10/29/2009 1

Innovation Partnerhsip Models with the Finance Sector

Dept. of Homeland Security Science & Technology Directorate

Douglas Maughan, Ph.D.

Branch Chief / Program Mgr.

douglas.maughan@dhs.gov

202-254-6145 / 202-360-3170

NCDI WorkshopBITS, Washington, DCOctober 29, 2009

10/29/2009 2

Science and Technology (S&T) Mission

Conduct, stimulate, and enable research, development, test, evaluation and timely transition of homeland security capabilities to federal, state and local operational end-users.

10/29/2009 3

Examples of Partnership Models LOGIIC – Linking Oil and Gas Industry to Improve

Cybersecurity PPISC-ES – Payment Processing Information Sharing Council

– Enhance Security Working Group DECIDE – Distributed Exercises TCIP – Trustworthy Cyber Infrastructure for Power S2ERC – Security and Software Engineering Research Center I3P – Institute for Information Infrastructure Protection

SIF – System Integrator Forum ITSEF – IT Security Entrepreneur Forum

10/29/2009 4

History ChevronTexaco approached DHS in March 2004

about possible opportunities to secure O&G cyber infrastructure

Ensuing discussions determined that this should be done sector-wide

Convened workshop in July 2004 in Washington, DC Outcome of meeting was to determine if it was

possible for government and industry to work together to (a) establish a SCADA testbed and (b) determine a working model for future research and development activities.

10/29/2009 5

History (cont’d)

Industry partners agreed on technical project focus April 2005

Project officially started July 1, 2005 Invited technology providers to show capabilities

Aug-Sept 2005

Industry selected winning candidates Project presented to O&G industry - Sept. 11, 2006

Captured in LOGIIC DVD

10/29/2009 6

Partnership Project LOGIIC is a model for

government-industry technology integration and demonstration efforts to address critical R&D needs

Industry contributes Requirements and operational expertise Project management Product vendor channels

DHS S&T contributes National Security Perspective on threats Access to long term security research Independent researchers with technical expertise Testing facilities

10/29/2009 7

OverviewOpportunity: Reduce vulnerabilities

of oil & gas process control environments by correlating and analyzing abnormal events to identify and prevent cyber security threats

Approach: Identify new types of security

sensors for process control networks

Adapt a best-of-breed correlation engine to this environment

Integrate in testbed and demonstrate

Transfer technology to industry

BusinessNetwork

ProcessControlNetwork

LOGIICCorrelationEngine

ExternalEvents

AttackIndicationsandWarnings

10/29/2009 8

Project Execution Technology Integration Model (TIM)

IntegrationExecution

Phase

IntegrationValidation

Phase

SolutionIdentificatio

nPhase

IntegrationDefinition

Phase

Req’s DocTech. Inventory &

Vendor List

Req’s Specification

ThreatAnalysis Cyber

Security SMEs

Oil & GasMembers Tech. Inventory &

Small Business Insertion

Standards Activity

Not a LOGIIC Activity

Vendors

ValueProp

Req’sInput

Certification

Standards

CertifiedProducts

RFP

Submissions

Evaluation

Cyber Security SMEs

LOGIICProjectTeam

Technology Demonstration

Vendor / Lab Integration

CertificationInitiated

byVendor

Technology Selection

Open Source Documents

Solution Implementation

LOGIIC Member

id1 id2

id3

id4

id5 id6id7

id8

ie1

ie2

ie3

ie4

ie5

iv1si1

si2

si3

sa1

sa2

10/29/2009 9

Project Execution Technology Advancement Model (TAM)

Advancement

ExecutionPhase

Advancement

ValidationPhase

SolutionDefinition

Phase

DefinitionDoc’s

Tech. Inventory & Vendor List

Req’s Specification

ThreatAnalysis Cyber

Security SMEs

Oil & GasMembers Tech. Inventory &

Small Business Insertion

LOGIICProjectTeam

Vendor Activity

VendorDevelopment

Standards Activity

Not a LOGIIC Activity

Vendors

Req’sInput

Publish

SmallBusiness

Partner

Certification

Standards

CertifiedProducts

Progress Preporting

Feedback Loop

ValueProp

Product Evaluations

Open Source Documents

VendorDemos

LOGIIC

Update

CertificationInitiated

byVendor

ad1 ad2

ad3

ad4

ad5 ad6 ad7

av1

av2

av3

sd1

sd2

sa1

ae1

ae2

Advancement

DefinitionPhase

10/29/2009 10

LOGIIC Consortium - NOW

CRADA

Oil & Gas SectorParticipating Companies

Pro

ject #

1

Pro

ject #

2

Pro

ject #

3

Pro

ject #

4

Pro

ject #

N

Researchers

Vendors

Labs

Com

petitive

DHS S&TISA Automation Federation (AF)

DHS PCII

10/29/2009 11

DECIDE (Distributed Environment for Critical Infrastructure Decision-making Exercises) Enable enterprise decision-makers to think through responses to

operational disruptions of market-based transactions across networks - Sector(s), Market(s), Institution(s)

Provide a dedicated exercise capability for several critical infrastructures in the U.S. Enterprises will be able to initiate their own large-scale exercises, define their

own scenarios, protect their proprietary data, and learn vital lessons to enhance business continuity, all from their desktops

The concept has been reviewed by and developed with input from experts at ChicagoFIRST, the Options Clearing Corporation, ABN-AMRO, Eurex, Archipelago, Bank of New York, and CitiBank.

The Financial Services Sector Coordinating Council R&D Committee has organized a user-group of subject matter experts (SMART team) paid by their respective financial institutions to support the project over the next three years.

10/29/2009 12

Current TCIP Scale of Effort $1.5 M per year for 5 years Funded by National Science Foundation

With additional support from Department Of Energy, Department of Homeland Security

4 universities, 20 senior investigators University of Illinois at Urbana-Champaign Washington State University Cornell University Dartmouth University

35 Graduate and Undergraduate Students Industry advisory board (35 owners, operators, vendors)

10/29/2009 13

10/29/2009 14

Questions that need Answers What do you really want to do?

More formally organize information sharing and someone own it? Known technology exploration and evaluation? New R&D to support finance sector? FSSCC R&D Agenda

What do you really think the government’s role is (depends on the answer to the first question)?

What “formal agreements” do you have and do you believe you need others?

Are all of the “stakeholders” present? If not, do they need to be? If they’re not, can you still succeed?

Do you plan to put money on the table to accomplish what you want? Will everyone contribute equally?

Tons of others – anti-trust, liability, IPR, etc.