Government Research Needs: Who Funds What?
|
|
- Claire Foster
- 8 years ago
- Views:
Transcription
1 Dept. of Homeland Security Science & Technology Directorate Government Research Needs: Who Funds What? ACSAC 2009 Honolulu, HI December 10, 2009 Douglas Maughan, Ph.D. Branch Chief / Program Mgr. douglas.maughan@dhs.gov /
2 Science and Technology (S&T) Mission Conduct, stimulate, and enable research, development, test, evaluation and timely transition of homeland security capabilities to federal, state and local operational end-users. 10 December
3 R&D Execution Model Post R&D Customers * CS&C * NCSC * OCIO * USSS * National Documents Customers Other Sectors e.g., Banking & Finance Prioritized Requirements Pre R&D Critical Critical Infrastructure Infrastructure Providers Providers Outreach Venture Community & Industry Experiments and Exercises R&D Coordination Government & Industry Workshops CIP Sector Roadmaps DNSSEC R&D SPRI Solicitation Preparation Cyber Security Assessment Cyber Forensics Emerging Threats HOST Supporting Programs BAAs SBIRs DETER PREDICT 10 December
4 Agenda Information Infrastructure Security Critical Infrastructure and Key Resources (CI/KR) National Research Infrastructure Next Generation Technologies Broad Agency Announcements (BAAs) Two new program areas (2009) Cyber Forensics and Homeland Open Security Technology (HOST) SBIRs, Experimental Deployments, Outreach New Emphasis Areas Software Assurance Education, Competitions, Challenges Research Landscape 10 December
5 National Strategy to Secure Cyberspace The National Strategy to Secure Cyberspace (2003) recognized the DNS as a critical weakness NSSC called for the Department of Homeland Security to coordinate public-private partnerships to encourage the adoption of improved security protocols, such as DNS The security and continued functioning of the Internet will be greatly influenced by the success or failure of implementing more secure and more robust BGP and DNS. The Nation has a vital interest in ensuring that this work proceeds. The government should play a role when private efforts break down due to a need for coordination or a lack of proper incentives. 10 December
6 Information Infrastructure Security DNSSEC Domain Name System Security Working with OMB, GSA, NIST to ensure USG is leading the global deployment efforts Working with vendor community to ensure solutions SPRI Secure Protocols for Routing Infrastructure Working with global registries to deploy Public Key Infrastructure (PKI) between ICANN/IANA and registry and between registry and ISPs/customers Working with industry to develop solutions for our current routing security problems and future technologies 10 December
7 History of Routing Outages Commercial Internet -- specific network outages Apr 1997 AS 7007 announced routes to all the Internet Apr 1998 AS 8584 mis-announced 100K routes Dec 1999 AT&T s server network announced by another ISP misdirecting their traffic (made the Wall Street Journal) May 2000 Sprint addresses announced by another ISP Apr 2001 AS mis-announced 5K routes Dec 24, 2004 thousands of networks misdirected to Turkey Feb 10, 2005: Estonian ISP announced a part of Merit address space Sep 9, 2005 AT&T, XO and Bell South (12/8, 64/8, 65/8) misdirected to Bolivia [the next day, Germany prompting AT&T to deaggregate] Jan 22, 2006 Many networks, including PANIX and Walrus Internet, misdirected to NY ISP (Con Edison (AS27506)) Feb 26, Sprint and Verio briefly passed along TTNET (AS9121 again?) announcements that it was the origin AS for 4/8, 8/8, and 12/8 Feb 24, 2008 Pakistan Telecom announces /24 from YouTube March 2008 Kenyan ISP s /24 announced by AboveNet Frequent full table leaks, e.g., Sep08 (Moscow), Nov08 (Brazil), Jan09(Russia) 10 December
8 SPRI Roadmap COMMENTS ARE ENCOURAGED!!! Roadmap Outline Threats Two major areas Deployment Mechanisms (e.g., BCPs) Protocol Issues Research Near term research Long term research Other research problems 10 December
9 SPRI Deployment Activities Working with registries to deploy PKI between ICANN/IANA and registry and between registry and ISPs/customers Pilot project with the Asia-Pacific Network Information Center (APNIC) to add public key infrastructure to registration operations BGPSEC Protocol Design Team Router Vendors, ISPs, Standards, Academics End Goal: Agreed upon secure routing protocol that can be expedited through the Internet standards process, implemented by router vendors, and deployed by ISPs Tools to help current routing research and operations Check out new RouteViews Real-time data feeds Tool for Prefix Hijack Alert System (PHAS / Cyclops) Tool for Prefix Checker (PCH) 10 December
10 DECIDE (Distributed Environment for Critical Infrastructure Decision-making Exercises) Provide a dedicated exercise capability for several critical infrastructures in the U.S. Beginning with Banking and Finance Foster an effective, practiced business continuity effort to deal with increasingly sophisticated cyber threats Enterprises will be able to initiate their own large-scale exercises, define their own scenarios, protect their proprietary data, and learn vital lessons to enhance business continuity, all from their desktops Think through sector impacts and responses to operational disruptions of market-based transactions across networks of the National Planning Scenarios Enhance coordination during a large-scale disruption to key infrastructures The concept has been reviewed by and developed with input from experts at ChicagoFIRST, the Options Clearing Corporation, ABN- AMRO, Eurex, Archipelago, Bank of New York, and CitiBank. The Financial Services Sector Coordinating Council R&D Committee has organized a user-group of subject matter experts paid by their respective financial institutions to support the project over the next two years. 10 December
11 LOGIIC Linking Oil & Gas Industry to Improve Cybersecurity A collaboration of oil and natural gas companies and DHS S&T to facilitate cooperative research, development, testing, and evaluation procedures to improve cyber security in Industrial Automation and Control Systems. Consortium under the Automation Federation Industry determines the R&D projects and then government, industry, and national labs help them execute the projects and then promote the results to the rest of the sector Raising awareness for the whole community 10 December
12 TCIPG Trustworthy Computing Infrastructure for the Power Grid Drive the design of an adaptive, resilient, and trustworthy cyber infrastructure for transmission & distribution of electric power Protecting the cyber infrastructure Making use of information to detect and respond to attacks Supporting greatly increased throughput and timeliness requirements Support the provisioning of a new resilient smart power grid that Enables advanced energy applications High-speed monitoring and asset control, advanced metering, diagnostics & maintenance 10 December
13 Agenda Information Infrastructure Security Critical Infrastructure and Key Resources (CI/KR) National Research Infrastructure Next Generation Technologies Broad Agency Announcements (BAAs) Two new program areas (2009) Cyber Forensics and Homeland Open Security Technology (HOST) SBIRs, Experimental Deployments, Outreach New Emphasis Areas Software Assurance Education, Competitions, Challenges Research Landscape 10 December
14 National Research Infrastructure DETER - Researcher and vendor-neutral experimental infrastructure that is open to a wide community of users to support the development and demonstration of next-generation cyber defense technologies Over 170 users from 14 countries (and growing) PREDICT Repository of network data for use by the U.S.- based cyber security research community Privacy Impact Assessment (PIA) completed Over 330 datasets; Over 100 active users (and growing) End Goal: Improve the quality of defensive cyber security technologies 10 December
15 DETER Map of Global Users Over 170 users from 14 countries (and growing) 10 December
16 DETER Projects DoS Worms and malware Overlays, routing, replic. Hw, sw and netw. test Traceback and attribution Models, policies Classes Diagnosis and recovery Multicast, group comm. Collaborative security Scanning Authentication DNS Spam Spoofing Botnets Wireless 10 December
17 Data Collection Activities Classes of data that are interesting, people want collected, and seem reasonable to collect Netflow Packet traces headers and full packet (context dependent) Critical infrastructure BGP and DNS data Topology data IDS / firewall logs Performance data Network management data (i.e., SNMP) VoIP (2200 IP-phone network) Blackhole Monitor traffic 10 December
18 Agenda Information Infrastructure Security Critical Infrastructure and Key Resources (CI/KR) National Research Infrastructure Next Generation Technologies Broad Agency Announcements (BAAs) Two new program areas (2009) Cyber Forensics and Homeland Open Security Technology (HOST) SBIRs, Experimental Deployments, Outreach New Emphasis Areas Software Assurance Education, Competitions, Challenges Research Landscape 10 December
19 Next Generation Technologies R&D funding model that delivers both near-term and medium-term solutions: To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation s critical information infrastructure. To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging systems; To facilitate the transfer of these technologies into the national infrastructure as a matter of urgency. 10 December
20 BAA Program / Proposal Structure NOTE: Deployment Phase = Test, Evaluation, and Pilot deployment in (DHS) customer environments Type I (New Technologies) New technologies with an applied research phase, a development phase, and a deployment phase (optional) Funding not to exceed 36 months (including deployment phase) Type II (Prototype Technologies) More mature prototype technologies with a development phase and a deployment phase (optional) Funding not to exceed 24 months (including deployment phase) Type III (Mature Technologies) Mature technology with a deployment phase only. Funding not to exceed 12 months 10 December
21 BAA Technical Topic Areas Botnets and Other Malware: Detection and Mitigation 2 papers at ACSAC from Georgia Tech Composable and Scalable Secure Systems Cyber Security Metrics Network Data Visualization for Information Assurance Internet Tomography / Topography Routing Security Management Tools 1 paper at ACSAC from Colorado State Process Control System Security Secure and Reliable Wireless Communication for Control Systems Real-Time Security Event Assessment and Mitigation Data Anonymization Tools and Techniques Insider Threat Detection and Mitigation 10 December
22 Next Generation Technologies (2) Two Solicitations 2004 and topics, 17 awards totaling $13.9M 9 Academic (CA,GA,DE,NJ,VA,MI,NH) 8 Private Sector (NY,MD,MN,NJ,MA,TX) 8 commercial products, 2 open source products topics, 17 awards totaling $13.7M 6 Academic (CA,GA,WA,CO,MD) 10 Private Sector (NY,CO,CA,FL,WI,VA) 1 National Lab (NM) 2 commercial products, 4 open source products (so far) Expect another BAA in FY10 10 December
23 Sample Product List Grammatech Binary Analysis tools Coverity Open Source Hardening (SCAN) Telcordia Automated Vulnerability Analysis GMU Network Topology Analysis (Cauldron) Stanford Anti-Phishing Technologies Ironkey Secure USB USURF Cyber Exercise Planning tool HBGary Memory and Malware Analysis Secure Decisions Data Visualization Secure64 DNSSEC Automation 10 December
24 Cyber Forensics Initial requirements working group held 11/20/08 Attendees from USSS, CBP, ICE, FLETC, FBI, NIJ, TSWG, NIST, Miami-Dade PD, Albany NY PD Initial list of projects Mobile device forensic tools GPS forensics tools LE First responder field analysis kit Combined High-speed data capture and deep packet inspection Live stream capture for gaming systems Memory analysis and malware tools Information Clearing House S&T initiated 6 projects in FY09 totaling $2M 10 December
25 Homeland Open Security Technology (HOST) Promote the development and implementation of open source solutions within US Federal, state and municipal government agencies Initial list of projects Federal Government Open Source Census GovernmentForge Open Source Software Repository Work with Open Information Security Foundation New open source IDS Work with community on open source software quality analysis US Government security evaluation processes OpenSSL FIPS validation S&T initiated projects in FY09 totaling $1.5M 10 December
26 Agenda Information Infrastructure Security Critical Infrastructure and Key Resources (CI/KR) National Research Infrastructure Next Generation Technologies Broad Agency Announcements (BAAs) Two new program areas (2009) Cyber Forensics and Homeland Open Security Technology (HOST) SBIRs, Experimental Deployments, Outreach New Emphasis Areas Software Assurance Education, Competitions, Challenges Research Landscape 10 December
27 Small Business Innovative Research (SBIR/STTR) FY04 Cross-Domain Attack Correlation Technologies (2) Real-Time Malicious Code Identification (2) Advanced Secure Supervisory Control and Data Acquisition (SCADA) and Related Distributed Control Systems (5) FY05 Hardware-assisted System Security Monitoring (4) FY06 Network-based Boundary Controllers (3) Botnet Detection and Mitigation (4) FY07 Secure and Reliable Wireless Communication for Control Systems (2) FY09 Software Testing and Vulnerability Analysis 10 December
28 Small Business Innovative Research (SBIR) Important program for creating new innovation and accelerating transition into the marketplace Since 2004, DHS S&T Cyber Security has had: 47 Phase I efforts 22 Phase II efforts 12 efforts currently in progress 8 commercial products available Three acquisitions Komoku, Inc. (MD) acquired by Microsoft in March 2008 Endeavor Systems (VA) acquired by McAfee in January 2009 Solidcore (CA) acquired by McAfee in June December
29 Experimental Deployments NCSD / US-CERT Botnet Detection and Mitigation technology from Univ of Michigan Data Visualization technology from Secure Decisions DHS S&T CIO Secure USB technology from IronKey (CA) user deployment within S&T Secure Wireless Access Prototype from BAE Systems (VA) 50 user deployment within S&T Botnet Detection and Mitigation technology from Georgia Tech (GA) and Milcord (MA) Deployment on S&T Labnet and DREN (DOD Research and Engineering Network) SCADA system event detection technology from Digital Bond (FL) Deployment on S&T Plum Island system Regional Technology Integration Initiative (S&T IGD partner) City of Seattle and surrounding cities Botnet Detection and Mitigation technology from Univ of Michigan 10 December
30 Outreach System Integrator Forum held twice in WDC Assist DHS S&T-funded researchers in transferring technology to larger, established security technology companies Information Technology Security Entrepreneurs Forum (ITSEF) held three times at Stanford in Palo Alto, CA Partner with the venture capital community to assist entrepreneurs and small business better understand both the government marketplace and the venture community Next one in March 2010; Another one in WDC in October 2010 Information Security Technology Transition Council (ITTC) Held tri-annually in Menlo Park, CA Attendees include venture capitalists, industry, law enforcement, academia, and government WDC Conferences CATCH March 3-4, 2009; Global Cyber Security Conference August 4-6, December
31 Agenda Information Infrastructure Security Critical Infrastructure and Key Resources (CI/KR) National Research Infrastructure Next Generation Technologies Broad Agency Announcements (BAAs) Two new program areas (2009) Cyber Forensics and Homeland Open Security Technology (HOST) SBIRs, Experimental Deployments, Outreach New Emphasis Areas Software Assurance Education, Competitions, Challenges Research Landscape 10 December
32 DHS S&T SBIR Solicitation FY09.2 Topic H-SB Software testing and Vulnerability Analysis Objective: Develop services and capabilities to rigorously and routinely build, test, and analyze source and binary forms of software in realistic conditions representative of operational environments in Federal Government and other critical infrastructures. Most proposals (38) received among all topics 7 Phase I awards made for up to $100K each 10 December
33 SBIR Phase I Awards See for abstracts Software Assurance Analysis and Visual Analytics Applied Visions, Inc. (NY) Eliminating barriers to code quality and security with increased timeliness and accuracy of analysis Coverity, Inc. (CA) Run Time Tools Output Integration Framework Data Access Technologies, Inc. (VA) Concolic Testing with Metronome Grammatech, Inc. (NY) CodeSonar with Metronome Grammatech, Inc. (NY) Concurrency vulnerabilities: Combining dynamic and static analyses for detection and remediation SureLogic, Inc. (PA) Virtualization and Static Analysis to Detect Memory Overwriting Vulnerabilities Zephyr Software, LLC (VA) 10 December
34 Statement of Problem Problem: The U.S. is not producing enough computer scientists and CS degrees CS/CE enrollments are down 50% from 5 years ago 1 CS jobs are growing faster than the national average 2 Taulbee Survey, CRA BLS Computer Science/STEM have been the basis for American growth for 60 years The gap in production of CS threatens continued growth and also national security Defense, DHS, CNCI and industry all need more CS and CE competencies now 1 Taulbee Survey , Computer Research Association, May 2008 Computing Research News, Vol. 20/No. 3 2 Nicholas Terrell, Bureau of Labor Statistics, STEM Occupations, Occupational Outlook Quarterly, Spring December
35 Future Cyber Crime Fighter = Middle School or High School Student (12-18 years old) Or 55 Year-old Retiree? WHICH IS IT? BOTH (and everywhere in between) 10 December
36 Think about.. What does a 10-year or 20-year cyber crime veteran look like? How many do we actually have (as a nation)? Are there well-defined career paths and HR mechanisms in place to ensure progression and promotion of a cyber crime fighter? What incentives are in place to enable a mid-life career change? Where is the initiative that s going to create all of these future cyber crime fighters and who s going to pay the bill to train and deploy them? 10 December
37 CCDC Mission The mission of the Collegiate Cyber Defense Competition (CCDC) system is to provide institutions with an information assurance or computer security curriculum a controlled, competitive environment to assess a student's depth of understanding and operational competency in managing the challenges inherent in protecting a corporate network infrastructure and business information systems. CCDC Events are designed to: Build a meaningful mechanism by which institutions of higher education may evaluate their current educational programs Provide an educational venue in which students are able to apply the theory and practical skills they have learned in their course work Foster a spirit of teamwork, ethical behavior, and effective communication both within and across teams Create interest and awareness among participating institutions and students 10 December
38 CCDC Program 10 December
39 2009 CCDC Northwest Regional North Central Regional Midwest Regional Northeast Regional West Coast Regional MidAtlantic Regional Southwest Regional Southeast Regional 10 December
40 2009 CCDC 8 Regional competitions in New regionals for 2009 Northwest: University of Washington North Central: Dakota State University NCCDC April 17-19, 2009 in San Antonio Baker College * Texas A&M * University of North Carolina at Charlotte * Cal Poly Pomona University of Washington Dakota State University University of Pittsburgh Northeastern University * previous winners 2009 Winner: Baker College of Flint, Michigan 10 December
41 U.S. Cyber Challenge DC3 Digital Forensics Challenge An Air Force Association national high school cyber defense competition CyberPatriot Defense Competition A Department of Defense Cyber Crime Center competition focusing on cyber investigation and forensics Netwars Capture-the-Flag Competition A SANS Institute challenge testing mastery of vulnerabilities 10 December
42 Agenda Information Infrastructure Security Critical Infrastructure and Key Resources (CI/KR) National Research Infrastructure Next Generation Technologies Broad Agency Announcements (BAAs) Two new program areas (2009) Cyber Forensics and Homeland Open Security Technology (HOST) SBIRs, Experimental Deployments, Outreach New Emphasis Areas Software Assurance Education, Competitions, Challenges Research Landscape 10 December
43 Timeline of Past Research Reports President s Commission on CIP (PCCIP) NRC CSTB Trust in Cyberspace I3P R&D Agenda National Strategy to Secure Cyberspace Computing Research Association 4 Challenges NIAC Hardening the Internet PITAC - Cyber Security: A Crisis of Prioritization IRC Hard Problems List NSTC Federal Plan for CSIA R&D NRC CSTB Toward a Safer and More Secure Cyberspace All documents available at 10 December
44 Areas of Potential Research Global Scale Identity Management Scalable Trustworthy Systems Survivability of Time-Critical Systems Situational Understanding and Attack Attribution Combating Insider Threats Data Provenance Privacy-Aware Security Enterprise Level Metrics Coping with Malware and Botnets Usability and Security System Evaluation Lifecycle Network recovery and reconstitution Cyber Security economic modeling Modeling of Internet Attacks - critical infrastructure Process Control System (PCS) security Software Quality Assurance Finance Sector R&D Agenda 10 December
45 DHS S&T Roadmap Original 8 topics from the IRC Hard Problems List Usability and Security Coping with Malware and Botnets System Lifecycle Evaluation Publication in December 2009 Will be available at and also in hardcopy Source for future solicitations 10 December
46 Summary DHS has a difficult mission many supporters, many critics, continues to make improvements Activities around Washington, DC having an impact on operational and research agendas DHS S&T is moving forward with an aggressive cyber security research agenda Working with the community to solve the cyber security problems of our current (and future) infrastructure Working with academe and industry to improve national research infrastructure Looking at future R&D agendas with the most impact for the nation 10 December
47 Conclusion Together we must make a difference to improve the cyber security landscape of our country and world 10 December
48 Douglas Maughan, Ph.D. Branch Chief / Program Mgr. douglas.maughan@dhs.gov / For more information, visit 10 December
DHS S&T Cyber Security Division (CSD) Overview
Dept. of Homeland Security Science & Technology Directorate DHS S&T Cyber Security Division (CSD) Overview BAA 11-XX Industry Day WDC November 17, 2010 Douglas Maughan, Ph.D. Division Director Cyber Security
More informationDHS S&T Cyber Security Division (CSD) Overview
Dept. of Homeland Security Science & Technology Directorate DHS S&T Cyber Security Division (CSD) Overview NDIA Executive Briefing Crystal City, VA February 17, 2011 Douglas Maughan, Ph.D. Division Director
More informationDHS S&T Cyber Security Division (CSD) Overview
Dept. of Homeland Security Science & Technology Directorate DHS S&T Cyber Security Division (CSD) Overview TCIPG Industry Workshop UIUC November 8, 2011 Greg Wigton Program Manager Cyber Security Division
More informationCyber Security Division Overview
Homeland Security Advanced Research Projects Agency Cyber Security Division Overview Douglas Maughan, Ph.D. Director October 9, 2012 http://www.cyber.st.dhs.gov Environment: Greater Use of Technology,
More informationDHS S&T Cyber Security R&D Program
Dept. of Homeland Security Science & Technology Directorate DHS S&T Cyber Security R&D Program PSU NSRC Industry Day State College, PA October 17, 2006 Douglas Maughan, Ph.D. Program Manager, HSARPA douglas.maughan@dhs.gov
More informationMary Ellen Seale National Protection and Programs Directorate May 16, 2012
Finding & Integrating CyberTech in the U.S. Government Mary Ellen Seale National Protection and Programs Directorate May 16, 2012 Obtaining Federal Funding Understanding the Landscape Contracting Small
More informationBenefits of Collaborative Science and Innovation - Improve Cyber Security
Public-Private Cooperation in Cybersecurity Research Strategy Development across the Globe A View from the U.S. Department of Homeland Security (DHS) Background Envision a future... in which universities
More informationRelease of the Draft Cybersecurity Procurement Language for Energy Delivery Systems
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas
More informationCyber Security Research and Development a Homeland Security Perspective
FBI ----------------------------------------- INFRAGARD National Conference ----------------------------------------- 2005 Cyber Security Research and Development a Homeland Security Perspective Annabelle
More informationActions and Recommendations (A/R) Summary
Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry
More informationPREDICT: A Data Repository for Cyber Security Research
PREDICT: A Data Repository for Cyber Security Research Charlotte Scheper RTI International Manish Karir DHS S&T 1 RTI International is a trade name of Research Triangle Institute. www.rti.org What is PREDICT?
More informationDHS S&T Cyber Security Division (CSD) PREDICT Overview
Homeland Security Advanced Research Projects Agency DHS S&T Cyber Security Division (CSD) PREDICT Overview Douglas Maughan Division Director November 2, 2015 http://www.dhs.gov/cyber-research DHS S&T Research
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationPreventing and Defending Against Cyber Attacks October 2011
Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their
More informationPreventing and Defending Against Cyber Attacks June 2011
Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified
More informationHow To Transition Research Into Practice
2013 IEEE. Appears in IEEE Security & Privacy Magazine, Vol. 11, No. 2, March- April 2013, pp. 14-23. (https://ieeexplore.ieee.org/xpl/articledetails.jsp?tp=&arnumber=6493323) Crossing the Valley of Death
More informationCyber Security Division FY 2012 Annual Report
Cyber Security Division FY 2012 Annual Report Cyber Security Divison FY 2012 Annual Report LETTER FROM THE DIRECTOR Douglas Maughan, Ph.D. Cyber adversaries continue to present a full spectrum of threats
More informationHomeland Open Security Technology HOST Program
Homeland Open Security Technology HOST Program Informational Briefing August 2011 Sponsored by: U.S. Department of Homeland Security Science and Technology Directorate Implemented by: Open Technology Research
More informationNICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
More informationPreventing and Defending Against Cyber Attacks November 2010
Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing
More informationTUSKEGEE CYBER SECURITY PATH FORWARD
TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,
More informationUpdate On Smart Grid Cyber Security
Update On Smart Grid Cyber Security Kshamit Dixit Manager IT Security, Toronto Hydro, Ontario, Canada 1 Agenda Cyber Security Overview Security Framework Securing Smart Grid 2 Smart Grid Attack Threats
More informationDHS S&T Cyber Security R&D Programs
Homeland Security Advanced Research Projects Agency DHS S&T Cyber Security R&D Programs Ann Cox, PhD Program Manager October 24, 2014 http://www.dhs.gov/cyber-research Presentation Outline Threat Space
More information7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008
U.S. D EPARTMENT OF H OMELAND S ECURITY 7 Homeland Fiscal Year 2008 HOMELAND SECURITY GRANT PROGRAM ty Grant Program SUPPLEMENTAL RESOURCE: CYBER SECURITY GUIDANCE uidelines and Application Kit (October
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationUS Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST)
US Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST) william.newhouse@nist.gov NITRD Structure for US Federal Cybersecurity
More informationCybersecurity Resources
Assessment Resources Cybersecurity Resources Cyber Resiliency Review (CRR) is a DHS assessment tool that measures the implementation of key cybersecurity capacities and capabilities. The goal of the CRR
More informationCritical Controls for Cyber Security. www.infogistic.com
Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationToward a Federal Cybersecurity Research Agenda: Three Game-changing Themes
Toward a Federal Cybersecurity Research Agenda: Three Game-changing Themes Toward a Federal Cybersecurity Research Agenda: Three Game-changing Themes Dr. Jeannette Wing Assistant Director for Computer
More informationPanel Session: Lessons Learned in Smart Grid Cybersecurity
PNNL-SA-91587 Panel Session: Lessons Learned in Smart Grid Cybersecurity TCIPG Industry Workshop Jeff Dagle, PE Chief Electrical Engineer Advanced Power and Energy Systems Pacific Northwest National Laboratory
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationHow To Improve Federal Network Security
Department of Federal Network Trusted Internet Connections (TIC) Update for the Information and Privacy Advisory Board July 29, 2009 Federal Network (FNS) Federal Network Branch Branch Vision: To be the
More informationNetwork Security Deployment (NSD)
Network Security Deployment (NSD) National Cybersecurity Protection System (NCPS) 11 July 2012 What is the NCPS? National Cybersecurity Protection System (NCPS) is the program of record within the Department
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationIn December 2011, the White House Office of Science. Introducing the federal cybersecurity R&D strategic plan. Leaping ahead on cybersecurity
Introducing the federal cybersecurity R&D strategic plan Douglas Maughan, Bill Newhouse, and Tomas Vagoun In December 2011, the White House Office of Science and Technology Policy (OSTP) released the document,
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationSDN Security Challenges. Anita Nikolich National Science Foundation Program Director, Advanced Cyberinfrastructure July 2015
SDN Security Challenges Anita Nikolich National Science Foundation Program Director, Advanced Cyberinfrastructure July 2015 Cybersecurity Enhancement Act 2014 Public-Private Collaboration on Security (NIST
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationNational Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity
National Cybersecurity Challenges and NIST Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity Though no-one knows for sure, corporate America is believed to lose anything
More informationComputer Network Security & Privacy Protection
Overview Computer Network Security & Privacy Protection The Nation s electronic information infrastructure is vital to the functioning of the Government as well as maintaining the Nation s economy and
More informationUS Federal Cyber Security Research Program. NITRD Program
US Federal Cyber Security Research Program NITRD Program Purpose The primary mechanism by which the U.S. Government coordinates its unclassified Networking and IT R&D (NITRD) investments Supports NIT-related
More informationSTATEMENT OF. Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration
STATEMENT OF Dr. David McClure Associate Administrator Office of Citizen Services and Innovative Technologies General Services Administration BEFORE THE HOUSE COMMITTEE ON HOMELAND SECURITY SUBCOMMITTEE
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationUS-CERT Overview & Cyber Threats
US-CERT Overview & Cyber Threats National Cyber Security Division United States Computer Emergency Readiness Team June 2006 Agenda Introduction to US-CERT Overview of why we depend on a secure cyberspace
More information2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy
2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,
More informationCyber Security Research and Development: A Homeland Security Perspective
Cyber Security Research and Development: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D 202-772-9867 Outline! DHS Organizational Overview Cyber Security Stakeholders
More informationSecuring the Electric Grid with Common Cyber Security Services Jeff Gooding
Securing the Electric Grid with Common Cyber Security Services Jeff Gooding TCIPG Seminar April 4, 2014 Southern California Edison (SCE) is committed to safely providing reliable and affordable electricity
More informationWhy Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP
Why Cybersecurity Matters in Government Contracting Robert Nichols, Covington & Burling LLP Cybersecurity is the No. 1 Concern of General Counsel and Directors 2 Cybersecurity Concerns in the Government
More informationCyber Watch. Written by Peter Buxbaum
Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs
More informationNational Initiative for Cybersecurity Education
ISACA National Capital Area Chapter March 25, 2014 National Initiative for Cybersecurity Education Montana Williams, Branch Chief Benjamin Scribner, Program Director Department of Homeland Security (DHS)
More informationU. S. Attorney Office Northern District of Texas March 2013
U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate
More informationResearch and Educational Networking Information Analysis and Sharing Center (REN-ISAC)
Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC) Doug Pearson Director, REN-ISAC ren-isac@iu.edu Copyright Trustees of Indiana University 2003. Permission is granted
More informationAn Update from Washington Cybersecurity / R&D
Homeland Security Advanced Research Projects Agency An Update from Washington Cybersecurity / R&D Douglas Maughan, Ph.D. Division Director October 30, 2012 http://www.cyber.st.dhs.gov Environment: Greater
More informationStanding together for financial industry cyber resilience Quantum Dawn 3 after-action report. November 23, 2015
Standing together for financial industry cyber resilience Quantum Dawn 3 after-action report November 23, 2015 Table of contents Background Exercise objectives Quantum Dawn 3 (QD3) cyberattack scenario
More informationWorkshop on Infrastructure Security and Operational Challenges of Service Provider Networks
Workshop on Infrastructure Security and Operational Challenges of Service Provider Networks Farnam Jahanian University of Michigan and Arbor Networks IFIP Working Group 10.4 June 29-30, 2006 What s the
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationManned Information Security
Manned Information Security Adversary Pursuit and Active Network Defense root9b Technologies (RTNB) Presented By: John Harbaugh, COO CONFIDENTIALITY NOTICE This briefing, including any attachments, is
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More information(BDT) BDT/POL/CYB/Circular-002. +41 22 730 6057 +41 22 730 5484 cybersecurity@itu.int
2011 15 (BDT) BDT/POL/CYB/Circular-002 +41 22 730 6057 +41 22 730 5484 cybersecurity@itu.int 2008 2010 2010 International Telecommunication Union Place des Nations CH-1211 Geneva 20 Switzerland Tel: +41
More informationIEEE-Northwest Energy Systems Symposium (NWESS)
IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific
More informationEINSTEIN 3 - Accelerated (E 3 A)
for EINSTEIN 3 - Accelerated (E 3 A) April 19, 2013 DHS/PIA/NPPD-027 Contact Point Brendan Goode Director, Network Security Deployment Office of Cybersecurity & Communications National Protection and Programs
More informationEnergy Cybersecurity Regulatory Brief
Energy Understand the regulations that impact the energy industry and accelerate information security initiatives. Contents Overview 3 A Highly Vulnerable Energy Industry 4 Key Regulations to Consider
More informationSecurity Coordination with IF-MAP
Security Coordination with IF-MAP Matt Webster, Lumeta 28 Sept 2010 Copyright 2010 Trusted Computing Group Agenda Threat Landscape and Federal Networks Recap of TNC Explanation of IF-MAP What is IF-MAP?
More informationPrivacy and Security in Healthcare
5 th 5 th th National HIPAA Summit National Strategy to Secure Cyberspace Privacy and Security in Healthcare October 31, 2002 Andy Purdy Senior Advisor, IT Security and Privacy The President s Critical
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationWritten Statement of Richard Dewey Executive Vice President New York Independent System Operator
Written Statement of Richard Dewey Executive Vice President New York Independent System Operator Senate Standing Committee on Veterans, Homeland Security and Military Affairs Senator Thomas D. Croci, Chairman
More informationParticipants: Introduction:
National Conversation A Trusted Cyber Future Discussion Led by Dan Massey, CSD Program Manager Moderator: Joe Gersch (Secure 64) Department of Homeland Security Science and Technology Directorate (DHS
More informationNIST Cybersecurity Initiatives. ARC World Industry Forum 2014
NIST Cybersecurity Initiatives Keith Stouffer and Vicky Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL National Institute of Standards and Technology (NIST) NIST s mission
More informationTHE WHITE HOUSE Office of the Press Secretary
FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationIntroduction to NICE Cybersecurity Workforce Framework
Introduction to NICE Cybersecurity Workforce Framework Jane Homeyer, Ph.D., Deputy ADNI/HC for Skills and Human Capital Data, ODNI Margaret Maxson, Director, National Cybersecurity Education Strategy,
More informationDenial of Service Attacks and Resilient Overlay Networks
Denial of Service Attacks and Resilient Overlay Networks Angelos D. Keromytis Network Security Lab Computer Science Department, Columbia University Motivation: Network Service Availability Motivation:
More informationMARYLAND. Cyber Security White Paper. Defining the Role of State Government to Secure Maryland s Cyber Infrastructure.
MARYLAND Cyber Security White Paper Defining the Role of State Government to Secure Maryland s Cyber Infrastructure November 1, 2006 Robert L. Ehrlich, Jr., Governor Michael S. Steele, Lt. Governor Message
More informationNetwork Cyber Security. Presented by: Motty Anavi RFL Electronics
Network Cyber Security Presented by: Motty Anavi RFL Electronics Agenda Cyber Security Threats Defense Strategy & Consequences Next Generation Networking ICS Vulnerabilities Liabilities Next Gen Networking
More informationDOE Cyber Security Policy Perspectives
DOE Cyber Security Policy Perspectives Mike Smith Senior Cyber Policy Advisor to the Assistant Secretary Department of Energy Overview of DOE Cybersecurity Priorities Protecting the DOE Enterprise from
More informationCyber Security Implications of SIS Integration with Control Networks
Cyber Security Implications of SIS Integration with Control Networks The LOGIIC SIS Project Standards Certification Education & Training Publishing Conferences & Exhibits Presenter Zach Tudor is a Program
More informationTHE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY
THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY DISCLAIMER Views expressed in this presentation are not necessarily those of our respective Departments Any answers to questions are our own opinions
More informationHow to use the National Cybersecurity Workforce Framework. Your Implementation Guide
How to use the National Cybersecurity Workforce Framework Your Implementation Guide A NATIONAL PROBLEM The Nation needs greater cybersecurity awareness. The US workforce lacks cybersecurity experts. Many
More informationCyber Incident Annex. Cooperating Agencies: Coordinating Agencies:
Cyber Incident Annex Coordinating Agencies: Department of Defense Department of Homeland Security/Information Analysis and Infrastructure Protection/National Cyber Security Division Department of Justice
More informationDoD Strategy for Defending Networks, Systems, and Data
DoD Strategy for Defending Networks, Systems, and Data November 13, 2013 Department DoDD of Defense Chief Information Officer DoD Strategy for Defending Networks, Systems, and Data Introduction In July
More informationSCADA Security Training
SCADA Security Training 1-Day Course Outline Wellington, NZ 6 th November 2015 > Version 3.1 web: www.axenic.co.nz phone: +64 21 689998 page 1 of 6 Introduction Corporate Background Axenic Ltd Since 2009,
More informationNational Initiative for Cyber Security Education
2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationHow To Protect Your Network From Intrusions From A Malicious Computer (Malware) With A Microsoft Network Security Platform)
McAfee Security: Intrusion Prevention System REV: 0.1.1 (July 2011) 1 Contents 1. McAfee Network Security Platform...3 2. McAfee Host Intrusion Prevention for Server...4 2.1 Network IPS...4 2.2 Workload
More informationFacilitated Self-Evaluation v1.0
Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Patricia Hoffman Facilitated Self-Evaluation v1.0 Assistant Secretary Office of Electricity Delivery and Energy Reliability U.S.
More informationIndustry involvement in education and research - TCIPG
1 Industry involvement in education and research - TCIPG Peter W. Sauer and William H. Sanders (and the TCIPG team) IEEE/PES GM, Denver, CO July 29, 2015 Outline History and facts TCIPG Overview and Vision
More informationIPv6: Network Security and the Next Generation of IP Communication
IPv6: Network Security and the Next Generation of IP Communication FORTINET IPv6 and Fortinet Solution Guide PAGE 2 Summary Many enterprises have IPv6 adoption on their technology roadmap due to the exhaustion
More informationCybersecurity High School and Beyond
Cybersecurity High School and Beyond High School Career Fair and Expo March 29, 2014 Diane G. Miller, CCP Director, Operations Northrop Grumman Information Security Program Director, CyberPatriot Topics
More informationEnterprise Security Tactical Plan
Enterprise Security Tactical Plan Fiscal Years 2011 2012 (July 1, 2010 to June 30, 2012) Prepared By: State Chief Information Security Officer The Information Security Council State of Minnesota Enterprise
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationGlobal Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)
Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro) NICE Conference 2014 CYBERSECURITY RESILIENCE A THREE TIERED SOLUTION NIST Framework for Improving Critical Infrastructure Cybersecurity
More informationNetwork Security Deployment Obligation and Expenditure Report
Network Security Deployment Obligation and Expenditure Report First and Second Quarters, Fiscal Year 2015 June 16, 2015 Fiscal Year 2015 Report to Congress National Protection and Programs Directorate
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop Small Agency Threat and Vulnerability Management Policy May 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy
More informationHomeland Security Perspectives: Cyber Security Partnerships and Measurement Activities
16 Oct 2012 Homeland Security Perspectives: Cyber Security Partnerships and Measurement Activities Bradford Willke Cyber Security Advisor, Mid Atlantic Region National Cyber Security Division (NCSD) Office
More informationSecurity Architecture: From Start to Sustainment. Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013
Security Architecture: From Start to Sustainment Tim Owen, Chief Engineer SMS DGI Cyber Security Conference June 2013 Security Architecture Topics Introduction Reverse Engineering the Threat Operational
More information