Dept. of Homeland Security Science & Technology Directorate

42 Slides5.94 MB

Dept. of Homeland Security Science & Technology Directorate Current R&D Initiatives in Cybersecurity UMD / Google College Park, MD December 1, 2011 Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) [email protected] 202-254-6145 / 202-360-3170

Cyberspace Definitions “Cyb l l ersp o a itic e contr ed i r n c t e s ’ rdep ace me n th ompos o i t — a i m n n e c frast enden ans t ur st s o y i [ s e s d i s c te inter ructur t netw he ou berspa c ce v a e r r n p e e s n n r b i o y ] com net, tele es, and ork of I “Cybetructures’country. C s of interc hes, and ftures proc puter sy comms include T infras m of our thousandters, switc infrastruc indu essors astems, networ s the syste ndreds of rvers, rou ur critical cure strie k a s” N nd cont nd emb s, of hu uters, se at allow o egy to Se SPD rolle edde r comp cables th nal Strat s 5 d 4 i n ,8J o c c i i t t r i a p o an 2 tical 03 interdependent network of information and k.” N e, 2“The 0 r o 008 w c to a p rs communications technology infrastructures, including Cybe the Internet, telecommunications networks, computer systems and networks, and embedded processors and controllers in facilities and industries.” White House Cyberspace Policy Review, May 2009 “A cyber y and measures t i r u e c n e v ironmen networks ber s ce refer to , y c t i n s c , l m d u evices, a des use informat he ter ion assuran ter systems T r “ s ll , s i o o f services n in storage o tware, proces ormat cting compu ation from s, use, f n i , r s directly o and systems t transit, applic es, prote , and inform rized acces ction.” r o f Telecom r indirectly to n hat can be con ations, networks or unautho n, or destru and uption , modificatio er Security h and Overvie munications Uetworks. Internnected r s i d e w of Cy bersecunion X.1205, ational disclosur Plan for Cybnce Researc l rity, Oct ra 2008 Federaation Assu r 2006 12 October 2011 2 Informopment, Ap Devel

Comprehensive National Cybersecurity Initiative (CNCI) Establish a front line of defense Reduce Reduce the the Number Number of of Trusted Trusted Internet Internet Connections Connections Deploy Deploy Passive Passive Sensors Sensors Across Across Federal Systems Federal Systems Pursue Pursue Deployment Deployment of of Automated Automated Defense Defense Systems Systems Coordinate Coordinate and and Redirect R&D Efforts Redirect R&D Efforts Resolve to secure cyberspace / set conditions for long-term success Connect Connect Current Current Centers Centers to to Enhance Enhance Situational Situational Awareness Awareness Develop Develop Gov’t-wide Gov’t-wide Counterintelligence Counterintelligence Plan Plan for for Cyber Cyber Increase Increase Security Security of of the the Classified Classified Networks Networks Expand Expand Education Education Shape future environment / secure U.S. advantage / address new threats Define Define and and Develop Develop Enduring Enduring Leap Leap Ahead Ahead Technologies, Technologies, Strategies Strategies && Programs Programs Define Define and and Develop Develop Enduring Enduring Deterrence Deterrence Strategies Strategies && Programs Programs Manage Manage Global Global Supply Chain Supply Chain Risk Risk Cyber Cyber Security Security in in Critical Infrastructure Critical Infrastructure Domains Domains http://cybersecurity.whitehouse.gov 1 December 2011 3 3

NITRD Structure for Cybersecurity R&D Coordination OSTP OMB National Science and Technology Council National Coordination Office for NITRD National security systems R&D NITRD Subcommittee Senior representatives from agencies conducting NIT R&D Senior representatives from agencies with national cybersecurity missions Cybersecurity R&D Senior Steering Group Special Cyber Operations Research and Engineering (SCORE) Interagency Working Group Cyber Security and Information Assurance Interagency Working Group (CSIA IWG) Program managers with cybersecurity R&D portfolios 1 December 2011 4

Federal Gov’t Cyber Research Community Agency / Org Research Agenda Researchers Customers / Consumers National Science Foundation (NSF) SW engineering/protection, HW/FW security, mobile wireless and sensor networks, trustworthy computing ; Several academic centers Academics and NonProfits Basic Research - No specific customers Defense Advanced Research Projects Agency (DARPA) Mostly classified; unclassified topics are focused on basic research; National Cyber Range Few academics; large system integrators; research and government labs Mostly DOD; most solutions are GOTS, not COTS National Security Agency (NSA) Information Assurance Automation (ISAP), SELinux; Networking theory; CAEIAE centers Mostly in-house Intelligence community; some NSA internal; some open source Intelligence Advanced Research Projects Agency (IARPA) Automatic Privacy Protection (APP,) Securely Taking on New Executable Software of Uncertain Provenance (STONESOUP) Mostly research labs, system integrators, and national labs; Some academics Intelligence community National Institute of Standards & Technology (NIST) Trusted Identities in Cyberspace, National Initiative for Cybersecurity Education (NICE) In-house; Most R&D funding comes from other agencies Federal agencies with some impact on state and locals Department of Homeland Security (DHS) S&T All unclassified; Secure Internet Protocols; Process Control Systems (PCS), Emerging Threats, Insider Threat, Cyber Forensics; Software Assurance, Open Security Technologies, Next Generation Technologies Blend of academics, research and government labs, nonprofits, private sector and small business DHS Components (including NPPD, USSS, FLETC, FEMA, ICE, CBP); CI/KR Sectors; USG and Internet and Private Sector 5

Federal Cybersecurity Research and Development Program: Strategic Plan 1 December 2011 6

Federal Cybersecurity R&D Strategic Plan Research Themes Science of Cyber Security Transition to Practice Tailored Trustworthy Spaces Moving Target Defense Cyber Economics and Incentives Designed-In Security (New for FY12) Technology Discovery Test & Evaluation / Experimental Deployment Transition / Adoption / Commercialization Support for National Priorities Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education), Financial Services 1 December 2011 7

Quadrennial Homeland Security Review The Core Missions 1. Preventing terrorism and enhancing security; 2. Securing and managing our borders; 3. Enforcing and administering our immigration laws; 4. Safeguarding and securing cyberspace; and 5. Ensuring resilience to disasters. Mission 6: Maturing and Strengthening the Homeland Security Enterprise Foster Innovative Solutions Through Science and Technology Ensure scientifically informed analyses and decisions are coupled to effective technological solutions Conduct scientific assessments of threats and vulnerabilities Foster collaborative efforts involving government, academia, and the private sector to create innovative approaches to key homeland security challenges 1 December 2011 8

DHS S&T Mission Strengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise 1 December 2011 9

Cyber Security Division (CSD) R&D Execution Model 1 December 2011 10

Sample Product List Ironkey – Secure USB Standard Coverity – Open Source Hardening (SCAN) Analyzes USURF Issue to S&T employees from S&T CIO 150 open source software packages daily (later) – Cyber Exercise Planning tool Recently Secure64 used in MA & WA state cyber exercises – DNSSEC Automation Several commercial customers; Government pilots underway HBGary – Memory and Malware Analysis 12-15 pilot deployments as part of Cyber Forensics program 1 December 2011 11

Sample Product List - 2 Grammatech Used by several Intel agencies; commercially available Telcordia In – Automated Vulnerability Analysis use by DOD, SEC GMU In – Binary Analysis tools – Network Topology Analysis (Cauldron) use at FAA, several commercial customers Stanford Open Secure Pilot – Anti-Phishing Technologies source; most browsers have included Stanford R&D Decisions – Data Visualization with DHS/NCSD/US-CERT in progress 1 December 2011 12

Cyber Security Program Areas Research (RISC) Infrastructure to Support Cybersecurity Trustworthy Cyber Cyber Infrastructure (TCI) Technology Evaluation and Transition (CTET) Foundational Elements of Cyber Systems (FECS) Cybersecurity User Protection and Education (CUPE) 1 December 2011 13

Research Infrastructure (RISC) Experimental Research Testbed (DETER) Researcher and vendor-neutral experimental infrastructure DETER - http://www.isi.edu/deter/ Research Data Repository (PREDICT) Repository of network data for use by the U.S.- based cyber security research community PREDICT – https://www.predict.org Software Quality Assurance (SWAMP) A software assurance testing and evaluation facility and the associated research infrastructure services 1 December 2011 14

Trustworthy Cyber Infrastructure Secure Protocols DNSSEC – Domain Name System Security SPRI – Secure Protocols for Routing Infrastructure Process Control Systems Internet Measurement and Attack Modeling LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity TCIPG – Trustworthy Computing Infrastructure for the Power Grid Geographic mapping of Internet resources Logically and/or physically connected maps of Internet resources Monitoring and archiving of BGP route information 1 December 2011 15

Evaluation and Transition (CTET) Assessment Red and Evaluations Teaming of DHS S&T-funded technologies Experiments and Pilots Experimental Deployment of DHS S&T-funded technologies into operational environments Transition New to Practice (CNCI) FY12 Initiative 1 December 2011 16

Foundational Elements (FECS) Enterprise Level Security Metrics and Usability Homeland Open Security Technology (HOST) Software Quality Assurance Cyber Economic Incentives (CNCI) New FY12 Initiative Leap Ahead Technologies (CNCI) Moving Target Defense (CNCI) New FY12 Initiative Tailored New Trustworthy Spaces (CNCI) FY12 Initiative 1 December 2011 17

Cybersecurity Users (CUPE) Cyber Security Competitions National Initiative for Cybersecurity Education (NICE) NCCDC (Collegiate); U.S. Cyber Challenge (High School) Cyber Security Forensics Support to DHS and other Law Enforcement customers Identity Management National Strategy for Trusted Identities in Cyberspace (NSTIC) Data Privacy Technologies New Start in FY13 7-10 November 2011 18

DHS S&T Cybersecurity Program Cyber Economic Incentives Moving Target Defense Tailored Trustworthy Spaces Leap Ahead Technologies Transition To Practice PEOPLE PEOPLE SYSTEMS SYSTEMS Software Quality Assurance Homeland Open Security Technology Experiments & Pilots Assessments & Evaluations INFRASTRUCTURE INFRASTRUCTURE Identity Management Enterprise Level Security Metrics & Usability Data Privacy Cyber Forensics Competitions Secure Protocols Process Control Systems Internet Measurement & Attack Modeling RESEARCH RESEARCH INFRASTRUCTURE INFRASTRUCTURE Experimental Research Testbed (DETER) Research Data Repository (PREDICT) Software Quality Assurance (SWAMP) 1 December 2011 19

Small Business Innovative Research (SBIR) FY04 FY05 Large-Scale Network Survivability, Rapid Recovery, and Reconstitution (1) FY11 Software Testing and Vulnerability Analysis (3) FY10 Secure and Reliable Wireless Communication for Control Systems (2) FY09 Network-based Boundary Controllers (3) Botnet Detection and Mitigation (4) FY07 Hardware-assisted System Security Monitoring (4) FY06 Cross-Domain Attack Correlation Technologies (2) Real-Time Malicious Code Identification (2) Advanced SCADA and Related Distributed Control Systems (5) Mobile Device Forensics FY12 Moving Target Defense 7-10 November 2011 20

Small Business Innovative Research (SBIR) Important program for creating new innovation and accelerating transition into the marketplace Since 2004, DHS S&T Cyber Security has had: 60 Phase I efforts 27 Phase II efforts 4 Phase II efforts currently in progress 9 commercial/open source products available Three acquisitions Komoku, Inc. (MD) acquired by Microsoft in March 2008 Endeavor Systems (VA) acquired by McAfee in January 2009 Solidcore (CA) acquired by McAfee in June 2009 7-10 November 2011 21

HSARPA Cyber Security R&D Broad Agency Announcement (BAA) 11-02 Delivers both near-term and medium-term solutions To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure, based on customer requirements To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging cybersecurity systems; To facilitate the transfer of these technologies into operational environments. Proposals Received According to 3 Levels of Technology Maturity Type I (New Technologies) Applied Research Phase Development Phase Demo in Op Environ. Funding 3M & 36 mos. Type II (Prototype Technologies) More Mature Prototypes Development Phase Demo in Op Environ. Funding 2M & 24 mos. Type III (Mature Technologies) Mature Technology Demo Only in Op Environ. Funding 750K & 12 mos. Note: Technology Demonstrations Test, Evaluation, and Pilot deployment in DHS “customer” environments 1 December 2011 22

Technical Topic Areas (TTAs) TTA-1 Software Assurance DHS, FSSCC TTA-2 Enterprise-level Security Metrics DHS, FSSCC TTA-3 Usable Security DHS, FSSCC TTA-4 Insider Threat DHS, FSSCC TTA-5 Resilient Systems and Networks DHS, FSSCC TTA-6 Modeling of Internet Attacks DHS TTA-7 Network Mapping and Measurement DHS TTA-8 Incident Response Communities DHS TTA-9 Cyber Economics CNCI TTA-10 Digital Provenance CNCI TTA-11 Hardware-enabled Trust CNCI TTA-12 Moving Target Defense CNCI TTA-13 Nature-inspired Cyber Health CNCI TTA-14 Software Assurance MarketPlace S&T (SWAMP) 1 December 2011 23

Timeline of Past Research Reports President’s Commission on CIP (PCCIP) NRC CSTB Trust in Cyberspace I3P R&D Agenda National Strategy to Secure Cyberspace Computing Research Association – 4 Challenges NIAC Hardening the Internet PITAC - Cyber Security: A Crisis of Prioritization IRC Hard Problems List NSTC Federal Plan for CSIA R&D NRC CSTB Toward a Safer and More Secure Cyberspace 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 All documents available at http://www.cyber.st.dhs.gov 1 December 2011 24

A Roadmap for Cybersecurity Research http://www.cyber.st.dhs.gov Scalable Trustrworthy Systems Enterprise Level Metrics System Evaluation Lifecycle Combatting Insider Threats Combatting Malware and Botnets Global-Scale Identity Management Survivability of Time-Critical Systems Situational Understanding and Attack Attribution Information Provenance Privacy-Aware Security Usable Security 1 December 2011 25

So what if I take over a botnet to do my research? An examination of the current state of Ethics in Information and Communications Technology Research 1 December 2011 26

What are ethics? “The field of ethics (or moral philosophy) involves systematizing, defending, and recommending concepts of right and wrong behavior.” Normative ethics, is concerned with developing a set of morals or guiding principles intended to influence the conduct of individuals and groups within a population (i.e., a profession, a religion, or society at large). 1 December 2011 27

Ethics ! Law “Law can be defined as a consistent set of universal rules that are widely published, generally accepted, and usually enforced” Interrelated but by no means identical (e.g., legal but not ethical, ethical but not legal) Adherence to ethical principles may be required to meet regulatory requirements surrounding academic research A law may illuminate the line between beneficial acts and harmful ones. If the computer security research community develops ethical principals and standards that are acceptable to the profession and integrates those as standard practice, it makes it easier for legislatures and courts to effectively perform their functions. 1 December 2011 28

(Normative) Computer Ethics “A typical problem in computer ethics arises because there is a policy vacuum about how computer technology should be used. Computers provide us with new capabilities and these in turn give us new choices for action. Often, either no policies for conduct in these situations exist or existing policies seem inadequate. A central task of computer ethics is to determine what we should do in such cases, i.e., to formulate policies to guide our actions.” - James Moor, 1985 1 December 2011 29

The Belmont Report "Ethical Principles and Guidelines for the Protection of Human Subjects of Research”, US Department of Health, Education, and Welfare, April 18,1979 IRBs help ensure that research conforms with the ethical principles of the Belmont Report 1 December 2011 30

What is the role of an IRB? Institutional Review Board (IRBs) are responsible for: Protecting “human subjects” involved in research Proper informed consent – or waiver of consent Special protections for vulnerable populations Strong privacy and confidentiality protections Can allow deception in some research IRBs generally review medical or social/behavioral/educational research, not network/security research. Question: Should the IRB review network/security research? 1 December 2011 31

What is a “human subject” ? The Federal human subjects regulations (45 CFR 46.102(f)) define a human subject as: “a living individual about whom an investigator conducting research obtains either: (1) data through intervention or interaction with the individual -OR(2) identifiable private information.” 1 December 2011 32

What is Network and Security Research? Network and Security Research, or Information Communication Technology (ICT) Research involves: the collection, use and disclosure of information collected via networks or using hardware and software associated with information technology Examples include: Phishing experiments Botnets Honeypots Analysis of internet network traffic 1 December 2011 33

Ethical Challenges in ICT Research ICT research differs from traditional human subjects research which poses new ethical challenges: Interactions with humans are often indirect intervening technology with It is often not feasible to obtain informed consent Deception may be necessary There are varying degrees of linkage between data and individuals’ identities for behaviors Researchers can easily engage millions of “subjects” and billions of associated data “objects” simultaneously. 1 December 2011 34

Comparing ICTR and Medical Research How is ICTR like researching health issues? Identity of subjects Risk of harm to subjects Subjects of research are also the beneficiaries How is ICTR not like researching health issues? Research “subjects” could be criminals, their tools, or computers owned by innocent 3rd parties Researchers are sometimes indistinguishable from criminals controlling a botnet Viruses/cancers don’t adapt due to our publications Harm primarily financial, but unintended consequences could affect uninvolved 3rd parties (and their customers) 1 December 2011 35

The Menlo Report "Ethical Principles Guiding Information and Communication Technology Research” Supported by US Department of Homeland Security (unpublished 2011). Belmont Principle Menlo Application Respect for Persons Identify stakeholders Informed consent Beneficence Identify potential benefits and harms Balance risks and benefits Mitigate realized harms Justice Fairness and equity Additional Menlo Principle: Respect for the Law and Public Interest Compliance Transparency and accountability 1 December 2011 36

Our Education Problem Problem: The U.S. is not producing enough computer scientists and CS degrees CS/CE enrollments are down 50% from 5 years ago1 CS jobs are growing faster than the national average 2 Taulbee Survey, CRA BLS Computer Science/STEM have been the basis for American growth for 60 years The gap in production of CS threatens continued growth and also national security Defense, DHS, CNCI and industry all need more CS and CE competencies now Taulbee Survey 2006-2007, Computer Research Association, May 2008 Computing Research News, Vol. 20/No. 3 2 Nicholas Terrell, Bureau of Labor Statistics, STEM Occupations, Occupational Outlook Quarterly, Spring 2007 1 1 December 2011 37

National Initiative for Cybersecurity Education (NICE) National Cybersecurity Awareness (Lead: DHS). Formal Cybersecurity Education (Co-Leads: DoEd and OSTP). Education programs encompassing K-12, higher education, and vocational programs related to cybersecurity Federal Cybersecurity Workforce Structure (Lead: OPM). Public service campaigns to promote cybersecurity and responsible use of the Internet Defining government cybersecurity jobs and skills and competencies required. New strategies to ensure federal agencies attract, recruit, and retain skilled employees to accomplish cybersecurity missions. Cybersecurity Workforce Training and Professional Development (Tri-Leads: DoD, ODNI, DHS). Cybersecurity training and professional development required for federal government civilian, military, and contractor personnel. 1 December 2011 38

CCDC Mission The mission of the Collegiate Cyber Defense Competition (CCDC) system is to provide institutions with an information assurance or computer security curriculum a controlled, competitive environment to assess a student's depth of understanding and operational competency in managing the challenges inherent in protecting a corporate network infrastructure and business information systems. CCDC Events are designed to: Build a meaningful mechanism by which institutions of higher education may evaluate their current educational programs Provide an educational venue in which students are able to apply the theory and practical skills they have learned in their course work Foster a spirit of teamwork, ethical behavior, and effective communication both within and across teams Create interest and awareness among participating institutions and students 1 December 2011 39

U.S. Cyber Challenge DC3 Digital Forensics Challenge An Air Force Association national high school cyber defense competition CyberPatriot Defense Competition A Department of Defense Cyber Crime Center competition focusing on cyber investigation and forensics Netwars Capture-the-Flag Competition A SANS Institute challenge testing mastery of vulnerabilities 1 December 2011 40

Summary Cybersecurity research is a key area of innovation needed to support our future DHS S&T continues with an aggressive cyber security research agenda Working to solve the cyber security problems of our current (and future) infrastructure and systems Working with academe and industry to improve research tools and datasets Looking at future R&D agendas with the most impact for the nation, including education Need to continue strong emphasis on technology transfer and experimental deployments 1 December 2011 41

Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) [email protected] 202-254-6145 / 202-360-3170 For more information, visit http://www.cyber.st.dhs.gov 1 December 2011 42

Back to top button