homeland open security technologies (host)
DESCRIPTION
Homeland Open Security Technologies (HOST) Douglas Maughan, Program Manager, DHS S&T Cyber Security R&D ProgramTRANSCRIPT
DHS S&T Cyber Security RDTE&T Initiatives and Open SourceMIL-OSS ConferenceRosslyn, VAAugust 4, 2010
Dept. of Homeland Security Science & Technology Directorate
Douglas Maughan, Ph.D.
Branch Chief / Program Mgr.
202-254-6145 / 202-360-3170
24 August 2010
Open Source and Government
July 2001
Jan 2003 July 2004 June 2007
May 2003
StenbitMemo
MITREBus. Case
MITRESurvey
OMB Procurement
Memo
June 2006
OTDRoadmap
Launched Oct 2009
OTDPhase 2
DONCIOGuidance
DoD NIIGuidance
Oct 2009
PITACHPC
July 2001 2001 - 03
34 August 2010
Univ. of Pennsylvania
Network Associates Labs
WireXCommunications
DARPA Program (2001-2003) President’s Information Technology Advisory
Committee (PITAC) Report on Open Source Software (OSS) Panel for High Performance Computing (HPC)
Critical Findings1. Federal government should encourage the
development of Open Source Software. 2. Federal government should allow Open
Source development efforts to compete on a “level playing field” with proprietary solutions in government procurement
3. Government sponsored Open Source projects should choose from a small set of established Open Source licenses after analysis of each license and determination of which may be preferable.
44 August 2010
Science and Technology (S&T) Mission
Conduct, stimulate, and enable research, development, test, evaluation and timely transition of homeland security capabilities to federal, state and local operational end-users.
5
Cyber Security Program Areas Information Infrastructure Security Cyber Security Research Infrastructure Next Generation Technologies
Two new program areas – Cyber Forensics and Homeland Open Security Technology (HOST)
Research Horizon – What does it look like?
4 August 2010
6
Information Infrastructure Security DNSSEC – Domain Name System Security S&T has been leading global DNSSEC Deployment Initiative since 2004,
including roadmaps, workshops, testbed, pilots, software development, standards, outreach, and training Working with OMB, OSTP, GSA, NIST to ensure USG is leading the global
deployment efforts http://www.whitehouse.gov/omb/memoranda/fy2008/m08-23.pdf
Working with vendor community to ensure solutions http://dnssec-deployment.org/presentations/govsec2009.html
SPRI – Secure Protocols for Routing Infrastructure S&T has been leading global SPRI Initiative since 2008, including a
roadmap, workshops, testbed, software development, standards, and community outreach Working with global registries to deploy Public Key Infrastructure (PKI)
between ICANN/IANA and registries (e.g., ARIN) and ISPs/customers Working with IETF standards and industry to develop solutions for our current
routing security problems and future technologies Funding R&D for tools to facilitate deployment
Colorado State Univ, University of Oregon, UCLA, USC-ISI, PCH, NIST
July 6, 2010
7
Information Infrastructure Security - 2 LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity
A collaboration of oil and natural gas companies and DHS S&T to facilitate cooperative research, development, testing, and evaluation procedures to improve cyber security in Industrial Automation and Control Systems
Consortium under the Automation Federation TCIPG – Trustworthy Computing Infrastructure for the Power Grid
Partnership with DOE funded at UIUC with several partner universities and industry participation
Drive the design of an adaptive, resilient, and trustworthy cyber infrastructure for transmission & distribution of electric power, including new resilient “smart” power grid
DECIDE (Distributed Environment for Critical Infrastructure Decision-making Exercises) Provide a dedicated exercise capability to foster an effective, practiced
business continuity effort to deal with increasingly sophisticated cyber threats Enterprises will be able to initiate their own large-scale exercises, define their own
scenarios, protect their proprietary data, and learn vital lessons to enhance business continuity, all from their desktops
The Financial Services Sector Coordinating Council R&D Committee has organized a user-group of subject matter experts paid by their respective financial institutions to support the project over the next two years.
July 6, 2010
8
National Research Infrastructure DETER - http://www.isi.edu/deter/
Researcher and vendor-neutral experimental infrastructure that is open to a wide community of users to support the development and demonstration of next-generation cyber defense technologies
Over 170 users from 14 countries (and growing)
PREDICT – https://www.predict.org Repository of network data for use by the U.S.- based cyber
security research community Privacy Impact Assessment (PIA) completed Over 118 datasets and growing; Over 100 active users (and
growing)
End Goal: Improve the quality of defensive cyber security technologies
End Goal: Improve the quality of defensive cyber security technologies
4 August 2010
94 August 2010
Next Generation Technologies
http://baa.st.dhs.gov R&D funding model that delivers both near-term and
medium-term solutions: To develop new and enhanced technologies for the
detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure.
To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging systems;
To facilitate the transfer of these technologies into the national infrastructure as a matter of urgency.
10
Sample Product List
Ironkey – Secure USB Standard Issue to S&T employees from S&T CIO
Coverity – Open Source Hardening (SCAN) Evaluates over 150 open source software packages nightly
USURF – Cyber Exercise Planning tool Currently in use in WA state exercise; partnering with NCSD
Secure64 – DNSSEC Automation Several commercial customers; Government pilots underway
HBGary – Memory and Malware Analysis 12-15 pilot deployments as part of Cyber Forensics program (later)
Stanford – Anti-Phishing Technologies Open source; Most browsers have incorporated Stanford R&D
Secure Decisions – Data Visualization Pilot with DHS/NCSD/US-CERT in progress
4 August 2010
114 August 2010
Give open source community access to entire toolset Open-source developers register their project.
Coverity automatically downloads and runs tool over it. Developers get back bugs in coverity’s bug database
Big success: Roughly 500 projects registered 4,700+ defects actually patched. Some really crucial bugs found; dozens of security patches (e.g.,
X, ethereal)
Coverity: scan.coverity.com
124 August 2010
Initial requirements working group held 11/20/08 Attendees from USSS, CBP, ICE, FLETC, FBI, NIJ,
TSWG, NIST, Miami-Dade PD, Albany NY PD Initial list of projects
Mobile device forensic tools GPS forensics tools LE First responder “field analysis kit” High-speed data capture and deep packet inspection Live stream capture for gaming systems Memory analysis and malware tools Information Clearing House
S&T initiated 6 projects in FY09 totaling $2M
Cyber Forensics
Combined
134 August 2010
Vulnerability Assessment of Open Source “Wireshark” Assessment: Assess a key open-source monitoring
and forensics tool using the University of Wisconsin’s First Principles Vulnerability Assessment (FPVA) methodology
Training: Develop materials and teach tutorials in vulnerability assessment and secure programming techniques
Vulnerability characterization and automated detection: Use the results from assessments to formalize the description of vulnerabilities found and develop algorithms to detect them
144 August 2010
Homeland Open Security Technology (HOST) Promote the development and implementation of open source
solutions within US Federal, state and municipal government agencies
15
How can we (collectively) afford IT?
$38,500,000,000+ (BILLION!)
HOST Motivation
4 August 2010
16
US Govt Spends $38 Billion on IT Annually Trend is Not Sustainable
Bureaucracy (easy to blame)Complexity of Govt Enterprise Systems
Redundancy – Re-Invent the WheelExisting System of Acquisition, Management,
Updating, Technical Obsolescence Significant Hurdle
Cybersecurity = Protection of Infrastructure and Data
Need: Sustainable Government IT Systems
4 August 2010
17
Approach: Leverage Open Systems
Audience Federal, State, Local Government End Users - Citizens Share Benefits with Industry, Development Communities
Open Technology Solutions Vendor/Platform Agnostic Best of Breed Development – Builds Upon Success Focuses on Addressing the Needs of End Users
4 August 2010
GOAL: Improve systems security, enhance technical efficiency and reduce the cost of IT management...within Govt IT systems.
18
Benefits: Open Technology Solutions
Open Systems promote and encourage Transparency – Interoperability – Technical Agility Enhanced Manageability through Open Source License
Economic Benefits Lower Adoption Costs – Promotes Vendor Competition Broad Vendor and Developer Support Secure – Stable – Broadly Adopted in Govt and Industry
Existing Govt Adoption/Usage OMB/White House, DoD, Dept of Navy adoption OS
Policy Growing Govt Open Technology Adoption
4 August 2010
19
Competition: Who/What are the Challenges Proprietary Vendors
Technology Vendors Business Models Non-competitive
solutions
Adoption Resistance Ingrained Systems Existing Relationships Policy Updates and
Modifications Change Mentality Lack of Vision,
Leadership and Continuity
FUD/Pushback
4 August 2010
204 August 2010
HOST Program Areas Information Portal
Federal Government Open Source Census GovernmentForge Open Source Software Repository
Documentation Standards, Best Practices
Community Outreach “New” open source IDS/IPS Work with tool developers (source, binary) on open source software
quality analysis Information Assurance / Security
US Government security evaluation processes (OpenSSL)
S&T initiated projects in FY09/10 totaling $1.5M
21
Progress to Date
4 August 2010
22
HOST: Going Forward
Investment $10M up to $50M+ 5-yr (1 + 4 w/options) Scalable based on
deliverables & program review
ROI Value of Deliverables Strategic Advantage
Accountability Metrics tied to similar IT
program of record Investment Costs Recurring Fees Management/Admin Exp Upgrade Costs Compatibility Expenses Vendor Failure Expense
Process Not Product
4 August 2010
Can we afford NOT to Invest in Open Technology?
234 August 2010
Timeline of Past Research Reports
1997 1998 2000 2001 2003 2004 2005 20061999 2002 2007
President’s Commission on CIP (PCCIP)
NRC CSTB Trust in Cyberspace
I3P R&D Agenda
National Strategy to Secure Cyberspace
Computing Research Association – 4 Challenges
NIAC Hardening the Internet
PITAC - Cyber Security: A Crisis of Prioritization
IRC Hard Problems List
NSTC Federal Plan for CSIA R&D
NRC CSTB Toward a Safer and More Secure Cyberspace
All documents available at http://www.cyber.st.dhs.gov
244 August 2010
A Roadmap for Cybersecurity Research
http://www.cyber.st.dhs.gov Scalable Trustrworthy Systems Enterprise Level Metrics System Evaluation Lifecycle Combatting Insider Threats Combatting Malware and Botnets Global-Scale Identity Management Survivability of Time-Critical
Systems Situational Understanding and Attack
Attribution Information Provenance Privacy-Aware Security Usable Security
25
DHS S&T Roadmap Content What is the problem being addressed? What are the potential threats? Who are the potential beneficiaries? What are their respective
needs? What is the current state of practice? What is the status of current research? What are the research gaps? What challenges must be addressed? What resources are needed? How do we test & evaluate solutions? What are the measures of success?
4 August 2010
26
National Cyber Leap Year (NCLY)
RFI – 1: Generic, wide-open Received over 160 responses; created 9 research areas
Attribution, Cyber Economics, Disaster Recovery, Network Ecology, Policy-based Configuration, Randomization/Moving Target, Secure Data, Software Assurance, Virtualization
RFI – 2: Same as RFI-1, but providing IP protection Received over 30 responses
RFI – 3: Requested submissions only in 9 research areas above Received over 40 responses
National Cyber Leap Year (NCLY) Summit August 17-19, 2009 Results posted on http://www.nitrd.gov
4 August 2010
27
NCLY Summit Topics
Cyber economics Digital provenance Hardware enabled trust Moving target defense Nature-inspired cyber defense
Expectation: Agencies will be using these topic areas in future solicitations (FY11 and beyond)
4 August 2010
28
Summary
DHS S&T continues with an aggressive cyber security research agenda Working with the community to solve the cyber security
problems of our current (and future) infrastructure Outreach to communities outside of the Federal government, i.e.,
building public-private partnerships is essential Working with academe and industry to improve research
tools and datasets Looking at future R&D agendas with the most impact for
the nation, including education Need to continue strong emphasis on technology
transfer and experimental deployments
4 August 2010
294 August 2010
Douglas Maughan, Ph.D.
Branch Chief / Program Mgr.
202-254-6145 / 202-360-3170
For more information, visithttp://www.cyber.st.dhs.gov