Presentation is loading. Please wait.

Presentation is loading. Please wait.

Homeland Security Advanced Research Projects Agency An Update on the Cyber Security R&D Landscape December 4, 2013 SINET Showcase Douglas Maughan Division.

Similar presentations

Presentation on theme: "Homeland Security Advanced Research Projects Agency An Update on the Cyber Security R&D Landscape December 4, 2013 SINET Showcase Douglas Maughan Division."— Presentation transcript:

1 Homeland Security Advanced Research Projects Agency An Update on the Cyber Security R&D Landscape December 4, 2013 SINET Showcase Douglas Maughan Division Director

2 Presenter’s Name June 17, 2003  2007 ITSEF - Opening Doors to the Federal Government  2008 ITSEF Panel - Federal Government Strategic Investment Funds  2009 ITSEF Panel - Critical Infrastructure  2010 ITSEF Panel - Moving Forward with a Roadmap for the IT, Banking & Finance and Energy Sectors  2010 Showcase Workshop and 2011 ITSEF Workshop - Obtaining Federal Research Funding  2011 ITSEF Panel - Partnering Practitioners & Theory - Creating Centers of Excellence  2012 ITSEF Panel - What are the Key Attributes that Lead to Successful Technology Transfer?  2012 Showcase Panel - DHS and DoD Efforts at Improving Cyber Innovation Intake into the Federal Government Past SINET Participation 2

3 Presenter’s Name June 17, 2003 Presentation Outline  Threat Space  National / Federal Activities  DHS Activities  Cyber Security Division (CSD) Overview  What’s Ahead  Funding Opportunities  Summary  Q&A 3

4 Environment: Greater Use of Technology, More Threats, Less Resources Globalization & Transportation Natural Disasters & Pushing Beyond Design Limits Misuse of Technology Border Security & Immigration Cyber Domain LESS RESOURCESLESS RESOURCES MORE THREATS Violent Extremism Nature of Innovation Both sides get to innovate Predictive & Reactive Aviation as an example … Low cost of entry Strategic potential Anywhere in the world in 24 hours Historical Perspective Tenuous balance Insider Threat

5 Presenter’s Name June 17, 2003 Cyber Threat Sources Ready to Exploit Weaknesses Nation States Hackers/Hacktivists Cyber Criminals Insider Threats Terrorists, DTOs, etc.

6 Presenter’s Name June 17, 2003  Malware – Malicious software to disrupt computers  Viruses, worms, …  Theft of Intellectual Property or Data  Hactivism – Cyber protests that are socially or politically motivated  Mobile Devices and Applications and their associated Cyber Attacks  Social Engineering – Entice users to click on Malicious Links  Spear Phishing – Deceptive communications (E-Mails, Texts, Tweets…)  Domain Name System (DNS) Hijacking  Router Security – Border Gateway Protocol (BGP) Hijacking  Denial of Service (DOS) – blocking access to web sites  Others ….. 6 Cyber Threats

7 Presenter’s Name June 17, 2003 Recent Events 7

8 Comprehensive National Cybersecurity Initiative (CNCI) Reduce the Number of Trusted Internet Connections Deploy Passive Sensors Across Federal Systems Pursue Deployment of Automated Defense Systems Coordinate and Redirect R&D Efforts Establish a front line of defense Connect Current Centers to Enhance Situational Awareness Develop Gov’t-wide Counterintelligence Plan for Cyber Increase Security of the Classified Networks Expand Education Resolve to secure cyberspace / set conditions for long-term success Define and Develop Enduring Leap Ahead Technologies, Strategies & Programs Define and Develop Enduring Deterrence Strategies & Programs Manage Global Supply Chain Risk Cyber Security in Critical Infrastructure Domains Shape future environment / secure U.S. advantage / address new threats

9 NITRD Participating Agencies 9 Networking Information Technology R&D

10 Presenter’s Name June 17, 2003 Federal Cybersecurity R&D Strategic Plan  Science of Cyber Security  Research Themes  Tailored Trustworthy Spaces  Moving Target Defense  Cyber Economics and Incentives  Designed-In Security (New for FY13)  Transition to Practice  Technology Discovery  Test & Evaluation / Experimental Deployment  Transition / Adoption / Commercialization  Support for National Priorities  Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education), Financial Services Released Dec 6, 2011 ederal-cybersecurity-rd-strategic-plan-released 10

11 DHS S&T Mission Guidance Strategic Guidance Operational Directives HSPD-5 National Incident Management System (2003) PPD-8 National Preparedness (2011) HSPD-22 Domestic Chemical Defense (2007) HSPD-9 Defense of U.S. Agriculture & Food (2004) HSPD-10 Biodefense for the 21 st Century (2004) Homeland Security Act 2002 QHSR (Feb 2010) BUR (July 2010) 1.Preventing terrorism & enhancing security 2.Securing and managing our borders 3.Enforcing & administering immigration laws 4. Safeguarding and securing cyberspace 5.Ensuring resilience to disasters Prevention, Protection, Mitigation, Response, Recovery S&T Strategic Plan (2011) Smaller Scale Terrorism Trafficking, Crime Pandemics, Accidents, Natural Hazards Violent Extremism High Consequence WMD Threats Core Missions QHSR

12 Cybersecurity for the 16 Critical Infrastructure Sectors  Business / Personal  Shopping & Banking Point of Sale (in store or on line)  Personnel  Social Media  … DHS provides advice and alerts to the 16 critical infrastructure areas … … DHS collaborates with sectors through Sector Coordinating Councils (SCC) X X

13 EO-13636 and PPD-21  In February 2013, the President issued two new policies: 1)Executive Order 13636: Improving Critical Infrastructure Cybersecurity 2)Presidential Policy Directive – 21: Critical Infrastructure Security and Resilience  America's national security and economic prosperity are dependent upon the operation of critical infrastructure that are increasingly at risk to the effects of cyber attacks  The vast majority of U.S. critical infrastructure is owned and operated by private companies  A strong partnership between government and industry is indispensible to reducing the risk to these vital systems

14 Presenter’s Name June 17, 2003 Integrating Cyber-Physical Security  Executive Order 13636: Improving Critical Infrastructure Cybersecurity directs the Executive Branch to:  Develop a technology-neutral voluntary cybersecurity framework  Promote and incentivize the adoption of cybersecurity practices  Increase the volume, timeliness and quality of cyber threat information sharing  Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure  Explore the use of existing regulation to promote cyber security  Presidential Policy Directive-21: Critical Infrastructure Security and Resilience replaces Homeland Security Presidential Directive-7 and directs the Executive Branch to:  Develop a situational awareness capability that addresses both physical and cyber aspects of how infrastructure is functioning in near- real time  Understand the cascading consequences of infrastructure failures  Evaluate and mature the public- private partnership  Update the National Infrastructure Protection Plan  Develop comprehensive research and development plan (CSD / RSD) 14

15 Presenter’s Name June 17, 2003 Publish instructions: unclassified threat information Report on cybersecurity incentives Publish procedures: expand the Enhanced Cybersecurity Services 120 days – June 12, 2013 Identify cybersecurity critical infrastructure Evaluate public-private partnership models Expedite security clearances for private sector 150 Days - July 12, 2013 Develop a situational awareness capability Update the National Infrastructure Protection Plan Publish draft voluntary Cybersecurity Framework 240 Days – October 10, 2013 Report on privacy and civil rights and civil liberties cybersecurity enhancement risks Stand up voluntary program based on finalized Cybersecurity Framework 365 days – February 12, 2014 Critical Infrastructure Security and Resilience R&D Plan Beyond 365 - TBD 15 EO-PPD Deliverables

16 Presenter’s Name June 17, 2003 Cybersecurity Framework (NIST lead)  Developed in collaboration with industry, provides guidance to an organization on managing cybersecurity risk  Supports the improvement of cybersecurity for the Nation’s Critical Infrastructure using industry-known standards and best practices  Provides a common language and mechanism for organizations to 1.describe current cybersecurity posture; 2.describe their target state for cybersecurity; 3.identify and prioritize opportunities for improvement within the context of risk management; 4.assess progress toward the target state; 5.Foster communications among internal and external stakeholders.  Composed of three parts: the Framework Core, the Framework Implementation Tiers, and Framework Profiles 16

17 Presenter’s Name June 17, 2003 Cybersecurity Framework FunctionCategory IDENTIFY Asset Management Business Environment Governance Risk Assessment Risk Management PROTECT Access Control Awareness and Training Data Security Information Protection Processes and Procedures Protective Technology DETECT Anomalies and Events Security Continuous Monitoring Detection Processes RESPOND Communication Analysis Mitigation Improvements RECOVER Recovery Planning Improvements Communication 17

18 Presenter’s Name June 17, 2003 Areas: “ While these reports do not yet represent a final Administration policy, they do offer an initial examination of how the critical infrastructure community could be incentivized to adopt the Cybersecurity Framework as envisioned in the Executive Order. We will be making more information on these efforts available as the Framework and Program are completed.” Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator White House Blog, August 6, 2013 1.Cybersecurity Insurance 2.Grants 3.Process Preference 4.Liability Limitation 5.Streamline Regulations 6.Public Recognition 7.Rate Recovery for Price Regulated Industries 8.Cybersecurity Research 18 Recommended Incentives

19 Presenter’s Name June 17, 2003 R&D guidance from PPD-21  Within 2 years, DHS in coordination with OSTP, SSA’s, DOC and other Federal D&A, shall provide to the President a National Critical Infrastructure Security and Resilience R&D Plan that takes into account the evolving threat landscape, annual metrics, and other relevant information to identify priorities and guide R&D requirements and investments…plan issued every 4 years …updates as needed.  Innovation and Research & Development: DHS in coordination with OSTP, SSA’s, Commerce and other Federal D&A, shall provide input to align those Federal and Federally-funded R&D activities that seek to strengthen the security and resiliency of the Nation’s critical infrastructure, including:  Promoting R&D to enable the secure and resilient design and construction of critical infrastructure and more secure accompanying cyber technology;  Enhancing modeling capabilities to determine potential impacts … and cascading effects;  Facilitating initiatives to incentivize cyber security investments and the adoption of critical infrastructure design features that strengthen all-hazards security and resilience;  Prioritizing efforts to support the strategic guidance issued by the Secretary.  Working Group headed up by DHS S&T 19

20 Presenter’s Name June 17, 2003 How to Engage  National Infrastructure Protection Plan process  Review and comment on Draft Documents   Provide input through dialogue on IdeaScale -- http://eoppd.ideascale.com  Encourage partners to review and provide input  PPD/EO Integrated Task Force Weekly Stakeholder Bulletin  Current status of activities  List of upcoming Open Forums, Webinars and other Engagement Opportunities  Contact for more  Also R& for R&D plan information, participationR& 20

21 DHS S&T Mission Strengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise 1)Create new technological capabilities and knowledge products 2)Provide Acquisition Support and Operational Analysis 3)Provide process enhancements and gain efficiencies 4)Evolve US understanding of current and future homeland security risks and opportunities 21 FOCUS AREAS Bio Explosives Cybersecurity First Responders Resilient Systems Borders / Maritime

22 Presenter’s Name June 17, 2003 Cyber Security Focus Areas  Trustworthy Cyber Infrastructure  Working with the global Internet community to secure cyberspace  Research Infrastructure to Support Cybersecurity  Developing necessary research infrastructure to support R&D community  R&D Partnerships  Establishing R&D partnerships with private sector, academia, and international partners  Innovation and Transition  Ensuring R&D results become real solutions  Cybersecurity Education  Leading National and DHS cybersecurity education initiatives 22

23 Presenter’s Name June 17, 2003 Trustworthy Cyber Infrastructure  Secure Protocols  DNSSEC – Domain Name System Security  Govt and private sector worked together to make this happen  Started in 2004; now 111 top level (gTLD) and country code (ccTLD) domains adopted globally including the Root  SPRI – Secure Protocols for Routing Infrastructure  Internet Measurement and Attack Modeling  Geographic mapping of Internet resources  Logically and/or physically connected maps of Internet resources  Monitoring and archiving of BGP route information  Co-funding with Australia 23

24 Presenter’s Name June 17, 2003 Research Infrastructure  Experimental Research Testbed (DETER)  Researcher and vendor-neutral experimental infrastructure  Used by over 200 organizations from more than 20 states and 17 countries  Used by over 40 classes, from 30 institutions involving 2,000+ students   Research Data Repository (PREDICT)  Repository of network data for use by the U.S.- based cyber security research community  More than 200 users (academia, industry, gov’t); Over 600TB of network data; Tools are used by major service providers and many companies  Phase 2: New datasets, ICTR Ethics, International (CA, AUS, JP, EU)   Software Assurance Market Place (SWAMP)  A software assurance testing and evaluation facility and the associated research infrastructure services 24

25 Presenter’s Name June 17, 2003 R&D Partnerships  Oil and Gas Sector  LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity  Electric Power Sector  TCIPG – Trustworthy Computing Infrastructure for the Power Grid  Banking and Finance Sector  FI-VICS – Financial Institutions – Verification of Identity Credential Service  DECIDE – Distributed Environment for Critical Incident Decision-making Exercises (recent Quantum Dawn II exercise)  State and Local  PRISEM - Public Regional Information Security Event Management  PIV-I/FRAC TTWG – State and Local and Private Sector First Responder Authentication Credentials and Technology Transition  Law Enforcement  SWGDE – Special Working Group on Digital Evidence (FBI lead)  CFWG – Cyber Forensics Working Group (CBP, ICE, USSS, FBI, S/L) 25

26 Presenter’s Name June 17, 2003  International Bilateral Agreements  Government-to-government cooperative activities for 13 bilateral Agreements S&T International Engagements Canada (2004) Australia (2004) United Kingdom (2005) Singapore (2007) Sweden (2007) Mexico (2008) Israel (2008) France (2008) Germany (2009) New Zealand (2010) European Commission (2010) Spain (2011) Netherlands (2013) COUNTRYPROJECTSMONEY INJOINTMONEY OUT Australia3$300K$400K Canada11$1.8M Germany1$300K Israel2$100K Netherlands7$450K$1.2M$150K Sweden4$650K United Kingdom3$1.2M$400K European Union1 Japan1 Over $6M of International co-funding

27 Presenter’s Name June 17, 2003 CSD R&D Execution Model Ironkey – Secure USB – Standard Issue to S&T employees from S&T CIO – Acquired by Imation Komoku – Rootkit Detection Technology – Acquired by Microsoft HBGary – Memory and Malware Analysis – Over 100 pilot deployments as part of Cyber Forensics Endeavor Systems – Malware Analysis tools – Acquired by McAfee Stanford – Anti-Phishing Technologies – Open source; most browsers have included Stanford R&D Secure Decisions – Data Visualization – Pilot with DHS/NCSD/US-CERT; Acquisition Successes Research Development Test and Evaluation & Transition (RDTE&T) Example: DARPA has provided $9M to CSD for development and transition of Military Networking Protocol (MNP) technology and has started discussions for testing and evaluation of Automated Malware Analysis technology

28 Presenter’s Name June 17, 2003 Transition To Practice (TTP) Program 28 R&D Sources  DOE National Labs  FFRDC’s (Federally Funded R&D Centers)  Academia  Small Business Transition processes  Testing & evaluation  Red Teaming  Pilot deployments Utilization  Open Sourcing  Licensing  New Companies  Adoption by cyber operations analysts  Direct private- sector adoption  Government use  Implement Presidential Memorandum – “Accelerating Technology Transfer and Commercialization of Federal Research in Support of High-Growth Businesses” (Oct 28, 2011)

29 A N ATIONAL P ROBLEM 29  The Nation needs greater cybersecurity awareness and more cybersecurity experts.  There is a lack of communication between government, private industry, and academia.  Many cybersecurity training programs exist but there is little consistency among programs, and potential employees lack information about the skills needed for jobs.  Cybersecurity Career development and scholarships are available but uncoordinated, and the resources that do exist are difficult to find. NICE was established in support of the Comprehensive National Cybersecurity Initiative (CNCI) – Initiative 8: Expand Cyber Education – Interim Way Forward and is comprised of over 20 federal departments and agencies.

30 Presenter’s Name June 17, 2003 Cybersecurity Education  Cyber Security Competitions (  National Initiative for Cybersecurity Education (NICE)  NCCDC (Collegiate); U.S. Cyber Challenge (High School)  Provide a controlled, competitive environment to assess a student’s depth of understanding and operational competency in managing the challenges inherent in protecting a corporate network infrastructure and business information systems.  DHS Cyber Skills Task Force (CSTF)  Established June 6, 2012 - Homeland Security Advisory Council  Over 50 interviews (DHS internal and external)  Identify best ways DHS can foster the development of a national security workforce capable of meeting current and future cybersecurity challenges;  Outline how DHS can improve its capability to recruit and retain sophisticated cybersecurity talent.  11 recommendations in 5 key areas 30

31 DHS Cyber Skills Task Force (CSTF) - Objectives  Objective I: Ensure that the people given responsibility for mission-critical cybersecurity roles and tasks at DHS have demonstrated that they have high proficiency in those areas.  Objective II: Help DHS employees develop and maintain advanced technical cybersecurity skills and render their working environment so supportive that qualified candidates will prefer to work at DHS.  Objective III: Radically expand the pipeline of highly qualified candidates for technical mission-critical jobs through partnerships with community colleges, universities, organizers of cyber competitions, and other federal agencies.  Objective IV: Focus the large majority of DHS’s near term efforts in cybersecurity hiring, training, and human capital development on ensuring that the Department builds a team of approximately 600 federal employees with mission-critical cybersecurity skills.  Objective V: Establish a “CyberReserve” program to ensure a cadre of technically proficient cybersecurity professionals are ready to be called upon if and when the nation needs them. 31

32 ICE Homeland Security Investigations (HSI) Cyber Student Initiative (7/10/13)  36 HSI offices volunteered to participate  291 Applicants of which 203 were Qualified Applicants  27 Candidates Selected (of which 2 declined) – Atlanta, Baltimore, Boston, Buffalo, Charleston, Charlotte, Chicago, Denver, El Paso, Long Beach, Los Angeles, New York, Orlando, Pensacola, Philadelphia, Phoenix, San Antonio, San Francisco, Savannah, Seattle, DC.  Twenty three (23) candidates employed between July- September 2013 32

33 Intern Program – Round 1 33 Number of InternsEOD DateCollegeLocation 1intern7/22/13 Chattahoochee Technical College Atlanta, GA 1 intern7/15/13 Anne Arundel Community College Baltimore, MD 1 intern Anne Arundel Community College Baltimore, MD 1 intern Bunker Hill Community College Boston, MA 1intern Westchester Community College Buffalo, NY 1 intern Trident Technical College Charleston, NC 1 intern Central Piedmont Community College Charlotte, NC 1 intern7/22/13 Moraine Valley Community College Chicago, IL 1 intern Garden City Community College Denver, CO 1 intern Community College of Denver Denver, CO 1 intern El Paso Community College El Paso, TX 1 intern Prince George’s Community College Fairfax, VA (C3) 1 intern DeVry University Los Angeles, CA 1 intern7/09/13 New York Institute Technology New York, NY 1 intern7/09/13 SUNY Orange Middletown NY New York, NY 1 intern7/09/13 Valencia College Orlando, FL 1 intern Valencia College Orlando, FL 1 intern7/08/13 Pensacola State College Pensacola, FL 1 internAnne Arundel Community CollegePhiladelphia, PA 1 intern7/09/13Mesa Community CollegePhoenix, AZ 1 internAlamo CollegesSan Antonio, TX 1 intern7/08/13Diablo Valley CollegeSan Francisco, CA 1 internCochise CollegeSan Francisco, CA 1 internEdmonds Community CollegeSavannah, GA 1 internChattahoochee Technical CollegeSeattle, WA

34 Presenter’s Name June 17, 2003 White House Priorities – FY14+  Secure Federal Networks  Identity/Credential Access Mgmt (ICAM), Cloud Exchange, Fed-RAMP  Protect Critical Infrastructure  Public-Private Cyber Coordination, EO/PPD Initiatives  Improve Incident Response and Reporting  Information Sharing among Federal Centers  Capacity Building for State/Local/Tribal/Territorial (SLTTs)  Engage Internationally  Foreign Assistance Capacity Building  Build Workforce Capacity to Support International Cyber Engagement  Shape the Future  National Strategy for Trusted Identity in Cyberspace (NSTIC)  National Initiative for Cybersecurity Education (NICE)  Cybersecurity R&D – EO/PPD R&D Plan, Federal R&D Plan, Transition To Practice, Foundational Research 34

35 Presenter’s Name June 17, 2003  Cyber Physical Systems (CPS)  “Smart networked systems with embedded sensors, processors and actuators that are designed to sense and interact with the physical world (including the human users), and support real-time, guaranteed performance in safety-critical applications”  Several workshops over the past year or two  Transportation  Automotive, UAVs, Aeronautical, Rail  Manufacturing  Healthcare  Energy  Agriculture  Defense  Emergency Response  Others …..  All with an eye towards society, economics, and impact Future - Inter-Agency: CPS 35

36 Presenter’s Name June 17, 2003 CSD New Program Ideas  Security for Cloud-Based Systems  Data Privacy Technologies  Mobile Wireless Investigations  Mobile Device Security  Next-Generation DDOS Defenses  Application Security Threat Attack Modeling (ASTAM)  Static Tool Analysis Modernization Project (STAMP)  Network Reputation and Risk Analysis  Data Analytics Methods for Cyber Security  Cyber Security Education  Designed-In Security  Finance Sector Cybersecurity  DNSSEC Applications  Data Provenance for Cybersecurity  Cyber Economic Incentives – based on EO/PPD 36

37 Programs for U. S. Small Business  Small Business Innovation Research (SBIR) Set-aside program for small business concerns to engage in federal R&D -- with potential for commercialization  Small Business Technology Transfer (STTR) Set-aside program to facilitate cooperative R&D between small business concerns and research institutions -- with potential for commercialization 2.5%.3%

38 PHASE I Feasibility Study $100K (in general) and 6 month effort (amounts are changing) PHASE III Commercialization Stage Use of non-SBIR Funds PHASE II Full Research/R&D $750K and 24 month effort (amounts are changing) Commercialization plan required SBIR - A 3 Phase Program

39 Agency SBIR Differences  Number and timing of solicitations  R&D Topic Areas – Broad vs. Focused  Dollar Amount of Award (Phase I and II)  Proposal preparation instructions  Financial details (e.g., Indirect Cost Rates)  Proposal review process  Proposal success rates  Types of award  Commercialization assistance  And more…………

40  FY04  Cross-Domain Attack Correlation Technologies (2)  Real-Time Malicious Code Identification (2)  Advanced SCADA and Related Distributed Control Systems (5)  FY05  Hardware-assisted System Security Monitoring (4)  FY06  Network-based Boundary Controllers (3)  Botnet Detection and Mitigation (4)  FY07  Secure and Reliable Wireless Communication for Control Systems (2) Small Business Innovative Research (SBIR)  FY09  Software Testing and Vulnerability Analysis (3)  FY10  Large-Scale Network Survivability, Rapid Recovery, and Reconstitution (1)  FY11  Mobile Device Forensics (1)  FY12  Moving Target Defense (2)  Solid State Drive (SSD) Analysis (1)  FY13  Hybrid Analysis Mapping  Software Based Roots of Trust for Enhanced Mobile Device Security 40

41 Small Business Innovative Research (SBIR)  Important program for creating new innovation and accelerating transition into the marketplace  Since 2004, DHS S&T Cyber Security has had:  74 Phase I efforts  28 Phase II efforts  4 Phase II efforts currently in progress  10 commercial/open source products available  Four acquisitions  Komoku, Inc. (MD) acquired by Microsoft in March 2008  Endeavor Systems (VA) acquired by McAfee in January 2009  Solidcore (CA) acquired by McAfee in June 2009  HBGary (CA) acquired by ManTech in February 2012 41

42 Cyber Security R&D Broad Agency Announcement (BAA)  Delivers both near-term and medium-term solutions  To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure, based on customer requirements  To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging cybersecurity systems;  To facilitate the transfer of these technologies into operational environments.  Proposals Received According to 3 Levels of Technology Maturity Type I (New Technologies) Applied Research Phase Development Phase Demo in Op Environ. Funding ≤ $3M & 36 mos. Type II (Prototype Technologies) More Mature Prototypes Development Phase Demo in Op Environ. Funding ≤ $2M & 24 mos. Type III (Mature Technologies) Mature Technology Demo Only in Op Environ. Funding ≤ $750K & 12 mos. Note: Technology Demonstrations = Test, Evaluation, and Pilot deployment in DHS “customer” environments 42

43 DHS S&T Long Range Broad Agency Announcement (LRBAA) 12-07  S&T seeks R&D projects for revolutionary, evolving, and maturing technologies that demonstrate the potential for significant improvement in homeland security missions and operations  Offerors can submit a pre-submission inquiry prior to White Paper submission that is reviewed by an S&T Program Manager  CSD has 18 Topic Areas (CSD.01 – CSD.18) – SEE NEXT SLIDE  LRBAA 12-07 has been extended and closes on 12/31/13  S&T BAA Website:  Additional information can be found on the Federal Business Opportunities website ( (Solicitation #:DHSS- TLRBAA12-07) 43

44  CSD.01 – Comprehensive National Cybersecurity Initiative and Federal R&D Strategic Plan topics  CSD.02 – Internet Infrastructure Security  CSD.03 – National Research Infrastructure  CSD.04 –Homeland Open Security Technology  CSD.05 – Forensics support to law enforcement  CSD.06 – Identity Management  CSD.07 – Data Privacy and Information Flow technologies.  CSD.08 – Software Assurance  CSD.09 – Cyber security competitions, education and curriculum development. LRBAA Summary Listing  CSD.10 – Process Control Systems and Critical Infrastructure Security  CSD.11 – Internet Measurement and Attack Modeling  CSD.12 – Securing the mobile workforce  CSD.13 - Security in cloud based systems  CSD.14 – Experiments – Test and evaluation in experimental operational environments to facilitate transition.  CSD.15 – Research Data Repository  CSD.16 – Cybersecurity Economic Incentives  CSD.17 – Data Analytics – analysis techniques, visualization,  CSD.18 – Tailored Trustworthy Spaces – trust negotiation, app anonymity 44

45 Presenter’s Name June 17, 2003 Summary  Cybersecurity research is a key area of innovation to support our global economic and national security futures  DHS S&T continues with an aggressive cyber security research agenda  Working to solve the cyber security problems of our current (and future) infrastructure and systems  Working with academe and industry to improve research tools and datasets  Looking at future R&D agendas with the most impact for the nation  Need to continue strong emphasis on technology transfer and experimental deployments  Must focus on the education, training, and awareness aspects of our current and future cybersecurity workforce 45

46 Presenter’s Name June 17, 2003 Recent CSD Publications 46

47 Presenter’s Name June 17, 2003 For more information, visit Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) 202-254-6145 / 202-360-3170 47


Download ppt "Homeland Security Advanced Research Projects Agency An Update on the Cyber Security R&D Landscape December 4, 2013 SINET Showcase Douglas Maughan Division."

Similar presentations

Ads by Google