400 likes | 494 Vues
Dept. of Homeland Security Science & Technology Directorate. Driving Security Improvements in Existing Technologies and Emerging Systems . EDUCAUSE Net@EDU Annual Mtg Tempe, AZ February 12, 2008. Douglas Maughan, Ph.D. Program Manager, CCI douglas.maughan@dhs.gov
E N D
Dept. of Homeland Security Science & Technology Directorate Driving Security Improvements in Existing Technologies and Emerging Systems EDUCAUSE Net@EDU Annual Mtg Tempe, AZ February 12, 2008 Douglas Maughan, Ph.D. Program Manager, CCI douglas.maughan@dhs.gov 202-254-6145 / 202-360-3170
Agenda • 2007 Capitol Hill and Other WDC Activities • DHS S&T Cyber Security R&D Program • PREDICT • Broad Agency Announcements (BAAs) • Outreach / Transition • University Programs • Cyber R&D Background and Government R&D Coordination
Recent Hearings in Washington • Cyber Insecurity: Hackers are Penetrating Federal Systems and Critical Infrastructure • http://homeland.house.gov/hearings/index.asp?ID=36 • “These incidents have opened a lot of eyes in the halls of Congress. We need to get serious about this threat to our national security.” • Addressing the Nation’s Cybersecurity Challenges: Reducing Vulnerabilities Requires Strategic Investment and Immediate Action” • http://homeland.house.gov/hearings/index.asp?ID=41 • “I am deeply troubled by the lack of foresight that this Administration has demonstrated. The Homeland Security Committee is working to demonstrate the importance of R&D funding to this Administration.”
Recent Hearings in Washington (cont’d) • House Homeland Security Committee investigation of DHS Networks • http://homeland.house.gov/SiteDocuments/Charbo.pdf • 13 questions to understand the security posture of DHS networks • Senate Hearing on Terrorist use of the Internet • http://hsgac.senate.gov/index.cfm?Fuseaction=Hearings.Detail&HearingID=441
More recent activity • May 2007 – DDOS attack on Estonia • First example of “cyber warfare”? • Sep 2007 - “Chinese hack the Pentagon” • Sep 2007 – “China hacks UK government” • Oct 2007 – “White House initiative to defend against hackers” • Nov 2007 – “White House requests $154M supplement for Cyber Initiative”
(National) Cyber Initiative • Baltimore Sun Article on Cyber Initiative – Oct. 24, 2007 • House panel chief demands details of cybersecurity plan • http://www.baltimoresun.com/technology/balte.cyber24oct24,0,782050,full.story • Rep. Bennie Thompson, Chairman of the House Homeland Security Committee, called on the Bush administration to delay the planned launch of a multi-billion-dollar cybersecurity initiative so that Congress could have time to evaluate it. • Initiative mostly focused on fixing operational problems that exist across government infrastructure • E.g., Trusted Internet Connections (TIC) program announcement • Small component of total effort is aimed at R&D
CSIS Commission for 44th Presidency • Goal: Identify a strategy and set of recommendations for the next administration to move ahead in securing cyberspace. The Commission will complete its work by December 2008. • The Commission will be a bipartisan group composed of thirty to thirty-five experts drawn from the cyber security policy community and from the private sector. • Co-chaired by leaders from Congress and the private sector • Reinforced by a private sector advisory group composed of representatives from companies and associations • The proposed working groups are: • (1) Federal Organization, Strategy and Doctrine; • (2) Cybersecurity Norms and Authorities; • (3) Budget and Acquisitions for Cybersecurity; • (4) Government/Private Sector Interfaces and Engagement. • The final product would be a well-supported package of recommendations for improving cyber security that could help to guide both a legislative agenda and Presidential policy documents.
Lead unified national effort to secure America Prevent terrorist attacks within the U.S. Respond to threats and hazards to the nation Ensure safe and secure borders Welcome lawful immigrants and visitors Promote free flow of commerce Homeland Security Mission
DHS Goals: Secretary’s Priorities • Keep terrorists, criminals and unlawful entrants out of the U.S. • Prevent dangerous materials, weapons and illicit drugs from entering the country • Strengthen screening of workers/travelers • Secure critical infrastructure • Build nimble, effective emergency response system and culture of preparedness • Strengthen core management to ensure DHS is a great organization
Department of Homeland SecurityOrganization Chart SECRETARY DEPUTY SECRETARY EXECUTIVE SECRETARY CHIEF OF STAFF MILITARYLIAISON INSPECTOR GENERAL ASSISTANT SECRETARY PUBLIC AFFAIRS UNDER SECRETARY FOR SCIENCE & TECHNOLOGY UNDER SECRETARY FOR POLICY GENERAL COUNSEL A/S CONGRESSIONAL & INTERGOVERNMENTAL AFFAIRS UNDER SECRETARY FOR MANAGEMENT UNDER SECRETARY FOR PREPAREDNESS DIRECTOR OF OPERATIONS COORDINATION ASSISTANT SECRETARY OFFICE OF INTELLIGENCE & ANALYSIS DIRECTOR OF COUNTER NARCOTICS OMBUDSMAN CITIIZENSHIP & IMMIGRATION SERVICES CHIEF PRIVACY OFFICER DIRECTOR CIVIL RIGHTS/CIVIL LIBERTIES FEDERAL LAW ENFORCEMENT TRAINING CENTER SCREENING COORDINATION OFFICE LABOR RELATIONS BOARD DOMESTIC NUCLEAR DETECTION OFFICE COMMISSIONER IMMIGRATION & CUSTOMS ENFORCEMENT DIRECTOR FEMA DIRECTOR CITIZENSHIP & IMMIGRATION SERVICES DIRECTOR TRANSPORTATION SECURITY ADMINISTRATION COMMANDANT US COAST GUARD COMMISSIONER CUSTOMS & BORDER PROTECTION DIRECTOR US SECRET SERVICE
Science and Technology (S&T) Mission Conduct, stimulate, and enable research, development, test, evaluation and timely transition of homeland security capabilities to federal, state and local operational end-users.
DHS S&T Investment PortfolioBalance of Risk, Cost, Impact, and Time to Delivery Customer Focused, Output Oriented
Customers * NCSD * NCS * OCIO * USSS * National Documents Critical Infrastructure Providers Post R&D DETER PREDICT PrioritizedRequirements Customers Pre R&D R&D DNSSEC SPRI Other Sectors e.g., Banking & Finance Critical Infrastructure Providers R&D Coordination – Government & Industry Cyber Security Assessment Emerging Threats Workshops External (e.g., I3P) Rapid Prototyping Solicitation Preparation Experiments and Exercises CIP Sector Roadmaps BAAs Outreach – Venture Community & Industry SBIRs Supporting Programs R&D Execution Model
Cyber Security Program Areas • Information Infrastructure Security • Domain Name System Security (DNSSEC) • Secure Protocols for the Routing Infrastructure (SPRI) • Cyber Security Assessment • Cyber Security Research Tools and Techniques • Cyber Security Testbed (DETER) • Large Scale Datasets (PREDICT) • Experiments and Exercises • Next Generation Technologies • BAA 04-17, BAA 07-09 • Other Activities (SBIR, RTAP, Emerging Threats)
DHS / NSF Cyber Security Testbed • “Justification and Requirements for a National DDOS Defense Technology Evaluation Facility”, July 2002 • We still lack large-scale deployment of security technology sufficient to protect our vital infrastructures • Recent investment in research on cyber security technologies by government agencies (NSF, DARPA, armed services) and industry. • One important reason is the lack of an experimental infrastructure and rigorous scientific methodologies for developing and testing next-generation defensive cyber security technology • The goal is to create, operate, and support a researcher-and-vendor-neutral experimental infrastructure that is open to a wide community of users and produce scientifically rigorous testing frameworks and methodologies to support the development and demonstration of next-generation cyber defense technologies
A Protected REpository for Defense of Infrastructure against Cyber Threats • PREDICT Program Objective “To advance the state of the research and commercial development (of network security ‘products’) we need to produce datasets for information security testing and evaluation of maturing networking technologies.” • Rationale / Background / Historical: • Researchers with insufficient access to data unable to adequately test their research prototypes • Government technology decision-makers with no data to evaluate competing “products” End Goal: Improve the quality of defensive cyber security technologies
: PREDICT Information • https://www.predict.org
Sponsor Letter MOA MOA Data Listing M O A s Data Hosting Sites MOA Researchers Proposal Proposal Review Board Accept / Deny Notification Get Data Data Providers Publication Review Board After Research (if required) PREDICT Repository Access Process PREDICT Coordination Center (Government-funded, Externally hosted) Institutional Sponsorship
Data Collection Activities • Classes of data that are interesting, people want collected, and seem reasonable to collect • Netflow • Packet traces – headers and full packet (context dependent) • Critical infrastructure – BGP and DNS data • Topology data • IDS / firewall logs • Performance data • Network management data (i.e., SNMP) • VoIP (2200 IP-phone network) • Blackhole Monitor traffic
PREDICT Summary • Why do we think PREDICT has a chance for success? • DHS has included the security and networking communities • DHS has included the legal community from the start • DHS has included the privacy community from the start • EFF, CDT, ACLU comments incorporated into system processes • Included government privacy officials • Managing external facing processes • What else are we doing? • Recent BAA 07-09 • Technical Topic Area (TTA) 8 – Data Anonymization • Focused on new ideas and techniques to improve data protection
Cyber Security R&DBroad Agency Announcement (BAA) • A critical area of focus for DHS is the development and deployment of technologies to protect the nation’s cyber infrastructure including the Internet and other critical infrastructures that depend on computer systems for their mission. The goals of the Cyber Security Research and Development (CSRD) program are: • To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging systems; • To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure. • To facilitate the transfer of these technologies into the national infrastructure as a matter of urgency. • http://www.hsarpabaa.com
BAA Program / Proposal Structure • NOTE: Deployment Phase = Test, Evaluation, and Pilot deployment in (DHS) “customer” environments • Type I (New Technologies) • New technologies with an applied research phase, a development phase, and a deployment phase (optional) • Funding not to exceed 36 months (including deployment phase) • Type II (Prototype Technologies) • More mature prototype technologies with a development phase and a deployment phase (optional) • Funding not to exceed 24 months (including deployment phase) • Type III (Mature Technologies) • Mature technology with a deployment phase only. • Funding not to exceed 12 months
BAA 07-09 Technical Topic Areas • Botnets and Other Malware: Detection and Mitigation • Composable and Scalable Secure Systems • Cyber Security Metrics • Network Data Visualization for Information Assurance • Internet Tomography / Topography • Routing Security Management Tool • Process Control System Security • Secure and Reliable Wireless Communication for Control Systems • Real-Time Security Event Assessment and Mitigation • Data Anonymization Tools and Techniques • Insider Threat Detection and Mitigation
Partnership • Project LOGIIC is a model for government-industry technology integration and demonstration efforts to address critical R&D needs • Industry contributes • Requirements and operational expertise • Project management • Product vendor channels • DHS S&T contributes • National Security Perspective on threats • Access to long term security research • Independent researchers with technical expertise • Testing facilities
Government Funder/Customer Established Commercial Companies DHS Researchers Emerging Commercial Companies Commercial Customers Commercial Outreach Strategy • Assist commercial companies in providing technology to DHS and other government agencies • Emerging Security Technology Forum (ESTF) • Assist DHS S&T-funded researchers in transferring technology to larger, established security technology companies • System Integrator Forum (Feb. 21, 2008) • Partner with the venture capital community to transfer technology to existing portfolio companies, or to create new ventures • Cyber Entrepreneurs Workshop (Mar. 11, 2008)
System Integrator Forum 2008 • IronKey, Palo Alto, CA • Secure USB Token • HBGary, Chevy Chase, MD • Malware Discovery Tool • Grammatech, Ithaca, NY • Software Analysis (Binary and Source) • George Mason Univ, Fairfax, VA • Network Vulnerability Analysis/Discovery • Endeavor Systems, Arlington, VA • Pattern Recognition and Signature Analysis • 2008 SIF – February 21 in WDC (see website)
IT Security Entrepreneur Forum (ITSEF) • Hot Topics - Current Market Trends and Conditions • How to Optimize Having the Government as Your Partner • Communicating Your Value Proposition • The Risks and Rewards of Selling to the Government • Navigating the Government Procurement Process from A to Z • Financing Your Startup in the Information Security Space through Government Funds • 2008 ITSEF – March 11 @ Stanford • http://www.publicprivatepartnerships.org
University ProgramsCenters of Excellence (COE) • Program Goals • Develop the management and communications infrastructure to produce, share and transition Centers’ research results, data and technology to analysts and policymakers • Align existing Centers and establish new Centers and initiatives to align with S&T Divisions’ research and development activities, and address additional DHS needs • Deliver the Centers’ advanced research products, technology and educated workforce that DHS will need to protect the country for the foreseeable future
Center for Risk & Economic Analysis of Terrorism Events (CREATE) Based at the Univ. of Southern California National Center for Food Protection & Defense (NCFPD) Based at the Univ. of Minnesota National Center for Foreign Animal & Zoonotic Disease Defense (FAZD) Based at Texas A&M Univ. National Consortium for the Study of Terrorism & Responses to Terrorism (START) Based at the Univ. of Maryland National Center for Preparedness & Catastrophic Event Response (PACER) Based at Johns Hopkins Univ. Current Centers of Excellence
Center for Advancing Microbial Risk Assessment (CAMRA) Based at Michigan State Univ., in Partnership with U.S. EPA Univ. Affiliate Centers to the Institute for Discrete Sciences (IDS-UACs) In Partnership with Lawrence Livermore National Laboratory: Rutgers Univ. (Lead Center), Univ. of Southern California, Univ. of Illinois at Urbana-Champaign, Univ. of Pittsburgh Regional Visualization & Analytics Centers (RVACs) In Partnership with National VAC at Pacific Northwest National Laboratory: Penn State Univ., Purdue Univ., Stanford Univ., Univ. of North Carolina at Charlotte, Univ. of Washington Centers of Excellence, cont. Other University Research Initiatives • Southeast Regional Research Initiative (SERRI) • Kentucky Critical Infrastructure Protection Institute (KCI)
COE for Explosives Detection, Mitigation and Response (Funded FY2007) COE for Border Security and Immigration (Funded FY2007) Northern Forest Borders Southwest Desert Borders COE for Maritime, Island & Remote/Extreme Environment Security (Funded FY2007) COE for Natural Disasters, Coastal Infrastructure and Emergency Management (Funded FY2008) New Centers Beginning in FY 2007-08
Education Programs • Individual Scholarships and Fellowships • Institutional Scholarships & Fellowships • Summer Internships • AAAS/AVMA • Visiting Scholars • Post-Doc Program
R&D Studies / Reports • 1997 - President’s Commission on Critical Infrastructure Protection (PCCIP) • Critical Foundations: Protecting America’s Infrastructures • 1999 – National Research Council Computer Science and Telecommunication Board • Trust in Cyberspace • 2003 - National Strategy to Secure Cyberspace • http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf • 2003 – Institute for Information Infrastructure Protection (I3P) • Cyber Security Research And Development Agenda • 2003 – Computing Research Association • Four Grand Challenges in Trustworthy Computing
R&D Studies / Reports (2) • 2004 – National Infrastructure Advisory Council (NIAC) • Hardening The Internet • 2005 - President's Information Technology AdvisoryCommittee (PITAC) • Cyber Security: A Crisis of Prioritization • http://www.nitrd.gov/pitac/reports/20050301_cybersecurity/cybersecurity.pdf • 2005 – Infosec Research Council (IRC) • Hard Problems List • 2006 – National Science and Technology Council (NSTC) • Federal Plan for Cyber Security and Information Assurance Research and Development • 2007 – National Research Council Computer Science and Telecommunication Board • Toward a Safer and More Secure Cyberspace
NITRD Program Coordination White House Executive Office of the President U.S. Congress Office of Science and Technology Policy NITRD Agency Authorization and Appropriations Legislation National Science and Technology Council Committee on Technology Committee on Homeland and National Security National Coordination Office (NCO) for Networking and Information Technology Research and Development Subcommittee on Networking and Information Technology Research and Development (NITRD) Subcommittee on Infrastructure High End Computing (HEC) Interagency Working Group Cyber Security and Information Assurance (CSIA) Interagency Working Group Social, Economic, and Workforce Implications of IT and IT Workforce Development (SEW) Coordinating Group Human Computer Interaction and Information Management (HCI&IM) Coordinating Group High Confidence Software and Systems (HCSS) Coordinating Group Large Scale Networking (LSN) Coordinating Group Software Design and Productivity (SDP) Coordinating Group
Tackling Cyber Security R&D Challenges: Not Business as Usual • Key people (i.e., Congress) now paying attention • Close coordination with other Federal agencies • Outreach to communities outside of the Federal government • Building public-private partnerships (the industry-government *dance* is a new tango) • Need a stronger emphasis on technology diffusion and technology transfer • Migration paths to a more secure infrastructure • Awareness of economic realities
Douglas Maughan, Ph.D. Program Manager, CCI douglas.maughan@dhs.gov 202-254-6145 / 202-360-3170 For more information, visithttp://www.cyber.st.dhs.gov