Driving Security Improvements in Existing Technologiesand Emerging Systems

EDUCAUSE Net@EDU Annual MtgTempe, AZFebruary 12, 2008

Dept. of Homeland Security Science & Technology Directorate

Douglas Maughan, Ph.D.

Program Manager, CCI

douglas.maughan@dhs.gov

202-254-6145 / 202-360-3170

12 February 2008 2

Agenda

2007 Capitol Hill and Other WDC Activities DHS S&T Cyber Security R&D Program

PREDICT Broad Agency Announcements (BAAs) Outreach / Transition

University Programs Cyber R&D Background and Government R&D

Coordination

12 February 2008 3

Recent Hearings in Washington Cyber Insecurity: Hackers are Penetrating

Federal Systems and Critical Infrastructure http://homeland.house.gov/hearings/index.asp?ID=36

“These incidents have opened a lot of eyes in the halls of Congress. We need to get serious about this threat to our national security.”

Addressing the Nation’s Cybersecurity Challenges: Reducing Vulnerabilities Requires Strategic Investment and Immediate Action” http://homeland.house.gov/hearings/index.asp?ID=41

“I am deeply troubled by the lack of foresight that this Administration has demonstrated. The Homeland Security Committee is working to demonstrate the importance of R&D funding to this Administration.”

12 February 2008 4

Recent Hearings in Washington (cont’d)

House Homeland Security Committee investigation of DHS Networks http://homeland.house.gov/SiteDocuments/Charbo.pdf 13 questions to understand the security posture of DHS

networks

Senate Hearing on Terrorist use of the Internet http://hsgac.senate.gov/index.cfm?Fuseaction=

Hearings.Detail&HearingID=441

12 February 2008 5

More recent activity

May 2007 – DDOS attack on Estonia First example of “cyber warfare”?

Sep 2007 - “Chinese hack the Pentagon” Sep 2007 – “China hacks UK government” Oct 2007 – “White House initiative to defend against

hackers” Nov 2007 – “White House requests $154M

supplement for Cyber Initiative”

12 February 2008 6

(National) Cyber Initiative

Baltimore Sun Article on Cyber Initiative – Oct. 24, 2007 House panel chief demands details of cybersecurity plan

http://www.baltimoresun.com/technology/balte.cyber24oct24,0,782050,full.story

Rep. Bennie Thompson, Chairman of the House Homeland Security Committee, called on the Bush administration to delay the planned launch of a multi-billion-dollar cybersecurity initiative so that Congress could have time to evaluate it.

Initiative mostly focused on fixing operational problems that exist across government infrastructure E.g., Trusted Internet Connections (TIC) program announcement

Small component of total effort is aimed at R&D

12 February 2008 7

CSIS Commission for 44th Presidency Goal: Identify a strategy and set of recommendations for the next

administration to move ahead in securing cyberspace.  The Commission will complete its work by December 2008. 

The Commission will be a bipartisan group composed of thirty to thirty-five experts drawn from the cyber security policy community and from the private sector.  Co-chaired by leaders from Congress and the private sector  Reinforced by a private sector advisory group composed of representatives

from companies and associations The proposed working groups are:

(1) Federal Organization, Strategy and Doctrine; (2) Cybersecurity Norms and Authorities; (3) Budget and Acquisitions for Cybersecurity; (4) Government/Private Sector Interfaces and Engagement.

The final product would be a well-supported package of recommendations for improving cyber security that could help to guide both a legislative agenda and Presidential policy documents.  

12 February 2008 8

Homeland Security Mission

Lead unified national effort to secure America

Prevent terrorist attacks within the U.S.

Respond to threats and hazards to the nation

Ensure safe and secure borders Welcome lawful immigrants

and visitors Promote free flow of

commerce

12 February 2008 9

DHS Goals: Secretary’s Priorities Keep terrorists, criminals and unlawful

entrants out of the U.S.

Prevent dangerous materials, weapons and illicit drugs from entering the country

Strengthen screening of workers/travelers

Secure critical infrastructure

Build nimble, effective emergency response system and culture of preparedness

Strengthen core management to ensure DHS is a great organization

12 February 2008 10

Department of Homeland SecurityOrganization Chart

SECRETARY

DEPUTY SECRETARY

DIRECTORTRANSPORTATION

SECURITY ADMINISTRATION

UNDER SECRETARY FOR POLICY

UNDER SECRETARY FOR SCIENCE & TECHNOLOGY

UNDER SECRETARY FOR MANAGEMENT

UNDER SECRETARY FOR

PREPAREDNESS

A/S CONGRESSIONAL & INTERGOVERNMENTAL

AFFAIRS

ASSISTANT SECRETARY PUBLIC

AFFAIRS

INSPECTOR GENERALGENERAL COUNSEL

CHIEF PRIVACY OFFICER

OMBUDSMAN CITIIZENSHIP & IMMIGRATION

SERVICES

DIRECTORCIVIL RIGHTS/CIVIL

LIBERTIES

DIRECTOR OFCOUNTER

NARCOTICS

DOMESTIC NUCLEAR

DETECTION OFFICE

SCREENING COORDINATION

OFFICE

CHIEF OF STAFF

EXECUTIVE SECRETARY

COMMISSIONERIMMIGRATION &

CUSTOMS ENFORCEMENT

COMMISSIONER CUSTOMS & BORDER

PROTECTION

DIRECTOR CITIZENSHIP & IMMIGRATION

SERVICES

DIRECTORFEMA

DIRECTOR US SECRET SERVICE

COMMANDANTUS COAST GUARD

DIRECTOR OF OPERATIONS

COORDINATION

ASSISTANT SECRETARYOFFICE OF

INTELLIGENCE & ANALYSIS

LABOR RELATIONS BOARD

FEDERAL LAW ENFORCEMENT

TRAINING CENTER

MILITARYLIAISON

12 February 2008 11

Science and Technology (S&T) Mission

Conduct, stimulate, and enable research, development, test, evaluation and timely transition of homeland security capabilities to federal, state and local operational end-users.

12 February 2008 12

12 February 2008 13

DHS S&T Investment PortfolioBalance of Risk, Cost, Impact, and Time to Delivery

Product Transition (0-3 yrs) Focused on delivering near-term

products/enhancements to acquisition

Customer IPT controlled Cost, schedule, capability metrics

Innovative Capabilities (2-5 yrs) High-risk/High payoff “Game changer/Leap ahead”

Prototype, Test and Deploy HSARPA

Basic Research (>8 yrs) Enables future paradigm changes Univ. fundamental research Gov’t lab discovery and invention

Mandated Spending (0-8+ yrs) Required by Administration

(HSPDs) Congressional direction/law

Customer Focused, Output Oriented

12 February 2008 14

R&D

SBIRsBAAs

DNSSEC

Cyber SecurityAssessment

SPRI

Emerging Threats

Rapid Prototyping External (e.g., I3P)

R&D Execution Model

Solicitation Preparation

Pre R&D

CIP Sector Roadmaps

Workshops

Customers

Critical Infrastructure

Providers

Critical Infrastructure

Providers

Customers * NCSD * NCS * OCIO * USSS * National

Documents

Other Sectorse.g., Banking &

Finance

PrioritizedRequirements

R&DCoordination – Government

& Industry

Experimentsand Exercises

Post R&D

Outreach – Venture Community &

Industry

Supporting Programs

PREDICTDETER

12 February 2008 15

Cyber Security Program Areas

Information Infrastructure Security Domain Name System Security (DNSSEC) Secure Protocols for the Routing Infrastructure (SPRI) Cyber Security Assessment

Cyber Security Research Tools and Techniques Cyber Security Testbed (DETER) Large Scale Datasets (PREDICT) Experiments and Exercises

Next Generation Technologies BAA 04-17, BAA 07-09

Other Activities (SBIR, RTAP, Emerging Threats)

12 February 2008 16

DHS / NSF Cyber Security Testbed “Justification and Requirements for a National DDOS

Defense Technology Evaluation Facility”, July 2002 We still lack large-scale deployment of security technology

sufficient to protect our vital infrastructures Recent investment in research on cyber security technologies by

government agencies (NSF, DARPA, armed services) and industry. One important reason is the lack of an experimental infrastructure

and rigorous scientific methodologies for developing and testing next-generation defensive cyber security technology

The goal is to create, operate, and support a researcher-and-vendor-neutral experimental infrastructure that is open to a wide community of users and produce scientifically rigorous testing frameworks and methodologies to support the development and demonstration of next-generation cyber defense technologies

12 February 2008 17

DETER Users Map – over 60 sites

12 February 2008 18

A Protected REpository for Defense of Infrastructure against Cyber Threats

PREDICT Program Objective“To advance the state of the research and commercial development (of network security ‘products’) we need to produce datasets for information security testing and evaluation of maturing networking technologies.”

Rationale / Background / Historical: Researchers with insufficient access to data unable to adequately test

their research prototypes Government technology decision-makers with no data to evaluate

competing “products”

End Goal: Improve the quality of defensive cyber security technologies

End Goal: Improve the quality of defensive cyber security technologies

12 February 2008 19

:

PREDICT Information https://www.predict.org

12 February 2008 20

SponsorLetter

PREDICT Repository Access ProcessPREDICT Coordination Center(Government-funded, Externally hosted)

DataProviders

Researchers

DataHosting

Sites

DataListing

InstitutionalSponsorship

MOAMOA

MOAs

Accept / DenyNotification

PublicationReviewBoard

After Research(if required)

Get Data

ProposalReviewBoard

Proposal

MOA

12 February 2008 21

Data Collection Activities

Classes of data that are interesting, people want collected, and seem reasonable to collect Netflow Packet traces – headers and full packet (context dependent) Critical infrastructure – BGP and DNS data Topology data IDS / firewall logs Performance data Network management data (i.e., SNMP) VoIP (2200 IP-phone network) Blackhole Monitor traffic

12 February 2008 22

PREDICT Summary

Why do we think PREDICT has a chance for success? DHS has included the security and networking

communities DHS has included the legal community from the start DHS has included the privacy community from the start

EFF, CDT, ACLU comments incorporated into system processes Included government privacy officials

Managing external facing processes

What else are we doing? Recent BAA 07-09

Technical Topic Area (TTA) 8 – Data Anonymization– Focused on new ideas and techniques to improve data protection

12 February 2008 23

Cyber Security R&DBroad Agency Announcement (BAA) A critical area of focus for DHS is the development and

deployment of technologies to protect the nation’s cyber infrastructure including the Internet and other critical infrastructures that depend on computer systems for their mission. The goals of the Cyber Security Research and Development (CSRD) program are: To perform research and development (R&D) aimed at improving the

security of existing deployed technologies and to ensure the security of new emerging systems;

To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure.

To facilitate the transfer of these technologies into the national infrastructure as a matter of urgency.

http://www.hsarpabaa.com

12 February 2008 24

BAA Program / Proposal Structure NOTE: Deployment Phase = Test, Evaluation, and Pilot

deployment in (DHS) “customer” environments Type I (New Technologies)

New technologies with an applied research phase, a development phase, and a deployment phase (optional)

Funding not to exceed 36 months (including deployment phase)

Type II (Prototype Technologies) More mature prototype technologies with a development phase and a

deployment phase (optional) Funding not to exceed 24 months (including deployment phase)

Type III (Mature Technologies) Mature technology with a deployment phase only.

Funding not to exceed 12 months

12 February 2008 25

BAA 07-09 Technical Topic Areas Botnets and Other Malware: Detection and Mitigation Composable and Scalable Secure Systems Cyber Security Metrics Network Data Visualization for Information Assurance Internet Tomography / Topography Routing Security Management Tool Process Control System Security

Secure and Reliable Wireless Communication for Control Systems Real-Time Security Event Assessment and Mitigation

Data Anonymization Tools and Techniques Insider Threat Detection and Mitigation

12 February 2008 26

Partnership Project LOGIIC is a model for

government-industry technology integration and demonstration efforts to address critical R&D needs

Industry contributes Requirements and operational expertise Project management Product vendor channels

DHS S&T contributes National Security Perspective on threats Access to long term security research Independent researchers with technical expertise Testing facilities

12 February 2008 27

Assist commercial companies in providing technology to DHS and other government agencies Emerging Security Technology Forum (ESTF)

Assist DHS S&T-funded researchers in transferring technology to larger, established security technology companies System Integrator Forum (Feb. 21, 2008)

Partner with the venture capital community to transfer technology to existing portfolio companies, or to create new ventures Cyber Entrepreneurs Workshop (Mar. 11, 2008)

Commercial Outreach Strategy

EstablishedCommercialCompanies

EmergingCommercialCompanies

GovernmentFunder/Customer

DHSResearchers

CommercialCustomers

12 February 2008 28

System Integrator Forum 2008 IronKey, Palo Alto, CA

Secure USB Token HBGary, Chevy Chase, MD

Malware Discovery Tool Grammatech, Ithaca, NY

Software Analysis (Binary and Source) George Mason Univ, Fairfax, VA

Network Vulnerability Analysis/Discovery Endeavor Systems, Arlington, VA

Pattern Recognition and Signature Analysis

2008 SIF – February 21 in WDC (see website)

12 February 2008 29

IT Security Entrepreneur Forum (ITSEF)

Hot Topics - Current Market Trends and Conditions How to Optimize Having the Government as Your Partner Communicating Your Value Proposition The Risks and Rewards of Selling to the Government Navigating the Government Procurement Process from A to Z Financing Your Startup in the Information Security Space

through Government Funds 2008 ITSEF – March 11 @ Stanford

http://www.publicprivatepartnerships.org

12 February 2008 30

University ProgramsCenters of Excellence (COE) Program Goals

Develop the management and communications infrastructure to produce, share and transition Centers’ research results, data and technology to analysts and policymakers

Align existing Centers and establish new Centers and initiatives to align with S&T Divisions’ research and development activities, and address additional DHS needs

Deliver the Centers’ advanced research products, technology and educated workforce that DHS will need to protect the country for the foreseeable future

12 February 2008 31

Center for Risk & Economic Analysis of Terrorism Events (CREATE)Based at the Univ. of Southern California

National Center for Food Protection & Defense (NCFPD)Based at the Univ. of Minnesota

National Center for Foreign Animal & Zoonotic Disease Defense (FAZD)Based at Texas A&M Univ.

National Consortium for the Study of Terrorism & Responses to Terrorism (START)Based at the Univ. of Maryland

National Center for Preparedness & Catastrophic Event Response (PACER)Based at Johns Hopkins Univ.

Current Centers of Excellence

12 February 2008 32

Center for Advancing Microbial Risk Assessment (CAMRA)Based at Michigan State Univ., in Partnership with U.S. EPA

Univ. Affiliate Centers to the Institute for Discrete Sciences (IDS-UACs)In Partnership with Lawrence Livermore National Laboratory:

Rutgers Univ. (Lead Center), Univ. of Southern California,Univ. of Illinois at Urbana-Champaign, Univ. of Pittsburgh

Regional Visualization & Analytics Centers (RVACs)In Partnership with National VAC at Pacific Northwest National Laboratory:

Penn State Univ., Purdue Univ., Stanford Univ., Univ. of North Carolina at Charlotte, Univ. of Washington

Southeast Regional Research Initiative (SERRI)

Kentucky Critical Infrastructure Protection Institute (KCI)

Centers of Excellence, cont.

Other University Research Initiatives

12 February 2008 33

New Centers Beginning in FY 2007-08

• COE for Explosives Detection, Mitigation and Response (Funded FY2007)

• COE for Border Security and Immigration (Funded FY2007)

• Northern Forest Borders• Southwest Desert Borders

• COE for Maritime, Island & Remote/Extreme Environment Security (Funded FY2007)

• COE for Natural Disasters, Coastal Infrastructure and Emergency Management (Funded FY2008)

12 February 2008 34

Education Programs

Individual Scholarships and Fellowships Institutional Scholarships & Fellowships Summer Internships AAAS/AVMA Visiting Scholars Post-Doc Program

12 February 2008 35

R&D Studies / Reports 1997 - President’s Commission on Critical

Infrastructure Protection (PCCIP) Critical Foundations: Protecting America’s Infrastructures

1999 – National Research Council Computer Science and Telecommunication Board Trust in Cyberspace

2003 - National Strategy to Secure Cyberspace http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf

2003 – Institute for Information Infrastructure Protection (I3P) Cyber Security Research And Development Agenda

2003 – Computing Research Association Four Grand Challenges in Trustworthy Computing

12 February 2008 36

R&D Studies / Reports (2) 2004 – National Infrastructure Advisory Council (NIAC)

Hardening The Internet 2005 - President's Information Technology

AdvisoryCommittee (PITAC) Cyber Security: A Crisis of Prioritization

http://www.nitrd.gov/pitac/reports/20050301_cybersecurity/cybersecurity.pdf

2005 – Infosec Research Council (IRC) Hard Problems List

2006 – National Science and Technology Council (NSTC) Federal Plan for Cyber Security and Information Assurance Research

and Development 2007 – National Research Council Computer Science and

Telecommunication Board Toward a Safer and More Secure Cyberspace

12 February 2008 37

R&D Matrix

Document Date Iden

tity

Man

agem

ent

Insi

der

Thr

eat

Sys

tem

Ava

ilabi

lity

Bui

ld S

ecur

e S

yste

ms

Situ

atio

nal U

nder

stan

ding

Info

rmat

ion

Pro

vena

nce

Sec

urity

wity

Priv

acy

Sec

urity

Met

rics

Elim

inat

e A

ttac

ks

Ris

k A

naly

sis

Sec

ure

Ubi

quito

us C

ompu

ting

Ent

erpr

ise

Sec

urity

Man

agem

ent

Sec

urity

Vul

nera

bilit

y D

isco

very

Res

pons

e an

d R

ecov

ery

Tra

ceba

ck,

Att

ribut

ion,

and

For

ensi

cs

Law

, P

olic

y, a

nd E

cono

mic

Iss

ues

Inte

rnet

Inf

rast

ruct

ure

Ano

mal

y D

etec

tion

Too

ls

Inad

equa

te F

undi

ng f

or R

&D

Pro

mot

e re

crui

tmen

t of

res

earc

hers

and

stu

dent

s

Str

engt

hen

tech

nolo

gy t

rans

ition

Impr

ove

Gov

ernm

ent

R&

D C

oord

inat

ion

Tes

tbed

s

Impr

oved

Aut

hent

icat

ion

and

Key

Man

agem

ent

Pres Commission on CIP Oct. 1997 X X X X X X XTrust in Cyberspace 1999 X X X X X X X XI3P R&D Agenda Jan. 2003 X X X X X X X XNat'l Strategy to Secure Cyberspace Mar. 2003 X X X X XComputing Research AssocTrustworthy Computing

Nov. 2003 X X X X

NIAC Hardening the Internet Oct. 2004 X X X XPITAC - Cyber Security: ACrisis of Prioritization

Feb. 2005 X X X X X X X X X X X X X X

Infosec Research Council Hard Problems List

Nov. 2005 X X X X X X X X

Federal R&D Plan Apr. 2006 X X X X X X X X X X X X X X X X X X X X X X X XNRC - Safer Cyberspace Jul. 2007 X X X X X X X X

12 February 2008 38

High ConfidenceSoftware and

Systems (HCSS)Coordinating Group

Human Computer Interaction and

Information Management (HCI&IM)Coordinating Group

Software Design and Productivity (SDP)

Coordinating Group

Social, Economic, and Workforce

Implications of IT and IT Workforce

Development (SEW)Coordinating Group

NITRD Program Coordination

Office of Science and Technology Policy

National Coordination Office (NCO) for Networking and Information Technology

Research and Development

Cyber Security and Information Assurance (CSIA)

Interagency Working Group

Cyber Security and Information Assurance (CSIA)

Interagency Working Group

Large Scale Networking (LSN)

Coordinating Group

Subcommittee on Networking and Information Technology Research and

Development (NITRD)

NITRD AgencyAuthorization and Appropriations

Legislation

High End Computing (HEC)Interagency Working GroupHigh End Computing (HEC)Interagency Working Group

Subcommittee on Infrastructure

Subcommittee on Infrastructure

White HouseExecutive Office of the President

Committee on Homeland and

National Security

Committee on Homeland and

National Security

Committee on Technology

Committee on Technology

U.S. Congress

National Science and Technology CouncilNational Science and Technology Council

12 February 2008 39

Tackling Cyber Security R&D Challenges: Not Business as Usual

Key people (i.e., Congress) now paying attention Close coordination with other Federal agencies Outreach to communities outside of the Federal

government Building public-private partnerships (the industry-

government *dance* is a new tango) Need a stronger emphasis on technology diffusion

and technology transfer Migration paths to a more secure infrastructure Awareness of economic realities

12 February 2008 40

Douglas Maughan, Ph.D.

Program Manager, CCI

douglas.maughan@dhs.gov

202-254-6145 / 202-360-3170

For more information, visithttp://www.cyber.st.dhs.gov