current r&d initiatives in cybersecurity
DESCRIPTION
Dept. of Homeland Security Science & Technology Directorate. Current R&D Initiatives in Cybersecurity. UMD / Google College Park, MD December 1, 2011. Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) - PowerPoint PPT PresentationTRANSCRIPT
Current R&D Initiatives in Cybersecurity
UMD / GoogleCollege Park, MDDecember 1, 2011
Dept. of Homeland Security Science & Technology Directorate
Douglas Maughan, Ph.D.Division DirectorCyber Security DivisionHomeland Security Advanced Research Projects Agency (HSARPA)[email protected] / 202-360-3170
2
Cyberspace Definitions
12 October 2011
“Cyberspace is [our nation’s critical
infrastructures’] nervous system—the control
system of our country. Cyberspace is composed
of hundreds of thousands of interconnected
computers, servers, routers, switches, and fiber
optic cables that allow our critical infrastructures
to work.” National Strategy to Secure
Cyberspace, 2003
“Cyberspace means the
interdependent network of IT
infrastructures, and includes the
internet, telecomms networks,
computer systems, and embedded
processors and controllers in critical
industries” NSPD 54, 8 Jan 2008
“A cyber environment includes users, networks, devices, all software, processes,
information in storage or transit, applications,
services, and systems that can be connected
directly or indirectly to networks. International
Telecommunications Union X.1205, Overview of Cybersecurity, Oct 2008
“The terms cyber security and
information assurance refer to measures
for protecting computer systems,
networks, and information from
disruption or unauthorized access, use,
disclosure, modification, or destruction.”
Federal Plan for Cyber Security and
Information Assurance Research and
Development, Apr 2006
“The interdependent network of information and communications technology infrastructures, including the Internet, telecommunications networks, computer systems and networks, and embedded processors and controllers in facilities and industries.” White House Cyberspace Policy Review, May 2009
3
3
Comprehensive National Cybersecurity Initiative (CNCI)
Reduce the Number of Trusted Internet
Connections
Deploy Passive Sensors Across
Federal Systems
Pursue Deployment of Automated
Defense Systems
Coordinate and Redirect R&D Efforts
Establish a front line of defense
Connect Current Centers to Enhance
Situational Awareness
Develop Gov’t-wide Counterintelligence
Plan for Cyber
Increase Security of the Classified
NetworksExpand Education
Resolve to secure cyberspace / set conditions for long-term success
Define and Develop Enduring Leap Ahead
Technologies, Strategies & Programs
Define and Develop Enduring Deterrence
Strategies & Programs
Manage Global Supply Chain Risk
Cyber Security in Critical Infrastructure
Domains
Shape future environment / secure U.S. advantage / address new threats
http://cybersecurity.whitehouse.gov 1 December 2011
NITRD Structure for Cybersecurity R&D Coordination
4
National Coordination Office for NITRD
National Science and Technology Council
NITRD Subcommittee
OMBOSTP
Cyber Security and Information AssuranceInteragency Working Group
(CSIA IWG)
Special Cyber Operations Research and
Engineering (SCORE) Interagency Working Group
Cybersecurity R&D Senior Steering Group
Senior representatives from agencies conducting NIT R&D
Senior representatives from agencies with national cybersecurity missionsNational security
systems R&D
Program managers with cybersecurity R&D portfolios
1 December 2011
5
Agency / Org Research Agenda Researchers Customers / ConsumersNational Science Foundation (NSF)
SW engineering/protection, HW/FW security, mobile wireless and sensor networks, trustworthy computing ; Several academic centers
Academics and Non-Profits
Basic Research - No specific customers
Defense Advanced Research Projects Agency (DARPA)
Mostly classified; unclassified topics are focused on basic research; National Cyber Range
Few academics; large system integrators; research and government labs
Mostly DOD; most solutions are GOTS, not COTS
National Security Agency (NSA)
Information Assurance Automation (ISAP), SELinux; Networking theory; CAEIAE centers
Mostly in-house Intelligence community; some NSA internal; some open source
Intelligence Advanced Research Projects Agency (IARPA)
Automatic Privacy Protection (APP,) Securely Taking on New Executable Software of Uncertain Provenance (STONESOUP)
Mostly research labs, system integrators, and national labs; Some academics
Intelligence community
National Institute of Standards & Technology (NIST)
Trusted Identities in Cyberspace, National Initiative for Cybersecurity Education (NICE)
In-house; Most R&D funding comes from other agencies
Federal agencies with some impact on state and locals
Department of Homeland Security (DHS) S&T
All unclassified; Secure Internet Protocols; Process Control Systems (PCS), Emerging Threats, Insider Threat, Cyber Forensics; Software Assurance, Open Security Technologies, Next Generation Technologies
Blend of academics, research and government labs, non-profits, private sector and small business
DHS Components (including NPPD, USSS, FLETC, FEMA, ICE, CBP); CI/KR Sectors; USG and Internet and Private Sector
Federal Gov’t Cyber Research Community
6
Federal Cybersecurity Research and Development
Program: Strategic Plan
1 December 2011
Federal Cybersecurity R&D Strategic Plan Research Themes
Tailored Trustworthy Spaces Moving Target Defense Cyber Economics and Incentives Designed-In Security (New for FY12)
Science of Cyber Security Transition to Practice
Technology Discovery Test & Evaluation / Experimental Deployment Transition / Adoption / Commercialization
Support for National Priorities Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education),
Financial Services
71 December 2011
Quadrennial Homeland Security Review
8
The Core Missions
1. Preventing terrorism and enhancing security;
2. Securing and managing our borders;
3. Enforcing and administering our immigration laws;
4. Safeguarding and securing cyberspace; and
5. Ensuring resilience to disasters.
Mission 6: Maturing and Strengthening the Homeland Security Enterprise
Foster Innovative Solutions Through Science and Technology
• Ensure scientifically informed analyses and decisions are coupled to effective technological solutions
• Conduct scientific assessments of threats and vulnerabilities
• Foster collaborative efforts involving government, academia, and the private sector to create innovative approaches to key homeland security challenges 1 December 2011
9
DHS S&T MissionStrengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise
1 December 2011
101 December 2011
Cyber Security Division (CSD) R&D Execution Model
11
Sample Product List Ironkey – Secure USB
Standard Issue to S&T employees from S&T CIO Coverity – Open Source Hardening (SCAN)
Analyzes 150+ open source software packages daily (later) USURF – Cyber Exercise Planning tool
Recently used in MA & WA state cyber exercises Secure64 – DNSSEC Automation
Several commercial customers; Government pilots underway
HBGary – Memory and Malware Analysis 12-15 pilot deployments as part of Cyber Forensics
program
1 December 2011
12
Sample Product List - 2 Grammatech – Binary Analysis tools
Used by several Intel agencies; commercially available Telcordia – Automated Vulnerability Analysis
In use by DOD, SEC GMU – Network Topology Analysis (Cauldron)
In use at FAA, several commercial customers Stanford – Anti-Phishing Technologies
Open source; most browsers have included Stanford R&D Secure Decisions – Data Visualization
Pilot with DHS/NCSD/US-CERT in progress
1 December 2011
131 December 2011
Cyber Security Program Areas Research Infrastructure to Support Cybersecurity
(RISC) Trustworthy Cyber Infrastructure (TCI) Cyber Technology Evaluation and Transition (CTET) Foundational Elements of Cyber Systems (FECS) Cybersecurity User Protection and Education (CUPE)
14
Research Infrastructure (RISC) Experimental Research Testbed (DETER)
Researcher and vendor-neutral experimental infrastructure DETER - http://www.isi.edu/deter/
Research Data Repository (PREDICT) Repository of network data for use by the U.S.- based
cyber security research community PREDICT – https://www.predict.org
Software Quality Assurance (SWAMP) A software assurance testing and evaluation facility and the
associated research infrastructure services
1 December 2011
15
Trustworthy Cyber Infrastructure Secure Protocols
DNSSEC – Domain Name System Security SPRI – Secure Protocols for Routing Infrastructure
Process Control Systems LOGIIC – Linking Oil & Gas Industry to Improve
Cybersecurity TCIPG – Trustworthy Computing Infrastructure for the
Power Grid Internet Measurement and Attack Modeling
Geographic mapping of Internet resources Logically and/or physically connected maps of Internet
resources Monitoring and archiving of BGP route information
1 December 2011
16
Evaluation and Transition (CTET) Assessment and Evaluations
Red Teaming of DHS S&T-funded technologies Experiments and Pilots
Experimental Deployment of DHS S&T-funded technologies into operational environments
Transition to Practice (CNCI) New FY12 Initiative
1 December 2011
17
Foundational Elements (FECS) Enterprise Level Security Metrics and Usability Homeland Open Security Technology (HOST) Software Quality Assurance Cyber Economic Incentives (CNCI)
New FY12 Initiative Leap Ahead Technologies (CNCI) Moving Target Defense (CNCI)
New FY12 Initiative Tailored Trustworthy Spaces (CNCI)
New FY12 Initiative
1 December 2011
18
Cybersecurity Users (CUPE) Cyber Security Competitions
National Initiative for Cybersecurity Education (NICE) NCCDC (Collegiate); U.S. Cyber Challenge (High School)
Cyber Security Forensics Support to DHS and other Law
Enforcement customers Identity Management
National Strategy for Trusted Identities in Cyberspace (NSTIC)
Data Privacy Technologies New Start in FY13
7-10 November 2011
19
DHS S&T Cybersecurity Program
1 December 2011
PEOPLE
SYSTEMS
INFRASTRUCTURE
RESEARCH INFRASTRUCTURE
Secure Protocols
Identity ManagementEnterprise Level Security Metrics &
UsabilityData PrivacyCyber ForensicsCompetitions
Process Control SystemsInternet Measurement & Attack
Modeling
Experimental Research Testbed (DETER)Research Data Repository (PREDICT)Software Quality Assurance (SWAMP)
Software Quality Assurance Homeland Open Security Technology Experiments & PilotsAssessments & Evaluations
Cyber Economic IncentivesMoving Target DefenseTailored Trustworthy
SpacesLeap Ahead Technologies Transition To Practice
207-10 November 2011
Small Business Innovative Research (SBIR) FY04
Cross-Domain Attack Correlation Technologies (2) Real-Time Malicious Code Identification (2) Advanced SCADA and Related Distributed Control Systems (5)
FY05 Hardware-assisted System Security Monitoring (4)
FY06 Network-based Boundary Controllers (3) Botnet Detection and Mitigation (4)
FY07 Secure and Reliable Wireless Communication for Control Systems (2)
FY09 Software Testing and Vulnerability Analysis (3)
FY10 Large-Scale Network Survivability, Rapid Recovery, and Reconstitution (1)
FY11 Mobile Device Forensics
FY12 Moving Target Defense
217-10 November 2011
Small Business Innovative Research (SBIR) Important program for creating new innovation and
accelerating transition into the marketplace Since 2004, DHS S&T Cyber Security has had:
60 Phase I efforts 27 Phase II efforts 4 Phase II efforts currently in progress 9 commercial/open source products available Three acquisitions
Komoku, Inc. (MD) acquired by Microsoft in March 2008 Endeavor Systems (VA) acquired by McAfee in January 2009 Solidcore (CA) acquired by McAfee in June 2009
22
HSARPA Cyber Security R&D Broad Agency Announcement (BAA) 11-02 Delivers both near-term and medium-term solutions
To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure, based on customer requirements
To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging cybersecurity systems;
To facilitate the transfer of these technologies into operational environments.
Proposals Received According to 3 Levels of Technology Maturity
1 December 2011
Type I (New Technologies) Applied Research Phase Development Phase Demo in Op Environ. Funding ≤ $3M & 36 mos.
Type II (Prototype Technologies) More Mature Prototypes Development Phase Demo in Op Environ. Funding ≤ $2M & 24 mos.
Type III (Mature Technologies) Mature Technology Demo Only in Op Environ. Funding ≤ $750K & 12 mos.
Note: Technology Demonstrations = Test, Evaluation, and Pilot deployment in DHS “customer” environments
231 December 2011
Technical Topic Areas (TTAs) TTA-1 Software Assurance DHS, FSSCC TTA-2 Enterprise-level Security Metrics DHS, FSSCC TTA-3 Usable Security DHS, FSSCC TTA-4 Insider Threat DHS, FSSCC TTA-5 Resilient Systems and Networks DHS, FSSCC TTA-6 Modeling of Internet Attacks DHS TTA-7 Network Mapping and Measurement DHS TTA-8 Incident Response Communities DHS TTA-9 Cyber Economics CNCI TTA-10 Digital Provenance CNCI TTA-11 Hardware-enabled Trust CNCI TTA-12 Moving Target Defense CNCI TTA-13 Nature-inspired Cyber Health CNCI TTA-14 Software Assurance MarketPlace S&T
(SWAMP)
241 December 2011
Timeline of Past Research Reports
1997 1998 2000 2001 2003 2004 2005 20061999 2002 2007
President’s Commission on CIP (PCCIP)NRC CSTB Trust in Cyberspace
I3P R&D AgendaNational Strategy to Secure Cyberspace
Computing Research Association – 4 ChallengesNIAC Hardening the Internet
PITAC - Cyber Security: A Crisis of PrioritizationIRC Hard Problems List
NSTC Federal Plan for CSIA R&DNRC CSTB Toward a Safer and More Secure Cyberspace
All documents available at http://www.cyber.st.dhs.gov
251 December 2011
A Roadmap for Cybersecurity Research http://www.cyber.st.dhs.gov
Scalable Trustrworthy Systems Enterprise Level Metrics System Evaluation Lifecycle Combatting Insider Threats Combatting Malware and Botnets Global-Scale Identity Management Survivability of Time-Critical
Systems Situational Understanding and Attack
Attribution Information Provenance Privacy-Aware Security Usable Security
26
So what if I take over a botnet to do my research?
An examination of the current state of Ethics in Information and Communications Technology Research
1 December 2011
27
What are ethics? “The field of ethics (or moral philosophy) involves
systematizing, defending, and recommending concepts of right and wrong behavior.”
Normative ethics, is concerned with developing a set of morals or guiding principles intended to influence the conduct of individuals and groups within a population (i.e., a profession, a religion, or society at large).
1 December 2011
28
Ethics != Law “Law can be defined as a consistent set of universal rules that
are widely published, generally accepted, and usually enforced”
Interrelated but by no means identical (e.g., legal but not ethical, ethical but not legal) Adherence to ethical principles may be required to meet regulatory
requirements surrounding academic research A law may illuminate the line between beneficial acts and harmful
ones. If the computer security research community develops ethical
principals and standards that are acceptable to the profession and integrates those as standard practice, it makes it easier for legislatures and courts to effectively perform their functions.
1 December 2011
29
(Normative) Computer Ethics
“A typical problem in computer ethics arises because there is a policy vacuum about how computer technology should be used. Computers provide us with new capabilities and these in turn give us new choices for action. Often, either no policies for conduct in these situations exist or existing policies seem inadequate. A central task of computer ethics is to determine what we should do in such cases, i.e., to formulate policies to guide our actions.”
- James Moor, 19851 December 2011
30
The Belmont Report
IRBs help ensure that research conforms with the ethical principles of the Belmont Report
"Ethical Principles and Guidelines for the Protection of Human Subjects of Research”, US Department of Health, Education, and Welfare, April 18,1979
1 December 2011
31
What is the role of an IRB?Institutional Review Board (IRBs) are responsible for:
Protecting “human subjects” involved in research
Proper informed consent – or waiver of consentSpecial protections for vulnerable populationsStrong privacy and confidentiality protectionsCan allow deception in some research
IRBs generally review medical or social/behavioral/educational research, not network/security research.
Question: Should the IRB review network/security research?
1 December 2011
32
What is a “human subject” ?
The Federal human subjects regulations (45 CFR 46.102(f)) define a human subject as:
“a living individual about whom an investigator…conducting research obtains either:
(1) data through intervention or interaction with
the individual -OR-
(2) identifiable private information.”
1 December 2011
33
What is Network and Security Research?Network and Security Research, or Information
Communication Technology (ICT) Research involves:
the collection, use and disclosure of information collected via networks or using hardware and software associated with information technology
Examples include:
Phishing experiments Botnets Honeypots Analysis of internet network traffic
1 December 2011
34
Ethical Challenges in ICT ResearchICT research differs from traditional human subjects research which
poses new ethical challenges:
Interactions with humans are often indirect with intervening technology
It is often not feasible to obtain informed consent
Deception may be necessary
There are varying degrees of linkage between data and individuals’ identities for behaviors
Researchers can easily engage millions of “subjects” and billions of associated data “objects” simultaneously.
1 December 2011
35
Comparing ICTR and Medical Research
How is ICTR like researching health issues? Identity of subjects Risk of harm to subjects Subjects of research are also the beneficiaries
How is ICTR not like researching health issues? Research “subjects” could be criminals, their tools, or computers
owned by innocent 3rd parties Researchers are sometimes indistinguishable from criminals
controlling a botnet Viruses/cancers don’t adapt due to our publications Harm primarily financial, but unintended consequences could
affect uninvolved 3rd parties (and their customers)
1 December 2011
36
The Menlo Report"Ethical Principles Guiding Information and Communication Technology Research” Supported by US Department of Homeland Security (unpublished 2011).
Belmont Principle Menlo Application
Respect for Persons Identify stakeholdersInformed consent
Beneficence Identify potential benefits and harmsBalance risks and benefitsMitigate realized harms
Justice Fairness and equity
Additional Menlo Principle: Respect for the Law and Public Interest
ComplianceTransparency and accountability
1 December 2011
37
Problem: The U.S. is not producing enough computer scientists and CS degrees
• CS/CE enrollments are down 50% from 5 years ago1
• CS jobs are growing faster than the national average2
1Taulbee Survey 2006-2007, Computer Research Association, May 2008 Computing Research News, Vol. 20/No. 32Nicholas Terrell, Bureau of Labor Statistics, STEM Occupations, Occupational Outlook Quarterly, Spring 2007
Taulbee Survey, CRA BLS
Computer Science/STEM have been the basis for American growth for 60 years
The gap in production of CS threatens continued growth and also national security
Defense, DHS, CNCI and industry all need more CS and CE competencies now
Our Education Problem
1 December 2011
38
National Initiative for Cybersecurity Education (NICE) National Cybersecurity Awareness (Lead: DHS).
Public service campaigns to promote cybersecurity and responsible use of the Internet
Formal Cybersecurity Education (Co-Leads: DoEd and OSTP). Education programs encompassing K-12, higher education, and vocational
programs related to cybersecurity Federal Cybersecurity Workforce Structure (Lead: OPM).
Defining government cybersecurity jobs and skills and competencies required. New strategies to ensure federal agencies attract, recruit, and retain skilled
employees to accomplish cybersecurity missions. Cybersecurity Workforce Training and Professional
Development (Tri-Leads: DoD, ODNI, DHS). Cybersecurity training and professional development required for federal
government civilian, military, and contractor personnel. 1 December 2011
391 December 2011
CCDC Mission The mission of the Collegiate Cyber Defense Competition
(CCDC) system is to provide institutions with an information assurance or computer security curriculum a controlled, competitive environment to assess a student's depth of understanding and operational competency in managing the challenges inherent in protecting a corporate network infrastructure and business information systems.
CCDC Events are designed to: Build a meaningful mechanism by which institutions of higher
education may evaluate their current educational programs Provide an educational venue in which students are able to apply the
theory and practical skills they have learned in their course work Foster a spirit of teamwork, ethical behavior, and effective
communication both within and across teams Create interest and awareness among participating institutions and
students
401 December 2011
U.S. Cyber Challenge
DC3 Digital Forensics Challenge An Air Force Association national high school cyber
defense competition CyberPatriot Defense Competition
A Department of Defense Cyber Crime Center competition focusing on cyber investigation and forensics
Netwars Capture-the-Flag Competition A SANS Institute challenge testing mastery of
vulnerabilities
41
Summary Cybersecurity research is a key area of innovation
needed to support our future DHS S&T continues with an aggressive cyber
security research agenda Working to solve the cyber security problems of our
current (and future) infrastructure and systems Working with academe and industry to improve research
tools and datasets Looking at future R&D agendas with the most impact for
the nation, including education Need to continue strong emphasis on technology
transfer and experimental deployments
1 December 2011
421 December 2011
For more information, visithttp://www.cyber.st.dhs.gov
Douglas Maughan, Ph.D.Division DirectorCyber Security DivisionHomeland Security Advanced Research Projects Agency (HSARPA)[email protected] / 202-360-3170