Presentation is loading. Please wait.

Presentation is loading. Please wait.

U.S. Cybersecurity R&D Landscape Homeland Security Advanced Research Projects Agency Cyber Security Division Douglas Maughan, Ph.D. Division Director March.

Similar presentations

Presentation on theme: "U.S. Cybersecurity R&D Landscape Homeland Security Advanced Research Projects Agency Cyber Security Division Douglas Maughan, Ph.D. Division Director March."— Presentation transcript:

1 U.S. Cybersecurity R&D Landscape Homeland Security Advanced Research Projects Agency Cyber Security Division Douglas Maughan, Ph.D. Division Director March 16, 2012 1

2 2 Comprehensive National Cybersecurity Initiative (CNCI) Reduce the Number of Trusted Internet Connections Deploy Passive Sensors Across Federal Systems Pursue Deployment of Automated Defense Systems Coordinate and Redirect R&D Efforts Establish a front line of defense Connect Current Centers to Enhance Situational Awareness Develop Gov’t-wide Counterintelligence Plan for Cyber Increase Security of the Classified Networks Expand Education Resolve to secure cyberspace / set conditions for long-term success Define and Develop Enduring Leap Ahead Technologies, Strategies & Programs Define and Develop Enduring Deterrence Strategies & Programs Manage Global Supply Chain Risk Cyber Security in Critical Infrastructure Domains Shape future environment / secure U.S. advantage / address new threats 2

3 Agency / OrgResearch AgendaResearchersCustomers / Consumers National Science Foundation (NSF) SW engineering/protection, HW/FW security, mobile wireless and sensor networks, trustworthy computing ; Several academic centers Academics and Non- Profits Basic Research - No specific customers Defense Advanced Research Projects Agency (DARPA) Lots of classified research; unclassified topics are focused on basic research (CRASH, MRC, SAFER, HACMS); National Cyber Range Few academics; large system integrators; research and government labs Mostly DOD; most solutions are GOTS, not COTS National Security Agency (NSA) Information Assurance Automation (ISAP), SELinux; Networking theory; CAEIAE centers Mostly in-houseIntelligence community; some NSA internal; some open source Intelligence Advanced Research Projects Agency (IARPA) Automatic Privacy Protection (APP,) Securely Taking on New Executable Software of Uncertain Provenance (STONESOUP) Mostly research labs, system integrators, and national labs; Some academics Intelligence community National Institute of Standards & Technology (NIST) Trusted Identities in Cyberspace, National Initiative for Cybersecurity Education (NICE) In-house; Most R&D funding comes from other agencies Federal agencies with some impact on state and locals Department of Homeland Security (DHS) S&T All unclassified; Secure Internet Protocols; Process Control Systems (PCS), Emerging Threats, Insider Threat, Cyber Forensics; Software Assurance, Open Security Technologies, Next Generation Technologies Blend of academics, research and government labs, non- profits, private sector and small business DHS Components (including NPPD, USSS, FLETC, FEMA, ICE, CBP); CI/KR Sectors; USG and Internet and Private Sector Federal Gov’t Cyber Research Community 3

4 Federal Cybersecurity Research and Development Program: Strategic Plan 4

5 Federal Cybersecurity R&D Strategic Plan  Science of Cyber Security  Research Themes  Tailored Trustworthy Spaces  Moving Target Defense  Cyber Economics and Incentives  Designed-In Security (New for FY12)  Transition to Practice  Technology Discovery  Test & Evaluation / Experimental Deployment  Transition / Adoption / Commercialization  Support for National Priorities  Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education), Financial Services 5

6 Federal Investments across All R&D  Big Data  Cloud Computing  Cyber-Physical Systems  Healthcare IT  High End Computing  Software Design and Productivity  STEM Education 6

7 CSD R&D Execution Model 7

8 Examples of CSD Successes  Ironkey – Secure USB  Standard Issue to S&T employees from S&T CIO  Coverity – Open Source Hardening (SCAN)  Analyzes 150+ open source software packages daily  Komoku – Rootkit Detection Technology  Acquired by Microsoft in 2008  Secure64 – DNSSEC Automation  Several commercial customers; Government pilots underway  HBGary – Memory and Malware Analysis  Over 100 pilot deployments as part of Cyber Forensics project  Endeavor Systems – Malware Analysis tools  Acquired by McAfee in 2009  Telcordia – Automated Vulnerability Analysis  In use by DOD, SEC  GMU/ProInfo – Network Topology Analysis (Cauldron)  In use at FAA, several commercial customers  Stanford – Anti-Phishing Technologies  Open source; most browsers have included Stanford R&D  Secure Decisions – Data Visualization  Pilot with DHS/NCSD/US- CERT 8

9 DHS S&T Cyber Security Program Areas  Research Infrastructure to Support Cybersecurity (RISC)  Trustworthy Cyber Infrastructure (TCI)  Cyber Technology Evaluation and Transition (CTET)  Foundational Elements of Cyber Systems (FECS)  Cybersecurity User Protection and Education (CUPE) 9

10 Research Infrastructure (RISC)  Experimental Research Testbed (DETER)  Researcher and vendor-neutral experimental infrastructure  Used by over 200 organizations from more than 20 states and 17 countries  Used by over 40 classes, from 30 institutions involving 2,000+ students   Research Data Repository (PREDICT)  Repository of network data for use by the U.S.- based cyber security research community  More than 100 users (academia, industry, gov’t); Over 250TB of network data; Tools are used by major service providers and many companies  Phase 2: New datasets, ICTR Ethics, International (JP, DE)   Software Assurance Market Place (SWAMP)  A software assurance testing and evaluation facility and the associated research infrastructure services  New FY12 initiative 10

11 Trustworthy Cyber Infrastructure  Secure Protocols  DNSSEC – Domain Name System Security  Govt and private sector worked together to make this happen  Started in 2004; now 35 top level domains adopted globally including the Root  SPRI – Secure Protocols for Routing Infrastructure  Working with ISPs (Verizon, Google), router vendors (Cisco, Juniper), others  Process Control Systems  LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity  Consortium of super major O&G companies partnered with DHS  TCIPG – Trustworthy Computing Infrastructure for the Power Grid  Partnered with DOE, Advisory Board of 30+ private sector companies  Internet Measurement and Attack Modeling  Geographic mapping of Internet resources  Logically and/or physically connected maps of Internet resources  Monitoring and archiving of BGP route information  Co-funding with Australia 11

12 Evaluation and Transition (CTET)  Assessment and Evaluations  Red Teaming of DHS S&T-funded technologies  Support of numerous outreach events  Annual IT Security Entrepreneurs’ Forum  Quarterly Information Security Technology Transition Council (ITTC) meetings  Experiments and Pilots  Experimental Deployment of DHS S&T-funded technologies into operational environments  Partnerships with ICE, USSS, CBP, NCSD, S&T CIO  Distributed Environment for Critical Incident Decision-making Exercises (DECIDE) Tool for Finance Sector to conduct risk management exercises and identify improvements  Transition to Practice (CNCI)  New FY12 Initiative 12

13 Foundational Elements (FECS)  Homeland Open Security Technology (HOST)  Use open source to improve security at all levels of government  Example: Suricata (open source IDS/IPS) – over $8M of comm. inv.  New FY12 Initiatives  Enterprise Level Security Metrics and Usability  Requirements from DHS/NCSD and FSSCC  Software Quality Assurance  Requirements from DHS/NCSD and FSSCC  Cyber Economic Incentives (CNCI)  Leap Ahead Technologies (CNCI)  Moving Target Defense (CNCI)  Tailored Trustworthy Spaces (CNCI) 13

14 Cybersecurity Users (CUPE)  Cyber Security Competitions  National Initiative for Cybersecurity Education (NICE)  NCCDC (Collegiate); U.S. Cyber Challenge (High School) 14  Cyber Security Forensics  Support to DHS and other Law Enforcement customers (USSS, CBP, ICE, FBI, CIA)  Identity Management & Data Privacy Technologies  National Strategy for Trusted Identities in Cyberspace (NSTIC)

15 DHS S&T Cybersecurity Program PEOPLE SYSTEMS INFRASTRUCTURE RESEARCH INFRASTRUCTURE Secure Protocols Identity Management Enterprise Level Security Metrics & Usability Data Privacy Cyber Forensics Competitions Process Control Systems Internet Measurement & Attack Modeling Experimental Research Testbed (DETER) Research Data Repository (PREDICT) Software Assurance Market Place (SWAMP) Software Quality Assurance Homeland Open Security Technology Experiments & Pilots Assessments & Evaluations Cyber Economic Incentives Moving Target Defense Tailored Trustworthy Spaces Leap Ahead Technologies Transition To Practice 15

16 Cyber Security R&D Broad Agency Announcement (BAA)  Delivers both near-term and medium-term solutions  To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure, based on customer requirements  To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging cybersecurity systems;  To facilitate the transfer of these technologies into operational environments.  Proposals Received According to 3 Levels of Technology Maturity Type I (New Technologies) Applied Research Phase Development Phase Demo in Op Environ. Funding ≤ $3M & 36 mos. Type II (Prototype Technologies) More Mature Prototypes Development Phase Demo in Op Environ. Funding ≤ $2M & 24 mos. Type III (Mature Technologies) Mature Technology Demo Only in Op Environ. Funding ≤ $750K & 12 mos. Note: Technology Demonstrations = Test, Evaluation, and Pilot deployment in DHS “customer” environments 16

17 BAA 11-02 Technical Topic Areas (TTAs) TTA-1Software AssuranceDHS, FSSCC TTA-2Enterprise-Level Security MetricsDHS, FSSCC TTA-3Usable SecurityDHS, FSSCC TTA-4Insider ThreatDHS, FSSCC TTA-5Resilient Systems and NetworksDHS, FSSCC TTA-6Modeling of Internet AttacksDHS TTA-7Network Mapping and MeasurementDHS TTA-8Incident Response CommunitiesDHS TTA-9Cyber EconomicsCNCI TTA-10Digital ProvenanceCNCI TTA-11Hardware-Enabled TrustCNCI TTA-12Moving Target DefenseCNCI TTA-13Nature-Inspired Cyber HealthCNCI TTA-14Software Assurance MarketPlace (SWAMP)S&T  1003 White Papers  224 Full Proposals encouraged  Expected awards in June 2012 17

18 18 A Roadmap for Cybersecurity Research   Scalable Trustrworthy Systems  Enterprise Level Metrics  System Evaluation Lifecycle  Combatting Insider Threats  Combatting Malware and Botnets  Global-Scale Identity Management  Survivability of Time-Critical Systems  Situational Understanding and Attack Attribution  Information Provenance  Privacy-Aware Security  Usable Security

19 US R&D Mapped to CSIT Themes  Adaptive Cyber Security Technologies  Moving Target Defense  Nature Inspired Cyber Health  Protection of Smart Utility Grids  PCS Project – LOGIIC and TCIPG  Security of the Mobile Platform and Applications  Identity Management Project - Combining Id Mgmt with mobile devices (ala BYOD)  Multi-faceted Approach to Cyber Security Research  Usable Security  Cyber Economics and Incentives  Incident Response Communities 19

20 Summary  Cybersecurity research is a key area of innovation needed to support our future  Collaboration, both inter-agency and international, are essential to producing next-generations solutions  DHS S&T continues with an aggressive cyber security research agenda  Working to solve the cyber security problems of our current (and future) infrastructure and systems  Working with academe and industry to improve research tools and datasets  Looking at future R&D agendas with the most impact for the nation, including education  Need to continue strong emphasis on technology transfer and experimental deployments 20

21 For more information, visit Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) 202-254-6145 / 202-360-3170 21

22 The Menlo Report "Ethical Principles Guiding Information and Communication Technology Research”, Supported by US Department of Homeland Security (Published in the Federal Register - Dec 2011). Belmont PrincipleMenlo Application Respect for Persons  Identify stakeholders  Informed consent Beneficence  Identify potential benefits and harms  Balance risks and benefits  Mitigate realized harms Justice  Fairness and equity Additional Menlo Principle: Respect for the Law and Public Interest  Compliance  Transparency and accountability Menlo Companion document – over 20 cases of unethical / illegal research activity 22

Download ppt "U.S. Cybersecurity R&D Landscape Homeland Security Advanced Research Projects Agency Cyber Security Division Douglas Maughan, Ph.D. Division Director March."

Similar presentations

Ads by Google