlimite d)

  10. 10 How can you participate? Government Working Groups • Security Accreditation Working Group • Joint Working Group Upcoming Conference and Workshops • Quantifying Computer Security • Science of Cyber Testing • CONOPS Development • Technical Transition Test Queue Providing the environment to solve the Nation’s Cyber problems UNCL ASSIF IE D: Distr ibution State me nt “A” (Appr ove d for Public R e le ase , Distr ibution Unlimite d)

  11. 11 Technical Correspondence DARPA Program Manager -- Dr. Michael VanPutte michael.vanputte@darpa.mil DARPA/STO ATTN: STO: Dr Michael VanPutte 3701 North Fairfax Drive Arlington, VA 22203-1714 Unclassified fax: (703) 248-1800 Program Website: http://www.darpa.mil/sto/ia/ncr.html Providing the environment to solve the Nation’s Cyber problems UNCL ASSIF IE D: Distr ibution State me nt “A” (Appr ove d for Public R e le ase , Distr ibution Unlimite d)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Animal Testing Angie Bannister What is Animal Testing? animal testing, animal experimentation or

Animal Testing Angie Bannister What is Animal Testing? animal testing, animal experimentation or

Animal Testing Angie Bannister What is Animal Testing? animal testing, animal experimentation or animal research, (refers to the experimentation carried out on animals) Cosmetics, pharmaceutical drugs, cleaning chemicals etc. tested

496 views • 13 slides
Seminar Series C E E R Cyber-Physical Experimentation Environment for RADICS Advancing the

Seminar Series C E E R Cyber-Physical Experimentation Environment for RADICS Advancing the

Seminar Series C E E R Cyber-Physical Experimentation Environment for RADICS Advancing the state of art, CEER is a game changer. A generational leap in capabilities for Cyber- Physical Experimentation in the Electric Power Grid Increased

792 views • 49 slides
Quick Growth through ML Model A/B Testing Introduce eBay Experimentation Platform for the Paid

Quick Growth through ML Model A/B Testing Introduce eBay Experimentation Platform for the Paid

Quick Growth through ML Model A/B Testing Introduce eBay Experimentation Platform for the Paid Search Ads - Sleven Liu, Martin Zhang, Yi Liu Agenda Why Growth hacking and A/B testing? Search Ads: The most important marketing channel

661 views • 28 slides
Experimentation for Speed, Safety & Learning in CD @davekarow The future is already here

Experimentation for Speed, Safety & Learning in CD @davekarow The future is already here

Experimentation for Speed, Safety & Learning in CD @davekarow The future is already here it's just not very evenly distributed. William Gibson Coming up: What a Long Strange Trip Its Been Definitions Stories From Role

289 views • 25 slides
Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT

Mark Fernandes Principal, Cyber Risk Services + FUTURE OF CYBER CYB CYBER SINGU GULAR ARIT ITY How cyber is becoming a key aspect of the ubiquity generation. CYBER SUMMIT More to come 3 2018 Deloitte Cyber Risk Services 4 2018

514 views • 19 slides
S V V .lu software verification & validation Testing of Cyber-Physical Systems:

S V V .lu software verification & validation Testing of Cyber-Physical Systems:

S V V .lu software verification & validation Testing of Cyber-Physical Systems: Diversity-driven Strategies Lionel Briand COW 57, London, UK Cyber-Physical Systems A system of collaborating computational elements controlling

808 views • 41 slides
How risky is the Cyber Independent Testing Lab software you use? { Sarah Zatko , Tim Carstens ,

How risky is the Cyber Independent Testing Lab software you use? { Sarah Zatko , Tim Carstens ,

How risky is the Cyber Independent Testing Lab software you use? { Sarah Zatko , Tim Carstens , Patrick Stach , Parker Thompson , mudge } @ CITL https://shmoo18.cyber-itl.org A non-profit organization based in USA Founded by Sarah

609 views • 33 slides
The Future of Cyber-security WILL SOCIETY BE ABLE TO TRUST TECHNOLOGY? The Cyber Black -

The Future of Cyber-security WILL SOCIETY BE ABLE TO TRUST TECHNOLOGY? The Cyber Black -

The Future of Cyber-security WILL SOCIETY BE ABLE TO TRUST TECHNOLOGY? The Cyber Black - Swan The cyber 9/11 Apocalypse we must prevent and be prepared STUXNET The Cyber Black - Swan The cyber 9/11 Apocalypse we

533 views • 15 slides
building a culture of experimentation at Spotify @bendressler - experimentation lead user

building a culture of experimentation at Spotify @bendressler - experimentation lead user

building a culture of experimentation at Spotify @bendressler - experimentation lead user retention product satisfaction # of track plays predicting things is hard hi expectations why and how we experiment - in a consumer oriented live

1.03k views • 75 slides
ICS Testbed Tetris: Practical Building Blocks Towards a Cyber Security Resource CSET 20 - Long

ICS Testbed Tetris: Practical Building Blocks Towards a Cyber Security Resource CSET 20 - Long

ICS Testbed Tetris: Practical Building Blocks Towards a Cyber Security Resource CSET 20 - Long Preliminary Work Paper 13 th USENIX Workshop on Cyber Security Experimentation and Test August 10, 2020 Benjamin Green Richard Derbyshire William

418 views • 12 slides
Experiences In Cyber Security Education: The MIT Lincoln Laboratory Capture-the-Flag Exercise*

Experiences In Cyber Security Education: The MIT Lincoln Laboratory Capture-the-Flag Exercise*

Experiences In Cyber Security Education: The MIT Lincoln Laboratory Capture-the-Flag Exercise* Joseph Werther, Michael Zhivich, Timothy Leek, Nickolai Zeldovich Cyber Security Experimentation And Test 2011 8 August 2011 This work is

313 views • 15 slides
Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security

Security Testing Checking for what shouldnt happen Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 Agenda for today Part I Latest security news Security vulnerabilities in Java

2.02k views • 185 slides
Digital Twin for Cyber Testing Michael J. OConnor Chief Technologist Trideum Huntsville,

Digital Twin for Cyber Testing Michael J. OConnor Chief Technologist Trideum Huntsville,

Digital Twin for Cyber Testing Michael J. OConnor Chief Technologist Trideum Huntsville, Alabama United States Agenda Introduction Approach Conduct Cyber Table Top Develop Digital Twin Develop Operational Wraparound

354 views • 14 slides
Dynamic Delegation of Experimentation Yingni Guo Northwestern University ngni Guo (NU)

Dynamic Delegation of Experimentation Yingni Guo Northwestern University ngni Guo (NU)

Dynamic Delegation of Experimentation Yingni Guo Northwestern University ngni Guo (NU) Delegation of Experimentation 1 / 55 Introduction Delegating Experimentation I study how to manage innovation in a hierarchical organization. A principal

1.68k views • 119 slides
I l l i n o i s Te s t b e d An Overview of Resource Availability CEER : Cyber-Physical

I l l i n o i s Te s t b e d An Overview of Resource Availability CEER : Cyber-Physical

I l l i n o i s Te s t b e d An Overview of Resource Availability CEER : Cyber-Physical (testbed operation support) Experimentation CLOUD DATA ASSETS Customer PROVISION TESTBED LOCAL PEOPLE SCIENCE People Prosper Shane Ashwini

922 views • 58 slides
S V V .lu software verification & validation Automated Software Testing in Cyber-Physical

S V V .lu software verification & validation Automated Software Testing in Cyber-Physical

S V V .lu software verification & validation Automated Software Testing in Cyber-Physical Systems Lionel Briand NUS, Singapore, 2019 Dependable Breakfast 2 SnT Center: Mandate 3 SnT Center: Overview 101 M 287 employees 51

1.36k views • 94 slides
Center for Global Public Safety Industry Stakeholders Forum Perspectives on Energy Michael

Center for Global Public Safety Industry Stakeholders Forum Perspectives on Energy Michael

Center for Global Public Safety Industry Stakeholders Forum Perspectives on Energy Michael Ahern March 27, 2019 Perspectives on Energy Who would agree with me that Energy Systems Enable our Lives? Worcester Polytechnic Institute 2

98 views • 7 slides
The Trend Toward Common Architectures Peter Swan Director International Sales, Cambridge MA, USA

The Trend Toward Common Architectures Peter Swan Director International Sales, Cambridge MA, USA

IT 2 EC 2020 The Trend Toward Common Architectures Architecture & Interoperability The Trend Toward Common Architectures Peter Swan Director International Sales, Cambridge MA, USA Abstract Defense forces around the world are starting to

265 views • 3 slides
Patient-Centered Comparative Clinical Effectiveness Research Joe V. Selby, MD, MPH, Executive

Patient-Centered Comparative Clinical Effectiveness Research Joe V. Selby, MD, MPH, Executive

Building a National Data Infrastructure to Advance Patient-Centered Comparative Clinical Effectiveness Research Joe V. Selby, MD, MPH, Executive Director 1 About PCORI An independent, non-profit research organization authorized by Congress

322 views • 17 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Introduction Introduction Welcome to the course! Instructor: Dr.

678 views • 10 slides
Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found

Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found

Gunrock High-Performance Graph Analytics for the GPU Muhammad Osama University of California, Davis Why use GPUs for graph processing? FOSDEM 2020 2 GPUs and Graphs Graphs GPUs Found everywhere Found everywhere Road &

560 views • 23 slides
11/10/14 CSCI 1101A How the Internet works Mohammad T. Irfan 1

11/10/14 CSCI 1101A How the Internet works Mohammad T. Irfan 1

11/10/14 CSCI 1101A How the Internet works Mohammad T. Irfan 1 11/10/14 Python program to connect to the Internet At a high level u http://www.wimp.com/internetworks/ 2 11/10/14 Two

356 views • 4 slides
Mission The Center will perform advanced research in military information technology, where

Mission The Center will perform advanced research in military information technology, where

GMU C4I Center Poised for Growth Dr. J. Mark Pullen, Director Center of Excellence in Command, Control, Communications, Computing and Intelligence mpullen@gmu.edu http://c4i.gmu.edu Mission The Center will perform advanced research in

458 views • 8 slides
McSema: Static Translation of X86 Instructions to LLVM ARTEM DINABURG, ARTEM@TRAILOFBITS.COM

McSema: Static Translation of X86 Instructions to LLVM ARTEM DINABURG, ARTEM@TRAILOFBITS.COM

McSema: Static Translation of X86 Instructions to LLVM ARTEM DINABURG, ARTEM@TRAILOFBITS.COM ANDREW RUEF, ANDREW@TRAILOFBITS.COM This research was developed with funding from the Defense Advanced Research Projects Agency (DARPA). The

1.09k views • 34 slides

More recommend