1. 1 Opportunities for Cyber Trust Researchers at IARPA Carl Landwehr NICIAR Program Manager Intelligence Advanced Research Projects Activity (IARPA) 301-226-9100 email: CarlL@dni.gov

2. 2 The Nation’s Intelligence Community New DNI, Mike McConnell: Intelligence Community Integration Acquisition emphasis Information sharing: Need to know vs. responsibility to provide Analyst at the center: Know the customer needs Know the sensors and source

3. 3 IARPA Genesis Created 1 Oct. 2007 –Within the Office of the Director of National Intelligence First Director: Dr. Lisa Porter, on board Feb. 2008 Extra-mural research, driven by Program Managers Mix of unclassified and classified research programs Unclassified research largely solicited through targeted BAAs Watch FedBizOpps for opportunities IARPA Web site coming soon: –Keep your eye on www.iarpa.gov !www.iarpa.gov Location: College Park, MD Rotational staff of Program Managers –People with new program ideas encouraged to apply!

4. 4 IARPA No kidding, high-risk/high payoff research –This is NOT about “quick wins,” “low-hanging fruit,” “sure things”, etc. –Failure is completely acceptable as long as It is not due to failure to maintain technical or programmatic integrity Results are fully documented Best and brightest –Competitive awards and world-class PMs –Every IARPA program will start with a good idea and a good person to lead it. Without both, IARPA will not start a program. Cross community focus –Address cross-agency challenges –Leverage agency expertise (both R&D and operational perspectives) –Work transition strategies and plans The “P” in IARPA is very important –Each Program will have a clearly defined and measurable end-goal, typically 3-5 years out. Intermediate milestones to measure progress are also required –IARPA does not “institutionalize” programs –Fresh ideas and fresh perspectives are always coming in; status quo is constantly questioned

5. 5 The Heilmeier Questions 1.What are you trying to do? 2.How is it done now? Who does it? What are the limitations of present approaches? –Are you aware of the present state-of-the-art and have you thought through all the options? 3.What is new about your approach? Why do you think you can succeed at this time? –Given that you’ve provided clear answers to 1 & 2, have you created a compelling option? –What does a first order analysis of your approach reveal? 4.If you succeed, what difference will it make? –Why should we care? 5.How long will it take? How much will it cost? What are the mid-term and final exams? –What is your program plan? How will you measure progress? What are your milestones/metrics? What is your transition strategy?

6. 6 National Intelligence Community Information Assurance Research Program Vision: Level the cybersecurity playing field –Dramatically improve the fundamental trustworthiness of the NIC cyber infrastructure –Defend existing NIC cyber infrastructure from external and internal threats; enable operation despite attacks Goals: –Use accountability as a lever to reduce vulnerabilities and foster information sharing –Increase the attacker’s cost to penetrate NIC systems –Provide usable and flexible security mechanisms Flawed software Spoofable network protocols Complex security management Defense has an uphill battle!

7. 7 Goals Double attacker’s time/resource cost to compromise NIC systems through remote exploits –Unmodified system as baseline –Applications: reduce vulnerability windows in time (patch generation/installation, reconfiguration) and space (flaw/fault detection and removal) Decrease by half the time and effort required to attribute a specific computational event/information flow to a (human/software/hardware) initiator –Unmodified system as baseline –Applications: sanitization, information sharing (credit), leakage (blame) Stretch goal: Reduce by a factor of 10 the time/effort required to certify/accredit a new, conforming software component for use in a general purpose environment based on accountable information flow technologies –Existing system and certification/accreditation process as baseline

8. 8 Current NICIAR Research Topics Goals: Increase attacker’s cost Enable system operation during attack Improve system configuration assurance Technologies: Dynamic, diverse programs and systems Configuration specification and verification Goals: Incorporate accountable information flow mechanisms at all system layers Develop and demonstrate network designs in which today’s attacks are engineered out Technologies: Physical unclonable functions, secure coprocessors, static/dynamic analysis Large Scale System Defense Vulnerable monoculture Robust polyculture Intended configuration Actual configuration Accountable Information Flow

9. 9 NICECAP Timeline 1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12 1 200720062008 BAA release 4/24/06 35 Full Proposals invited 1/15/08 Proposals due 2/14/08 Round I Work begins 6/1/07 Contract negotiations begin 4/15/08 Topic areas:  Accountable Information flow  New focus area 10/07:  Privacy Protecting Technologies  Large scale system defense Updated BAA release 10/2/07 White papers due 11/2/07 (received ~ 135 WPs) Awards made 7/15/08 2009 NICECAP BAA available at (or Google (NICECAP)): http://www.fbo.gov/spg/USAF/AFMC/AFRLRRS/Reference-Number-BAA-06-11-IFKA/listing.html

10. 10 On the Horizon: Secure System Engineering Competitions How do we build systems of realistic scale that –Have a sound assurance argument –Can be extended without sabotaging it –Are usable and manageable How do we structure a competition to teach us these things? –What would be a compelling thing (or series of things) to build? –How would we evaluate it? –How would we measure progress? What toolkits could we make available to competitors?

11. 11 Thank You! Questions? Carl Landwehr NICIAR Program Manager 301-226-9100 email: CarlL@dni.govCarlL@dni.gov