opportunities for cyber trust researchers at iarpa
Post on 25-Feb-2016
Embed Size (px)
DESCRIPTIONOpportunities for Cyber Trust Researchers at IARPA. Carl Landwehr NICIAR Program Manager Intelligence Advanced Research Projects Activity (IARPA) 301-226-9100 email: CarlL@dni.gov. The Nation’s Intelligence Community. New DNI, Mike McConnell: Intelligence Community Integration - PowerPoint PPT Presentation
Opportunities for Cyber Trust Researchers at IARPA
Carl LandwehrNICIAR Program ManagerIntelligence Advanced Research Projects Activity (IARPA)301-226-9100email: CarlL@dni.gov
The Nations Intelligence CommunityNew DNI, Mike McConnell: Intelligence Community Integration Acquisition emphasis Information sharing: Need to know vs. responsibility to provide Analyst at the center: Know the customer needsKnow the sensors and source
IARPA GenesisCreated 1 Oct. 2007Within the Office of the Director of National IntelligenceFirst Director: Dr. Lisa Porter, on board Feb. 2008Extra-mural research, driven by Program ManagersMix of unclassified and classified research programsUnclassified research largely solicited through targeted BAAsWatch FedBizOpps for opportunitiesIARPA Web site coming soon: Keep your eye on www.iarpa.gov !Location: College Park, MDRotational staff of Program ManagersPeople with new program ideas encouraged to apply!
IARPANo kidding, high-risk/high payoff researchThis is NOT about quick wins, low-hanging fruit, sure things, etc.Failure is completely acceptable as long as It is not due to failure to maintain technical or programmatic integrityResults are fully documentedBest and brightestCompetitive awards and world-class PMsEvery IARPA program will start with a good idea and a good person to lead it. Without both, IARPA will not start a program.Cross community focusAddress cross-agency challengesLeverage agency expertise (both R&D and operational perspectives)Work transition strategies and plansThe P in IARPA is very importantEach Program will have a clearly defined and measurable end-goal, typically 3-5 years out. Intermediate milestones to measure progress are also requiredIARPA does not institutionalize programsFresh ideas and fresh perspectives are always coming in; status quo is constantly questioned
The Heilmeier QuestionsWhat are you trying to do?How is it done now? Who does it? What are the limitations of present approaches?Are you aware of the present state-of-the-art and have you thought through all the options?What is new about your approach? Why do you think you can succeed at this time?Given that youve provided clear answers to 1 & 2, have you created a compelling option?What does a first order analysis of your approach reveal?If you succeed, what difference will it make?Why should we care?How long will it take? How much will it cost? What are the mid-term and final exams?What is your program plan? How will you measure progress? What are your milestones/metrics? What is your transition strategy?
National Intelligence Community Information Assurance Research ProgramVision:Level the cybersecurity playing fieldDramatically improve the fundamental trustworthiness of the NIC cyber infrastructureDefend existing NIC cyber infrastructure from external and internal threats; enable operation despite attacksGoals:Use accountability as a lever to reduce vulnerabilities and foster information sharingIncrease the attackers cost to penetrate NIC systemsProvide usable and flexible security mechanismsDefense has an uphill battle!
GoalsDouble attackers time/resource cost to compromise NIC systems through remote exploitsUnmodified system as baselineApplications: reduce vulnerability windows in time (patch generation/installation, reconfiguration) and space (flaw/fault detection and removal)Decrease by half the time and effort required to attribute a specific computational event/information flow to a (human/software/hardware) initiatorUnmodified system as baselineApplications: sanitization, information sharing (credit), leakage (blame)Stretch goal: Reduce by a factor of 10 the time/effort required to certify/accredit a new, conforming software component for use in a general purpose environment based on accountable information flow technologiesExisting system and certification/accreditation process as baseline
Current NICIAR Research Topics
NICECAP Timeline1 2 3 4 5 6 7 8 9 10 11 12 1 2 3 4 5 6 7 8 9 10 11 12 1 200720062008BAA release 4/24/0635 Full Proposals invited 1/15/08Proposals due 2/14/08Round I Work begins 6/1/07Contract negotiations begin 4/15/08Topic areas:Accountable Information flowNew focus area 10/07: Privacy Protecting TechnologiesLarge scale system defenseUpdated BAA release 10/2/07White papers due 11/2/07 (received ~ 135 WPs)Awards made 7/15/082009NICECAP BAA available at (or Google (NICECAP)):http://www.fbo.gov/spg/USAF/AFMC/AFRLRRS/Reference-Number-BAA-06-11-IFKA/listing.html
On the Horizon:Secure System Engineering CompetitionsHow do we build systems of realistic scale that Have a sound assurance argumentCan be extended without sabotaging itAre usable and manageableHow do we structure a competition to teach us these things?What would be a compelling thing (or series of things) to build?How would we evaluate it?How would we measure progress?What toolkits could we make available to competitors?
Carl LandwehrNICIAR Program Manager301-226-9100email: CarlL@dni.gov
UNCLASSIFIEDUNCLASSIFIEDUNCLASSIFIEDUNCLASSIFIEDUNCLASSIFIEDAttackers range from hackers to organized terrorists groups on to nation-state intelligence organizations on many federal government intranets as well as the Internet. These attackers are becoming more skillful at hiding data, their identities, addresses, and transactions associated with their penetrations into sensitive information systems, which in turn increases the risk to the information security. To aggressively address the threats, it is necessary to explore and develop cutting-edge technologies that can provide capabilities to subvert our adversaries sophisticated attempts to penetrate the IC networks.
Cyber Situational AwarenessCyber defenders must analyze and make sense of large volumes of data generated by a myriad of sensors and network management systems. DTO seeks innovative technologies to help cyber defenders deconflict, correlate and understand large volumes of sensor data while displaying this information in a manner that best fits the cognitive processes used by the analyst or decision maker.
Cyber Indications & WarningTodays information assurance paradigm is a largely reactive model in that it focuses on detection of attacks once they are already underway. DTO seeks to significantly increase the warning time for an attack and provide defenders with a larger response window by creating proactive and predictive techniques that detect attack observables early in the attack sequence and prior to the modification of data or the exfiltration of sensitive information.
Insider Threat MitigationThe malicious insider is one of the greatest threats to the information assets of the IC. A trusted user who abuses computer privileges for traitorous ends can compromise classified information on a massive scale with potentially catastrophic results. DTO seeks to mitigate this threat through the creation of cyber solutions for modeling, detecting and preventing malicious insider behavior within IC systems and networks.
Attack Mitigation & TracebackAdversaries are becoming increasingly sophisticated in their ability to disguise the true origin of an attack and the complete path taken to a victim. DTO seeks advanced technologies that can rapidly and accurately attribute a cyber attack to its logical source, despite the presence of multiple disparate and non-cooperative and/or hostile networks, or attacker obfuscation techniques such as encryption, stepping stones, packet padding, or traffic timing manipulation.
Malicious Code Risk MitigationMalicious software represents an increasing threat to IC systems and networks as adversaries continue to achieve greater sophistication in techniques for hiding their presence and associated activity. DTO seeks to mitigate this threat with advanced tools to detect, contain, and eradicate next generation malicious software that threatens to infect an IC system sometime during its life cycle.
Secure Information SharingThe operational needs of the IC demand more efficient techniques for determining which mission-critical information can be shared across domains of different sensitivity levels. DTO seeks automated tools that provide the human reviewer real-time support in making policy-based downgrade or release decisions.
UNCLASSIFIEDUNCLASSIFIEDUNCLASSIFIEDUNCLASSIFIEDUNCLASSIFIEDUNCLASSIFIEDUNCLASSIFIEDUNCLASSIFIED Current IC information infrastructure protections are like brick walls and paper bags. The paper bags have known holes in them and we are working on technology to help automate the monitoring of the attacks coming through the known holes and figure out whose fingers are reaching in. We also have some brick walls. They provide effective security but also isolate people and work against effective sharing. UNCLASSIFIED