1 / 21

The INFOSEC Research Council

The INFOSEC Research Council. Carl Piechowski Chair IRC, DOE Dr. Douglas Maughan IRC Program Manager, DARPA John C. Davis Executive Agent IRC, Mitretek. The INFOSEC Research Council (IRC). Charter Informally chartered, government sponsored, voluntary organization Goals

Télécharger la présentation

The INFOSEC Research Council

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. The INFOSEC Research Council Carl Piechowski Chair IRC, DOE Dr. Douglas Maughan IRC Program Manager, DARPA John C. Davis Executive Agent IRC, Mitretek

  2. The INFOSEC Research Council (IRC) • Charter • Informally chartered, government sponsored, voluntary organization • Goals • Facilitate communication and collaboration between participating organizations • Enable knowledgeable and intelligent information security research investments • Increase efficiency and effectiveness of U.S. Government INFOSEC research • Support consolidated identification of high value research targets • The IRC provides an opportunity for participants to: • Discuss critical information security issues • Convey members’ research needs • Describe current research activities and planned research investments • Informally examine concepts and approaches against a body of experience and knowledge • Benefit to members • Helps them to focus their INFOSEC research investments through coordination with other relevant individuals and organizations

  3. Roll Up DB Knowledge Base Hard Problems List IRC Vision INFOSEC Science and Technology Study Groups INFOSEC Research Council Innovative Approaches Funding Requirements Fed Labs & FFRDC R&D Participating Organizations Warfighter, National Security, Homeland Security, and Civil Agency Needs Academic R&D Industry R&D Ideas Solutions

  4. IRC Background • First organized by NSA R2 in May 1996 • IRC activities are sponsored by most of the participating organizations, as led and coordinated by DARPA • U.S. Department of Energy provides the current chairperson

  5. IRC Participants • Representatives from U.S. Government organizations that sponsor information security research • Current Members • DOD: BMDO, DTRA, NCS, DARPA, NSA, OSD • Air Force: AFRL, AFIWC • Army: ARL, CECOM • Navy: NRL, ONR, SPAWAR • Intelligence Community: CIA, NRO, ARDA • Civilian Agencies: DOE, NIST, NSF, FBI, FAA, DOJ, NRC

  6. IRC Activities • Bimonthly meetings • Program discussions • Relevant technical presentations • Review new developments • Events • Developed the INFOSEC “Hard Problems List” • Developing an R&D Database • Developed R&D Summary Report • Created and maintain IRC websites • www.infosec-research.org • Initiate INFOSEC Science and Technology Study Groups (ISTSG)

  7. INFOSEC Science and Technology Study Groups • Studies • Issues of particular import • Issues of shared interest • Benefit from the contributions of recognized experts • Studies Completed • Information Assurance Vision / End State • Malicious Code • Studies Proposed • Self Healing Networks • Technology Transfer • Network Study

  8. Recent Briefings • Institute for Information Infrastructure Protection (I3P) – Michael Vatis, Dartmouth University • National Strategy to Secure Cyberspace – Marcus Sachs, Director for Communication Infrastructure Protection • NIAP Certification of Linux and Security-Enhanced Linux – Tony Stanco, George Washington University • Homeland Security: In Pursuit of the Asymmetric Advantage – Ruth David, Analytic Services, Inc. (ANSER) • The State of Information Security within the Civil Agencies – Keith A. Rhodes, GAO

  9. Recent Briefings • Large Network Security – Dr. Ed Amoroso, AT&T • Know Your Enemy: Modeling and Predicting Hacker Behavior– the Honeynet Project • Fortune 500 Corporate Security – Head of Security of F500 company • "DUSD (S&T)'s Software Protection Initiative" – Jeff Hughes • MAC OS Security -- Shawn Geddis, Apple Federal • Microsoft XP Security – Sean Finnegan, Microsoft

  10. INFOSEC Research Hard Problems List • Why define the “hard problems?” • Identify important roadblocks to effective information security • Guide research program planning • Achieve consensus on identifying especially difficult/persistent information security issues • How was it done? • Discussion and e-mail exchanges among members • Contributions from national experts

  11. What makes INFOSEC problems hard? • Technical factors • Need for COTS solutions • Need for wide deployment of security technology • Need to manage complex, networked systems securely • Need to support dynamic security policy environments • Growing technical sophistication of threats • IT Market and user perception factors • COTS provides more function, less assurance • Declining government influence on COTS information technology • User belief COTS security will suffice • Unrealistic assumptions (e.g. detect new attack)

  12. Design & Development Secure system composition High assurance development Metrics for security Operational Intrusion and misuse detection Intrusion and misuse response Security of foreign and mobile code Controlled sharing of sensitive information Application security Denial of service Communications security Security management infrastructure Infosec for mobile warfare IRC’s Hard Problem List

  13. Program R&D Database • Originally in hardcopy: • Now being automated • Each member organization provides R&D summary info • Project records will target: • Summary technical info / URL • Contact information • Non-sensitive budget info • Relationship to Hard Problems list • Benefits: identify resources being applied to hard problems, support gap analysis

  14. R&D Study • Collected information about Federal INFOSEC R&D Programs • Identified key INFOSEC issues facing the U.S. • Fundamental flaws in much of the nation’s deployed information infrastructure that leave systems open to exploitation • Decreasing diversity in the software components of that infrastructure, and diminishing ability to assure that hardware communications paths are diverse, which causes any flaw to be very wide-spread • Lack of effective means for detecting the exploitation of these flaws, both tactically and strategically • Lack of controllable, graduated responses to such exploitations • Synthesized the data • Performed Gap Analysis

  15. IRC Websites -- Overview • Provide the infrastructure for communicating research priorities and sharing research results • Mitretek Systems maintains three IRC websites for various audiences • Public - http://www.infosec-research.org • IRC Meeting Participants • IRC Members • Implemented using open source software • Websites are hosted at Mitretek Systems in Falls Church, VA

  16. IRC Public Website • Only publicly accessible IRC website • Provides an overview of the organization and objectives • Website contents • IRC Charter • Member Organizations • Upcoming Meeting Date and Location • Public Documents • Hard Problems List • IRC Overview (PowerPoint and Word Document) • Contact Information

  17. IRC Meeting Participants Website • Access controlled by username/password • Separate username/password issued for each meeting to all participants • SSL used for encrypted communication • Website contents • Schedule of future meetings • Meeting agendas • Abbreviated minutes -- contents from Closed Sessions are removed • Presentations from Open Sessions

  18. IRC Members Website • Access limited to Federal employees and IPAs • PKI client certificates are used for website authentication • SSL used for encrypted communication • Website contents • Schedule of future meetings • Meeting agendas • Complete minutes • Presentations from all sessions • ISTSG results / Draft documents for review • Calendar of upcoming meetings and conferences • Infrastructure to support the R&D database • Search R&D summary information • Update R&D project information

  19. IRC Benefits While it is understood that each participating agency will have its own research priorities, the IRC helps identify and organize high priority INFOSEC problem areas and related research opportunities. The IRC: • Promotes more efficient and effective use of research funds • Shares expertise • Supports corporate memory beyond organization • Helps identify common problems • Helps avoid redundant efforts

  20. QUESTIONS ???

  21. Chair, Infosec Research Council Carl Piechowski U.S. Department of Energy SO-13 19901 Germantown Rd Germantown, MD 20874-1290 Phone: 301-903-4053 carl.piechowski@hq.doe.gov IRC Executive Agent John Davis (703) 610-1945 Mitretek Systems, Inc MS F220 3150 Fairview Park Drive South Falls Church, VA 22042 Fax: (703) 610-1699 john.davis@mitretek.org Thank You

More Related