1 TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats, and maintain stability of our economic and technological infrastructure. Tuskegee University plays a prominent role in the solution to this national problem. Tuskegee is considering new concepts and technologies to contribute to the solution. It is imperative that Tuskegee continues to develop expertise in human, statistical, mathematical, computational, and computer science in order to take a multidisciplinary approach to address these cyber attacks using new concepts. The emergence of research enterprise in cybersecurity at Tuskegee University will be funded by the nearly 1 billion dollar capital campaign to develop infrastructure, and human resources. The support for cybersecurity research is crucial for Tuskegee so that we may continually make a significant national and international role in addressing the cyber threat. 1.0 Introduction Cyberspace touches nearly everything and everyone in our society and the world. It is a platform for prosperity and innovation and the means to improve general welfare around the globe. This digital infrastructure is broad and lightly regulated with significant risks that threaten individual rights, private enterprises, and nations. The United States government has the responsibility to make sure its citizens can realize the full economic and productivity potential of this information technology revolution. The United States digital infrastructure architecture is based on the Internet, which is not secure, or resilient/robust. The nation will fail to protect itself from the growing threat of cybercrime and state sponsored intrusions of the digital infrastructure unless game changing advances in security, and new methods of construction and operation are developed. There have been millions of dollars loss, and including intellectual property due to our digital infrastructure to state and non-state actors, which are compromising, changing, or destroying information, and undermining our economy and national security. The information and communication networks are largely designed, built, owned and operated by the private sector, both nationally and internationally. Thus the development of game changing technology to address network security will require a public-private partnership. Present research is insufficient on new approaches to achieve security and robustness in information and communication infrastructures. An increase by the government in research dollars that addresses cybersecurity vulnerabilities is greatly needed. 2.0 Future Path Cyberspace is the globally interconnected digital information and communications infrastructure that underlie nearly every facet of our society and provides critical support for the United States economy, civil infrastructure, public safety, and national security. The telecommunications and Internet networks continue to converge with entities adopting the Internet as primary means of interconnectivity. Cyberspace vulnerabilities must be addressed so that we can realize the full potential of the information technology revolution. Final 12/14/2011 1
2 2.1 Policy The future in cybersecurity requires the cooperation of academia, industry, and government to build a trusted and resilient communications and information infrastructure. The cybersecurity policy that must be addressed include strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communication infrastructure. This cybersecurity policy can be examined and mapped into achievable sub goals to support this overall policy. This policy is based on a meeting of experts that met over a 60- day period. 2.2 Monitoring, Detection, and Response There is a growing threat by attackers to disrupt telecommunications, electrical power, energy pipelines, refineries and financial networks. The attackers growing sophistication has already resulted in malicious activities as follows: Information technology systems causing disruption of electric power in multiple regions overseas resulting in a multi-city power outage. Payment processors of an international bank permitted fraudulent transactions at more than 130 automated teller machines in 40 cities within a 30 minute period Industry estimates of losses from intellectual property to data theft in 2008 range as high as $1 trillion. The placement of Internet monitoring software to detect malicious behavior using automated attack and intrusion detection systems and warning sensors must be integrated into our cyber infrastructure to address cyber threats from remote network intrusions and insider operations to supply chain vulnerabilities. These sensors will be important in providing situational awareness for instance in a Network Operations Center (NOC). The potential level of damage due to various threat scenarios for risk management decisions can be evaluated using modeling and simulation. Therefore a supercomputer could be an asset in this situation. The future Cyberspace infrastructure framework must have an improved coordinated response, which requires developing reporting thresholds, adaptable response and recovery plans, and the necessary coordination, information sharing, and incident reporting mechanisms. 2.3 Significant Threat Areas: Utilities, Industrial Control, and Health Information Systems The area of energy-related industrial control systems must have improved security and procedures developed. The new Smart Grid technology must be protected to eliminate opportunities for terrorist to breach these systems and/or conduct large-scale attacks. The protection of patient health information records is very important in gaining access of electronic records through the Internet, which is becoming pervasive. The public confidence in privacy must be assured through improved cybersecurity. Final 12/14/2011 2
3 2.4 Identity Management System The further development must be made for identity management systems to build enhanced privacy and trust for online transactions for important activities such as controlling the Smart Grid, and managing financial transactions. Consideration should also be given to embedding security into software and hardware of products designs. 2.5 Resiliency and Risk Mitigation The cyber infrastructure must be robust against physical damage, and manipulation of data. There must be a plan to minimize and deal with risk for cyberspace that must focus on the devices used to access the infrastructure, and the various means of moving, storing, and processing information. This must include prevention, mitigation, and response against threats to or corruption of the people who operate and benefit from the infrastructure. 2.6 Public Education A very important part of improving national cybersecurity is the education of the public as follows: Promote cybersecurity risk awareness for all citizens Continue to build an education system that will enhance understanding of cybersecurity to allow our nation to retain and expand its technology leadership Educate organizations on how to manage risks 3.0 Research and Education Goals 3.1 Research Goals Based of the future pathway and policies for cybersecurity the following areas of research and development have been identified: Identity Management and Authenticating vision and solution to enhance privacy and online trust for high value activities. Authentication can be used to ensure that the data, hardware and software is trustworthy Biological Evolutionary based system for detection of malicious behavior in a cyber infrastructure Intrusion Detection sensor for a cyber infrastructure Real Time Sensors for cybersecurity situational awareness for reporting to the Network Operations Center (NOC) or individuals Modeling and Simulation techniques to evaluate threat scenarios and their potential level of damage for management of risk management decisions. Adaptive Cyber Security Technology- Include the development of self-learning cyber security technologies; self-awareness in cyber systems; the establishment of feedback in cyber systems to learn from cyber attacks. Development of Powerful Computer processors, capable of detecting and filtering viruses and worms to protect mass information databases like financial records from malicious attacks Optimize Incident Response through selection of team, and the contribution, engagement, aligning and streamlining of resources Final 12/14/2011 3
4 Multi-Faceted Approach to Cyber Security research takes into account social behavioral norms and societal desires in cyber space, cyber space policies, the impact of cyber and other legislation and the economics of cyber space and cyber security. Web Applications Security research exploits the vulnerabilities of web applications, such as SQL injection, cross-site scripting, cross-domain integration, and buffer overflows in the application layer. Mobile Security research focuses on the aspects of information and network security that arise in this challenging and ever-evolving space of mobile communication systems, including mobile/cellular telephony, wireless Internet, and mobile ad hoc and sensor networks. Computer Forensics research focuses on data hiding, stenography, anti-forensic and their effects on investigation, etc. 3.2 Education Considering the cybersecurity policy, and other future requirements from above and the Department of Homeland Security the following educational courses are suggested: Software Assurance - Software assurance deals with the root of the problem by improving software security. Enterprise-Level Security Metrics - Defining effective information security metrics despite this has proven difficult. Usable Security - Usability is successfully addressed as a core aspect of security. Insider Threat - Opportunities exist to mitigate insider threats through aggressive profiling and monitoring of users of critical systems, fishbowling suspects, chaffing data and services by users who are not entitled to access, and finally quarantining confirmed malevolent actors to contain damage and leaks. Secure, Resilient Systems and Networks - The survivability attribute of systems and networks includes being secure and resilient to attack based on well defined measureable requirements. Modeling of Internet Attacks - Researchers, develops and applies modeling and analysis capabilities to predict the effects of cyber attacks on Federal Government and other critical infrastructures. Two main areas are identified (1) malware and botnets, and (2) situational understanding and attack attribution. Network Mapping and Measurement - The protection of cyber infrastructure depends on the ability to identify critical Internet resources, incorporating an understanding of geographic and topological mapping of Internet hosts and routers. Incident Response Communities - Specify the skills, abilities, structures, and support to create an effective and sustained incident response capability. Cyber Economics Examine cyber security and how it is impacted significantly affected by economic conditions and factors. Gaining an understanding of the incentive structure is key to getting stakeholders to behave in a way that will improve overall security. Digital Provenance Understand the impact the sources and intermediate processors of the data, which makes it difficult to assess the data s trustworthiness and reliability, and hence its real value to the decision-making processes in which it is used. Hardware-Enabled Trust Understand how hardware can provide a game-changing foundation upon which to build tomorrow s cyber infrastructure. Moving-Target Defense - Create, analyze, evaluate, and deploy mechanisms and strategies that are diverse and that continually shift and change over time to increase complexity and cost for Final 12/14/2011 4
5 attackers, limit the exposure of vulnerabilities and opportunities for attack, and increase system resiliency Nature-Inspired Cyber Health Understand how self-aware systems may take preventative measures, rejecting requests which do not fit the profile of what is good, a priori, for the network; these systems can build immunological responses to the malicious agents which they sense in real time. Software Assurance MarketPlace (SWAMP) - Focuses on the research infrastructure necessary to enable these software quality assurance and related activities which address threats throughout the software development process and which calls for new methods, services, and capabilities in build, test, and analysis phases in order to improve the quality and reliability of software used in the nation s critical infrastructures. Information Security presents an overview of the security problems, risk analysis, and policies. Topics include basic concepts, access control, security policies, authentication, assurance and trust, information flow, vulnerabilities analysis, incident response, and legal and ethical issues. Information Assurance Management introduces information system architecture, system security measures, systems operations policy, system security management plan, legal and ethical considerations and provision for system operator and end user training. Network Security introduces the fundamentals of network security, security vulnerabilities, attack methods, and mitigation approaches. A comprehensive list of security issues related to networking design and development will be discussed. Topics include ethics in network security, basic cryptography, Firewalls, threats and security measures at different TCP/IP layers. SSH protocol, security, and Web security. Web Application Security - introduces methods of exploiting the vulnerabilities of web applications, including SQL injection, cross-site scripting, remote frameworks, HTML5, cross-domain integration techniques, UI redress, and buffer overflows in the application layer. It will examine the procedures and technologies that are essential to developing, penetration testing and releasing a secure web application. Mobile Security covers standards and research challenges in both deployed systems and future mobile systems. The topics include (but are not limited to) telecom vulnerabilities; smart phone security; mobile Internet security; mobile location privacy; and ad hoc, mesh, and sensor network security. Computer Forensics - introduces collection, examination, and preservation of digital evidence in support of criminal investigations, civil investigations, and sensitive business matters. It also examines the issues, tools, techniques, and processes to successfully prepare for, respond to, and investigate such matters. Incidence Response and Recovery focuses on the theory and principles of incident response through a hands-on and practical approach. The entire lifecycle of incident response is covered, from pre-incident preparation through notification, initial response, and recovery. Real world case studies will provide insight into the computer crime cases that corporations and government are currently facing. Information Security Policy and Risk Analysis - introduces sociological and psychological issues in policy implementation in general and then provides a focus on information security specific policies. The course also covers vulnerabilities and risks inherent in the operation and administration of information systems, the costs and benefits of investment security decisions, the return on investments, and risk aversion and insurance. Final 12/14/2011 5
6 4.0 Model of Program for the Information System and Security Management The university is in the process of developing a Master program in Information System and Security Management and establishing a Center of Academic Excellence in Information Assurance Education (CAE/IAE). This program is integrated into the previously defined comprehensive research and education goals. The following diagram describes the interactions of this Master s program various goals. IT/CS & EE Technology Security Computer Engineering MS-ISSM Management Security System Partnership Academic Institutions Industries Governments CAE/IAE Research Education Training 5.0 General Summary Regarding Pursuit of Cyber Security at Tuskegee University The cyber threat to this nation is eminent and ever expanding to attack our economic and technological infrastructure. Tuskegee is a significant resource for developing solutions to thwart these cyber attacks. The most effective way to achieve this goal is by pursuing an advanced graduate research cyber security infrastructure that contributes to developing talent in this area. Tuskegee s contribution to this solution would gain national and international recognition resulting in further expanding our research programs and capability. Final 12/14/2011 6
Cyber Security Strategy MINISTER S FOREWORD Australians have been quick to embrace the Internet in their lives and businesses. For most of us it is now part of our daily routine for talking to our friends
THE PRESIDENT S NATIONAL SECURITY TELECOMMUNICATIONS ADVISORY COMMITTEE NSTAC Report to the President on the Internet of Things November 19, 2014 TABLE OF CONTENTS EXECUTIVE SUMMARY... ES-1 1.0 INTRODUCTION...
TRUSTWORTHY CYBERSPACE: STRATEGIC PLAN FOR THE FEDERAL CYBERSECURITY R ESEA RCH A ND DEVELOPMENT PROGRAM Executive Office of the President National Science and Technology Council DECEMBER 2011 TRUSTWORTHY
Cyber Security: Designing and Maintaining Resilience White paper presented by: Georgia Tech Research Institute Cyber Technology and Information Security Laboratory Dr. George A. Wright Chief Engineer Terrye
ericsson White paper Uen 307 23-3230 February 2014 Guiding principles for security in a networked society The technological evolution that makes the Networked Society possible brings positive change in
WHITE PAPER Cybersecurity in Modern Critical Infrastructure Environments SECURE-ICS Be in Control Securing Industrial Automation & Control Systems This document is part of CGI s SECURE-ICS family of cyber
Qatar National Cyber Security Strategy MAY 2014 i ii TABLE OF CONTENTS FOREWORD... v EXECUTIVE SUMMARY... vi 1. INTRODUCTION...1 2. THE IMPORTANCE OF CYBER SECURITY TO QATAR...3 2.1 Threats... 3 2.2 Challenges...
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
ICS-CERT Year in Review Industrial Control Systems Cyber Emergency Response Team 2013 National Cybersecurity and Communications Integration Center What s Inside Welcome 1 National Preparedness 2 Prevention
Cyber Security Capability Maturity Model (CMM) - Pilot Global Cyber Security Capacity Centre University of Oxford 12/15/2014 1 Table of Contents Introduction... 3 Cyber Security Capability Maturity Model...
Roadmap to Secure Control Systems in the Water Sector March 2008 Developed by Water Sector Coordinating Council Cyber Security Working Group Sponsored by Members of the Water Sector Coordinating Council
Testimony of Farnam Jahanian, Ph.D. Assistant Director Computer and Information Science and Engineering Directorate Before the Committee on Science, Space, and Technology Subcommittee on Technology and
National Cyber Security Research and Development Challenges Related to Economics, Physical Infrastructure and Human Behavior An Industry, Academic and Government Perspective 2009 A report to the Chairman
GAO United States General Accounting Office May 2004 TECHNOLOGY ASSESSMENT Cybersecurity for Critical Infrastructure Protection GAO-04-321 May 2004 TECHNOLOGY ASSESSMENT Highlights of GAO-04-321, a report
Designed-In Cyber Security for Cyber-Physical Systems Workshop Report by the Cyber Security Research Alliance 4-5 April 2013 in Gaithersburg, Maryland Co-sponsored with the National Institute of Standards
The IT Industry s Cybersecurity Principles for Industry and Government 2011 ITI MEMBER COMPANIES Apple Inc. TABLE OF CONTENTS Executive Summary 5 Setting the Stage 7 Six Cybersecurity Principles 9 Principle
White Paper An Enterprise Security Program and Architecture to Support Business Drivers seccuris.com (866) 644-8442 Contents Introduction... 3 Information Assurance... 4 Sherwood Applied Business Security
Cyber Security Intel Corporation U.S. Executive Order 13636 and Critical Security Capabilities to Consider White Paper Authors Amit Agrawal (Security Strategist, Intel) Jack Lawson (Director - Security,
NATIONAL CYBER SECURITY STRATEGY GOVERNMENT OF JAMAICA TABLE OF CONTENTS ACKNOWLEDGEMENT 03 LIST OF ACRONYMS 04 EXECUTIVE SUMMARY 05 INTRODUCTION 07 National development and the role of ICT 09 The Threat
Priority III: A National Cyberspace Security Awareness and Training Program Everyone who relies on part of cyberspace is encouraged to help secure the part of cyberspace that they can influence or control.
Network security: Protecting our critical infrastructures This paper was prepared by Professor Seymour E. Goodman, Pam Hassebroek, and Professor Hans Klein, Georgia Institute of Technology (United States).
Cyber Security Strategy of the United Kingdom safety, security and resilience in cyber space O C S UK Office of Cyber Security C S O C UK Cyber Security Operations Centre June 2009 Cyber Security Strategy
110101001101101101010011000 11011010100110110101001100 11011010011011010100110000 10100110110101001100010010 Protecting Information The Role of Community Colleges in Cybersecurity Education A Report from
Testimony of James F. Kurose, Ph.D. Assistant Director Computer and Information Science and Engineering Directorate Before the Subcommittee on Research and Technology For the Committee on Science, Space,
Presidency of the Council of Ministers NATIONAL STRATEGIC FRAMEWORK FOR CYBERSPACE SECURITY December 2013 Presidency of the Council of Ministers NATIONAL STRATEGIC FRAMEWORK FOR CYBERSPACE SECURITY December