Robert F. Brammer, Ph.D. President and CEO, Brammer Technology, LLC ACSC Strategic Consultant

Transcription

1 Launch Conference September 20, 2011 William H. Guenther President and Founder, Mass Insight Global Partnerships Robert F. Brammer, Ph.D. President and CEO, Brammer Technology, LLC ACSC Strategic Consultant An Initiative of 18 Tremont Street, Suite 930 Boston, MA

2 The New England Goal The New England region is committed to be a global leader in confronting current and future cyber security challenges and to reinvigorate Route 128 to be the national cyber security beltway. From the White Paper Executive Summary produced on behalf of the ACSC and the five university members of the Massachusetts Green High Performance Computing Center (Boston University, Harvard, MIT, Northeastern, UMass) Advanced Cyber Security Center 2

3 New England Cyber Security: The Benchmarks First Adopter for Leading Edge Security Practices and Technology: Industry, Universities, Government National/Global Player in R+D and Education The leading university research center A major corporate IT/cyber security R+D and industry location The #1 choice for students based on academic programs and industry internships/work-study Advanced Cyber Security Center 3

4 IT-Cyber Security in New England: An Economic Opportunity and a Challenge Global cyber security business grows: an $80 billion market by 2017, estimated by Global Industry Analysts MA ITCD* the state s major sector: 300,000 jobs, 10% of employment, GSP 15%. With a strong security group led by RSA. Global IT/security users headquartered in New England: Financial services, defense, utilities, healthcare, universities Leading national research universities in all aspects of cyber security (although assets are fragmented and Carnegie-Mellon has the brand) The bottom line: In the 1970s, Silicon Valley and Route 128 were the same size. Time to choose opportunities to leap frog. *IT, Communications, Defense sector Advanced Cyber Security Center 4

5 The Economic Development Strategy: Build up talent/r&d clusters, jobs follow* Talent clusters are concentrated geographic pools of talent focused on a particular technology or specialized discipline (e.g. Route 128=networking engineers). Proximity still matters Critical mass is important Clusters need stars and supporting talent fueled by higher education Networking/connecting mechanisms are critical to develop a mature cluster * Assuming competitive costs and attractive business climate. Advanced Cyber Security Center 5

6 Flagship R&D Centers: A Pre-Competitive Paradigm Industry-University-Government Partnerships Networking, bundling, brokering talent and ideas. Bridging space for the three partners. Advanced Cyber Security Center 6

7 Industry-University-Government Partnerships The Innovation Timeline 6 MOS-2 YRS 2-7 YRS 7-20 YRS Commercial Development Technology Development & Demonstration Projects Discovery Short-term Funding: Industry IP: Proprietary Mid-range Multi-party, pre-competitive Funding: Government and Industry IP: Open or shared Long-term Funding: Government and Philanthropic IP: Nonproprietary Advanced Cyber Security Center 7

8 The Advanced Cyber Security Center The Advanced Cyber Security Center is a cross-sector collaboration organized to help protect the region s organizations from the rapidly evolving advanced and persistent cyber threats and to support New England s role as a center for cyber security R+D, education, talent and jobs. Advanced Cyber Security Center 8

9 Advanced cyber threats: Collaboration is key - no single organization can respond effectively Attacks are increasingly sophisticated The APT* will customize their malware to target each specific organization Malware is continually updated to ensure that it cannot be easily detected (Mandiant 2010) 56% of breaches require months to years to contain. (Verizon 2010 Data Breach Report) Interviews with ACSC Members Unlike most firms, we re configured so we can see where traffic is coming from and we re seeing a lot more attacks in the last six months that look like they re coming from state-sponsors. We watch these attackers and we know them. Some are very fast moving If you lose track of them in your system you can lose them for months, if not forever. Current solutions are not adequate 16% of breaches are discovered via active, deliberate detection. (Verizon) Only 24% of APT malware is detected by an anti-virus solution. (Mandiant 2010) There are plenty of security solutions available. The problem is that they all focus on one thing. To deal with today s attackers, It s imperative to look across the stack & connect the dots This is hard. We need to figure out how to do it. We are not keeping pace with attacker innovations. Organizations want to increase the sophistication of their employees & solutions the value of monitoring (perhaps we should say mining ) logs cannot be overstated. The signs are there; we just need to get better at recognizing them. (Verizon 2010 Data Breach Report) We contract out & have a pretty rich array of security services. What we need is to cultivate the investigative mindset of our staff. That will be key to improving our ability to detect and block. We are in reactive mode. We need to think much more creatively and develop proactive approaches Breaches are not acceptable. We need to anticipate the attacker and there s no reason why we can t. APT : Advanced Persistent Threat is the label applied to the most serious and complex cyber attackers. They are professionals and may be state-sponsored. 9

10 A New Hybrid Paradigm: ACSC and Existing Collaborations Actionable US CERT NCFTA DoD DC3 ISACs (esp. FS) Gap in addressing present and future APT with actionable guidance Legend Cross-sector Sector-specific Academic APT Focus BITS SANS (ISC) NSTAC CSOOnline DarkReading Financial Services Technology Consortium Informational Computer Security Research Center Vulnerability Databases: MITRE Open Source NIST CyLab (Carnegie Mellon) Dartmouth Johns Hopkins Purdue University of Texas, Austin Time Horizon Known threats RT / Unfolding Threats New, emerging threats Advanced Cyber Security Center Mass Insight Global Partnerships * ACSC Business Plan 10

11 ACSC: Strengthening short term defenses & longer term capability The ACSC will deliver actionable intelligence to bolster an organization s defenses in the short term and generate new defensive strategies and R+D in the longer term. What Near Term Results Medium Term Results Longer Term Results Front Line Analytics Identify new attack vectors Create new threat indicators New Predictive Analytics Development Predictive analytics to anticipate attack innovations Research & Development Develop longer term innovations & defensive capability How Baseline current organizational capability for assessing attacking Evaluate data from attacks & breaches Examine malware Apply predictive analytic techniques to anticipate new attack approaches (forensics, financial modeling etc.) Leverage results of analytics to develop new approaches, technical solutions to deterrence Who ACSC Staff Lead + Support Member front line staff ACSC Staff Lead + Support Data modeling experts Strategic Staff Research Collaborators Data & Information Sharing Advanced Cyber Security Center 11

12 ACSC: Serving the Whole Organization Executive Management Cultivating and delivering organizational success Operating Divisions and Business Line Managers Growing lines of business Recognition of the cyber threat and how to protect the business Technical Development and Systems Teams Understanding best practices for building secure systems Developing new solutions that improve business systems and security Chief Information Security Officer & Security Team Designing, implementing & assessing enterprise information security strategy approaches Establishing trusted connections with leading security experts in the region Leveraging the full breadth of the ACSC Risk Officers Balancing probabilities Improving understanding of the risks and mitigation approaches posed by the advanced cyber threat Operations & Systems Security Experts the front line staff Identifying new techniques Cultivating the talents and skills Marketing & Communications Reinforcing the Brand Demonstrating the commitment to protecting customers Leadership in a nascent area that will grow in importance Human Resources Delivering on the current and future talent needs Improving the strength of cyber security talent Mass Insight Global Partnerships * ACSC Business Plan Advanced Cyber Security Center 12

13 ACSC: Regional and National Networks Regional Leadership National Outreach National Cyber Security Framework Connecting to the national security resources: Department of Homeland Security Office of the Director of National Intelligence Department of Defense DoJ/ FBI Broader Business Community Expanding awareness Sharing insights Advanced Cyber Security Center Hosted by MITRE Collaborating to combat the most advanced cyber threats: Expanding organizational capability Improving defenses Addressing gaps in cyber security Defense Financial Services Utilities Education Government, Healthcare FFRDCs & Research Centers & Hanscom Air Force Base Educational Institutions Links to Other Regions Cultivating the next generation of talent Designing breakthroughs in solutions and approaches Security Collaboratives and academic centers Professional Services Industry Suppliers Technology Community Fostering innovation Mass Insight Global Partnerships * ACSC Business Plan Advanced Cyber Security Center 13

14 ACSC Members and Partners Charter Members: Blue Cross Blue Shield of Massachusetts Commonwealth of Massachusetts CSC Draper Laboratory Federal Reserve Bank of Boston Fidelity Investments Foley Hoag John Hancock Financial Services Liberty Mutual Group MIT Lincoln Laboratory Northeast Utilities* NSTAR Electric & Gas Corporation* Partners HealthCare System Inc. RSA/EMC Corporation State Street Corporation The MITRE Corporation University of Massachusetts Veracode *Founding member. Membership pending merger completion. Special Members: Lincoln Laboratory, M.I.T. Federal Reserve Bank of Boston Higher Education Partners: Babson College Boston University Brandeis University Harvard University Middlesex Community College MIT Northeastern University Tufts University University of Massachusetts Worcester Polytechnic Institute Advanced Cyber Security Center 14

15 ACSC Governance & Organization: Phase I Launch Strategic Advisory Board Steering Committee Oversight and strategic direction Meet 4x annually Program priorities Operating direction ACSC members, IT executives Mass Insight and Staff Policy/Legal Work Group Establish legal entity and agreements Leaders in shaping national policies to improve defenses and support collaborations Release policy recommendations to be shared in DC Jack Goldsmith, Harvard University Law School; Michele Whitham, Foley Hoag (co-chairs) Threat Evaluation/Data Sharing Work Group Assessments and reports from Technical Staff collaborations Improve staff skills Introduction of new tools and services to aid in threat evaluation and response strategies External communication of results to business community and government partners Matt Richard, Bruce Bakis, The MITRE Corporation (co-chairs) Industry-Education Work Group Ongoing review of federal and industry priorities, funding and collaborative R+D project opportunities Develop internships and co-op/work-study programs linked to ACSC objectives Promote new graduate degree programs in cyber security Plan conferences to organize New England s industry-university-government assets Tom Quinn, State Street Corporation; Mel Bernstein, Northeastern University (co-chairs) Advanced Cyber Security Center 15

16 ACSC: Side-by-side and online collaboration Notional rendering of expanded ACSC facility ACSC Cyber Security Operations Center ACSC Cyber Threat Information Sharing Portal Advanced Cyber Security Center 16

17 ACSC: From planning, pilot to launch 2010: Industry-research-Commonwealth charter members organize Small-scale technical group pilot hosted by MITRE Mass Insight/Steering Committee develop 3-year work plan Initial member funding 2011 Milestones - Work Groups Organized, Member Funding Committed: Threat evaluation/data sharing: Bi-weekly Cyber Tuesdays, TEMS, Web Portal initiated Policy/Legal: Participation Agreement, incorporation, initial research on information sharing, federal legislation Industry-University: Outreach, Academic Resource Guide, Strategic Consultant/R+D Planning Process with MGHPCC Strategic Advisory Board: Charter members recruited Advanced Cyber Security Center 17

18 ACSC: Funding and Development Phase I/2011: Initial funding from 16 charter members Commit targeted industry research funds in pools for initial prime the pump R+D projects Phase II/2012: Expand membership to 30 Hire executive director Continued Mass Insight support for development, policy, partnerships Phase III/2013: Significantly expand scale and funding through federal grants and contracts Advanced Cyber Security Center 18

19 Industry-University Collaborations: Fall 2011 Strategic Planning Goals: Establish large scale vision, focus, training for R+D and education collaborations Kick off prime the pump initial industry funded research planning projects Identify federal, industry priorities and funding opportunities Implement collaborative mechanisms Prioritize steps for 2012 Advanced Cyber Security Center 19

20 The Advanced Threats and the R&D Opportunity UNIVERSITY ASSETS ACSC and Partners INDUSTRY NEEDS FEDERAL PRIORITIES Advanced Cyber Security Center 20

21 ACSC Platform: Industry-University Collaboration Opportunities Education and Talent Development Undergraduate, Graduate, Professional: Internship programs Adjunct faculty positions Lecture series rotating locations, industry and university lecturers Curriculum planning Endowed professorships (education emphasis) Research: Member-funded individual projects (e.g., post-doctoral project) Member-funded multi-year projects (e.g., Ph.D. program) ACSC proposals for federal or foundation research grants Visiting scholar programs (e.g., sabbaticals) Endowed professorships (research emphasis) Advanced Cyber Security Center 21

22 ACSC Platform: Industry-University Collaboration Opportunities Government policy, regulation: Thought leadership papers, policy forums, op-ed pieces Background for New England delegation Special events: Cyber competitions at the college and high-school levels Tech transfer-university research leader roundtable co-hosted by MTTC and the ACSC Media communications Advanced Cyber Security Center 22

23 5 Areas for Possible ACSC-funded Projects: Federal Cyber Security R&D Plan and Industry Needs 1. Integration of Cyber Security Risk Frameworks with Enterprise Risk Frameworks The need is for a common view of risks affecting the enterprise. Important for budgeting and resource allocation. 2. Big Data Management for Cyber Security Operations Current cyber security tools do not scale well to the enterprise level for our major partners. Need scalable systems to enable real-time analysis and decision-making to address advanced cyber threats. 3. Automation Processes and Technology for Cyber Security Information Sharing Efficient sharing of large-scale cyber security information requires efficient standardization and technology to promote collaborative analysis and actions. 4. Security and Privacy for Mobile Devices There are growing uses of mobile hand-held devices in the markets for many of our members, and growing use implies growing threats. Need high levels of security and privacy for these devices. 5. Optimization of Enterprise Security Architectures Placement and configuration of firewalls, IDS/IPS s, etc. are among the factors determining the costeffectiveness of a given security architecture. How can such factors be optimized within the enterprise to get the most value from the security budget? Based on member interviews. Advanced Cyber Security Center 23

24 ACSC Resources Advanced Cyber Security Center: Conference papers and related publications: Advanced Cyber Security Center 24