DHS S&T Cyber Security Division (CSD) Strategic Vision
|
|
- Abigail Cannon
- 8 years ago
- Views:
Transcription
1 Homeland Security Advanced Research Projects Agency DHS S&T Cyber Security Division (CSD) Strategic Vision Douglas Maughan Division Director December 16,
2 Presentation Outline Why are we here today? Cyber Threat landscape has changed over the past several years Early investments by CSD Comprehensive National Cybersecurity Initiative (CNCI) Established in the Bush White House Continued in the Obama Administration Sunsetted in FY14 Federal R&D Strategic Plan Research Requirements Process CSD Mission and Strategy Broad Agency Announcement (BAA) Topics 36 Awards Technology Transition Branching out internationally 2
3 Cyber Threats and Sources Nation States Terrorists, DTOs, etc. Hackers/Hacktivists Cyber Criminal Organizations Insider Threats Malware Malicious software to disrupt computers Viruses, worms, Theft of Intellectual Property or Data Hactivism Cyber protests that are socially or politically motivated Mobile Devices and Applications and their associated Cyber Attacks Social Engineering Entice users to click on Malicious Links Spear Phishing Deceptive communications ( s, Texts, Tweets) Domain Name System (DNS) Attacks Router Security Border Gateway Protocol (BGP) Hijacking Denial of Service (DOS) blocking access to web sites Others.. Bottom Line: Easier to be a bad guy and volume of threats is growing 3
4 Research Activities Already Initiated DHS / NSF Cybersecurity Testbed Large-scale Network Security Research Testing and Evaluation Datasets National Strategy to Secure Cyberspace Secure Domain Name System (DNSSEC) Secure Routing Infrastructure (e.g., BGP) Cyber Economic Assessment studies 7 April
5 BAA04-17 Awards TTA Type ID PI Organization Full Proposal Title Funding Amt. 1 II 3 University of California, Irvine Adding Mandatory Access Control to Java VMs $312,483 2 I 5 GrammaTech, Inc Model Checking Software Binaries $442,011 2 I 9 Stanford University Open Source Hardening Project $1,241,276 2 II 1 Komoku, Inc. Copilot - A High Assurance and Independent Security Auditor $1,165,416 2 II 3 Georgia Institute of Technology Preventing SQL Code Injection by Combining Static and $390,019 Runtime Analysis 3 II 5 University of Delaware Benchmarks for evaluation of DDoS defense systems $533,716 4 I 1 Princeton University Incrementally Deployable Security for Interdomain Routing $312,483 4 II 13 Adventium Labs Embedded Firewall for Robust Protection of Mission Critical $821,796 Operations 4 II 20 George Mason University Enhanced Topological Vulnerability Analysis and Visualization $1,100,000 4 III 2 Telcordia Technologies AVACC: Automated Vulnerability Assessment of Critical Cyber- Infrastructure Through Policy-based Configuration Synthesis $500,000 5 I 4 University of Michigan, Ann Arbor Secure Coordination and Communication in a Crisis Using Handheld $1,352,549 Devices 5 I 8 Dartmouth College M.A.P. (Measure, Analyze, Protect): security through $1,698,545 measurement for wireless LANs 6 I 1 BBN Technologies ZombieStones: Attack Tracing Across Events Separated in $384,892 Time 6 II 4 Southwest Research Institute Single Packet IP Traceback Through Internet Autonomous $1,224,799 Systems 7 I 2 Stanford University SpoofGuard Anti-Phishing Technologies $766,671 7 II 4 McAfee, Inc. Phisherman $887,142 7 II 7 BBN PhishBouncer- An Architectural Approach to Defending Against Phishing Attacks $749,639 8 June
6 BAA07-09 Awards TTA Type PI Organization Paper Title Time Proposed Funding 1 II Georgia Institute of Technology Countering Botnets: Anomaly-Based Detection, Comprehensive Analysis, and Efficient Mitigation 24 $ 1,050,730 2 I IBM Thomas J. Watson Research Center Montage: A Methodology for Designing Composable End-To-End Secure Distributed Systems 36 $ 900,000 2 II Secure64 Software Corporation Automating the Chain of Trust: Secure Interzone Key Management for Large Scale DNSSEC Deployments (Project Acronym: SCOTTY) 36 $ 1,242,815 2 II Packet Clearing House, Inc. INOC-DBA, VoIP Network Security 24 $ 600,000 4 I CA FloViS: Flow Visualization System $ 925,050 4 II Secure Decisions division of Applied Visions, Inc. Visualization Toolkit for NetFlow Analytics $ 617,098 The Regents of the University of California; leveraging the science and technology of Internet mapping for homeland 5 I UC San Diego security $ 1,582,467 6 II Colorado State University WIT: A Watchdog System for Internet Routing 24 $ 1,500,000 6 III Packet Clearing House, Inc. BGP Routing Integrity Checker and Prefix-List Filter Generation Tool 12 $ 450,000 7 I Digital Bond, Inc. Passive Security Log Generation for Control Systems 12 $ 475,000 7 III Sandia National Laboratories Secure and Reliable Wireless Networks for Critical Infrastructure Facilities 12 $ 643,000 8 II John Hopkins University New Frameworks for Detecting and Minimizing Information Leakage in Anonymized Network Data 24 $ 928,682 9 I Washington State University Insider Threat Detection Using a Graph-based Approach $ 327,667 9 II Dolphin Technology Inc. Document-based Management, Access Control and Security (DocuMACS) $ 1,165,000 TOTAL $ 12,407,509 4 April
7 7 Comprehensive National Cybersecurity Initiative (CNCI) Establish a front line of defense Reduce the Number of Trusted Internet Connections Deploy Passive Sensors Across Federal Systems Pursue Deployment of Automated Defense Systems Coordinate and Redirect R&D Efforts Resolve to secure cyberspace / set conditions for long-term success Connect Current Centers to Enhance Situational Awareness Develop Gov t-wide Counterintelligence Plan for Cyber Increase Security of the Classified Networks Expand Education Shape future environment / secure U.S. advantage / address new threats Define and Develop Enduring Leap Ahead Technologies, Strategies & Programs Define and Develop Enduring Deterrence Strategies & Programs Manage Global Supply Chain Risk Cyber Security in Critical Infrastructure Domains 7
8 Federal Cybersecurity R&D Strategic Plan Science of Cyber Security Research Themes Tailored Trustworthy Spaces Moving Target Defense Cyber Economics and Incentives Designed-In Security (New for FY13) Transition to Practice Technology Discovery Test & Evaluation / Experimental Deployment Transition / Adoption / Commercialization Released Dec 6, ederal-cybersecurity-rd-strategic-plan-released Support for National Priorities Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education), Financial Services 8
9 CSD Research Requirement Inputs White House/NSS National Strategy 2003 Comprehensive National Cybersecurity Initiative (CNCI) EO 13636/PPD 21 National CISR R&D Plan (in progress) Transition to Practice (TTP) Cyber Economic Incentives Research National Initiative for Cybersecurity Education (NICE) Cybersecurity Framework Support State/Local S&T First Responders Group FRAC/TTWG SWGDE (FBI) Departmental Inputs QHSR 2009 & 2014 Blueprint NPPD/CS&C/NCCIC ICE HSI / IPR USSS CBP USCG TSA DHS CIO/CISO Councils CSD Interagency Collaboration Cyber Security and Information Assurance (CSIA) IWG SCORE Classified R&D WG Cyber-Physical Systems (CPS) SSG Big Data SSG Cyber Forensics WG Critical Infrastructure Sectors (Private Sector) Energy (Oil & Gas, Electric Power) Banking and Finance Communications/IT Cross-Sector Cyber Security WG International Collaborations 9
10 CSD Mission & Strategy REQUIREMENTS CSD MISSION Develop and deliver new technologies, tools and techniques to defend and secure current and future systems and networks Conduct and support technology transition efforts Provide R&D leadership and coordination within the government, academia, private sector and international cybersecurity community CSD STRATEGY Trustworthy Cyber Infrastructure Cybersecurity Research Infrastructure Network & System Security and Investigations Cyber Physical Systems Transition and Outreach Stakeholders Government Venture Capital International IT Security Companies Open Source Outreach Methods (Sampling) Technology Demonstrations Social Media Speaking Engagements Media Outreach Program Presenter s Reviews Name June 17,
11 CSD R&D Execution Model Research, Development, Test and Evaluation & Transition (RDTE&T) "Crossing the Valley of Death : Transitioning Cybersecurity Research into Practice," IEEE Security & Privacy, March-April 2013, Maughan, Douglas; Balenson, David; Lindqvist, Ulf; Tudor, Zachary Successes Over 30 products transitioned since 2004, including: 2004 BAA commercial products 2 Open Source products 2005 BAA (RTAP) 1 commercial product 1 GOTS product 1 Open Source product 2007 BAA commercial products 2011 BAA (more to come) 1 Open Source product 1 Research Infrastructure Law Enforcement Support 2 commercial products 1 Open Source product Multiple Knowledge products Identity Management 1 Open Source standard and GOTS solution SBIRs 8 commercial products 1 Open Source product 11
12 S&T International Engagements International Bilateral Agreements Government-to-government cooperative activities for 13 bilateral Agreements Canada (2004) Australia (2004) United Kingdom (2005) Singapore (2007) Sweden (2007) Mexico (2008) Israel (2008) France (2008) Germany (2009) New Zealand (2010) European Commission (2010) Spain (2011) Netherlands (2013) Over $6M of International co-funding COUNTRY PROJECTS MONEY IN JOINT MONEY OUT Australia 3 $300K $400K Canada 11 $1.8M Germany 1 $300K Israel 2 $100K Netherlands 7 $450K $1.2M $150K Sweden 4 $650K United Kingdom 3 $1.0M $400K $200K New Zealand 1 Japan 1 12
13 Cyber Security Budget Overview
14 Presentation Outline Where are we going? Solicitations FY14 BAA (Funded FY15-17) SBIR Long-Range BAA Collaboration Sessions Wed. afternoon Security Culture (Sweden s SECUR-IT Initiative) Cyber Experimentation for the Future Security of Open Source Solutions Economics of Cybersecurity International Partners Open Discussion Cyber Apex Banking and Finance Sector Large-scale technology integration and demonstration National Critical Infrastructure Security and Resilience R&D Strategic Plan National Initiative on Cybersecurity Education (NICE) 14
15 Anticipated Schedule 23 Apr: BAA released incl. to participating countries $95M over 5 year period OCPO/HSHQDC-14-R-B0005/listing.html S&T BAA Website: 1 June+: Publish BAA Topic Calls Open to all respondents foreign and domestic June 2014 March 2015: BAA White Paper and Proposal Review process and Contracting Activities International Collaborations 2014 Broad Agency Announcement 15
16 2014 BAA Topics Data Privacy: TTA #1 - Privacy Policy Compliance Tools TTA #2 - Privacy-Preserving Federated Search TTA #3 - Mobile Computing Privacy CPSSEC: TTA #1 - Security Models and Interactions TTA #2 - Secure System Design and Implementation TTA #3 - Experiments and Pilots Mobile Tech Sec: TTA #1 - Mobile Device Instrumentation TTA #2 - Transactional Security Methods TTA #3 - Mobile Security Mgmt Tools TTA #4 - Protecting Mobile Device Layers DDoSD: TTA #1 - Measurement & Analysis to Promote Best Current Practices (BCP 38, SAC004) TTA #2 - Tools for Communication and Collaboration TTA #3 - Novel DDoS Attack Mitigation and Defense Techniques 16
17 Important program for creating new innovation and accelerating transition into the marketplace Since 2004, DHS S&T Cyber Security has had: 74 Phase I efforts 28 Phase II efforts 4 Phase II efforts currently in progress 10 commercial/open source products available Four acquisitions Small Business Innovative Research (SBIR) - 1 Komoku, Inc. (MD) acquired by Microsoft in March 2008 Endeavor Systems (VA) acquired by McAfee in January 2009 Solidcore (CA) acquired by McAfee in June 2009 HBGary (CA) acquired by ManTech in February 2012 S&T BAA / SBIR Website: 17
18 Small Business Innovative Research (SBIR) - 2 FY04 Cross-Domain Attack Correlation Technologies (2) Real-Time Malicious Code Identification (2) Advanced SCADA and Related Distributed Control Systems (5) FY05 Hardware-assisted System Security Monitoring (4) FY06 Network-based Boundary Controllers (3) Botnet Detection and Mitigation (4) FY07 Secure & Reliable Wireless Comms for Control Systems (2) FY09 Software Testing and Vulnerability Analysis (3) FY10 Large-Scale Network Survivability, Rapid Recovery, and Reconstitution (1) FY11 Mobile Device Forensics (1) FY12 Moving Target Defense (2) Solid State Drive Analysis (1) FY13 Hybrid Analysis Mapping (2) Software Based Roots of Trust for Enhanced Mobile Device Security (3) FY14 Embedded System Security FY15 Enhanced Distributed Denial of Service Defense 18
19 DHS S&T Long Range Broad Agency Announcement (LRBAA) S&T seeks R&D projects for revolutionary, evolving, and maturing technologies that demonstrate the potential for significant improvement in homeland security missions and operations Offerors can submit a pre-submission inquiry prior to White Paper submission that is reviewed by an S&T Program Manager CSD has 18 Topic Areas (CSD.01 CSD.18) SEE NEXT SLIDE LRBAA open 2/25/2014, closes 12/31/2018 Additional information can be found on the Federal Business Opportunities website ( (Solicitation #:DHSST-LRBAA14-02) 19
20 LRBAA Summary Listing CSD.01 National Critical Infrastructure Security and Resilience (CISR) R&D Strategic Plan topics CSD.02 Internet Infrastructure Security CSD.03 Cyber Experimentation for the Future CSD.04 Homeland Open Security Technology CSD.05 Forensics support to law enforcement CSD.06 Identity Management CSD.07 Data Privacy and Information Flow technologies. CSD.08 Software Assurance CSD.09 Cyber security education, competitions, and curriculum development. CSD.10 Cyber-Physical Control and Process Control Systems Security CSD.11 Internet Measurement and Attack Modeling CSD.12 Securing the mobile workforce CSD.13 Insider Threats CSD.14 Experiments and Pilots Test and evaluation in experimental operational environments to facilitate transition. CSD.15 Cybersecurity Economic Incentives, Insurance, and Behaviors CSD.16 Data Analytics analysis techniques, visualization CSD.17 Predictive Analytics CSD.18 Distributed Denial of Service Defense 20
21 Collaboration Sessions Sweden s Security Culture and Information Tech - SECURIT The objective of this session is to share what our Swedish partners are doing, how it s worked, and how can we incorporate this into what we are doing. Cybersecurity Experimentation of the Future In order to address evolving cyber challenges researchers need an accessible, broad, and multi-organizational cybersecurity experimentation capability that supports tomorrow s research. The objective of this session is to share a plan and roadmap and seek your feedback through open dialogue. Issues and Challenges in Transitioning Open Source Solutions This session will discuss challenges and opportunities related to open source. Participants are encouraged to bring questions on open source policies, examples of open source successes and failures, and help determine how DHS S&T CSD can best help promote successful open source transitions. Economics of Cybersecurity The objective of the session is to discuss how economic considerations might affect the ultimate transition and utility of the various cyber security measures being developed through CSD s research program. International Partners Open Discussion International partners will be available to discuss additional questions not addressed in the International Panel Discussion. 21
22 The Future at DHS S&T Screening at Speed: Security that Matches the Pace of Life A Trusted Cyber Future: Protecting Privacy, Commerce and Community In a future of increasing cyber connections, underlying digital infrastructure will be self-detecting, self-protecting and self-healing. Users will trust that information is protected, illegal use is deterred, and privacy is not compromised. Security will operate seamlessly in the background. Enable the Decision Maker: Actionable Information at the Speed of Thought Responder of the Future: Protected, Connected, and Fully Aware Resilient Communities: Disaster-Proofing Society 22
23 Public-Private R&D Partnerships MOU between DHS S&T, NIST, and FS Sector Coord Council (FSSCC) in coordination with WH Framework for publicprivate collaboration on R&D projects for the FS 1) to facilitate innovation, 2) to identify and overcome cybersecurity vulnerabilities, and 3) to develop more efficient and effective processes that benefit critical financial services functions and other critical infrastructures 23
24 What are the core cybersecurity problems we are trying to address? Compromise of the cyber fabric underlying our nation s critical infrastructure (CI) is a threat to US national security 70% of critical infrastructure companies have been hit with breaches in the past year Source: 2014 Survey from Unisys and Ponemon Institute Perimeter-based defense is not sufficient for wellresourced adversaries Mandiant reports that nearly 100% of it victims have up-todate virus software; many observe best practices in network monitoring, firewall filtering, and intrusion detection 243 Median days attackers are on the network before being discovered - Mandiant All CI sectors are facing a core set of cybersecurity challenges: Adversaries are on our systems and networks without our knowledge Understanding of the cyber situation is often inaccurate or only achieved forensically, after the fact Lack of a strong repertoire of response mechanisms that can neutralize the impact of adversary presence while still allowing the sector to maintain an adequate level of operating functionality 24
25 Initial Focus on the Financial Services Sector (FSS) Existing fragilities exist in the core of the financial sector, arising from purely profitseeking behavior: - Complex interdependencies (LTCM) - Increased automation (Knight Capital) - Size and speed of data flow (May 2010 Flashcrash) Known penetration of sector networks by sophisticated adversaries - NASDAQ - JP Morgan (reported at 76M) Clear and growing risk to national security when the two combine [The report] portrayed a market so fragmented and fragile that a single large trade could send stocks into a sudden spiral. - Wall Street Journal summary of the SEC and CFTC joint after action report on the May 2010 Flash-crash 25
26 Technical Approach Overview Open System Architecture producing an integrated capability Advanced Sensing Technologies (AST) Measurement and attestation Behavioral modeling Situation Understanding (SU) Disparate Sensor Alert Analysis Operational Mission Impact Analysis Response and Recovery (RR) Real-time secure sharing Novel engagement approaches *Common interfaces and messaging *Operational Exercises (DECIDE) Network Protections (NP) Advanced network control planes 26
27 Executive Order (EO) on Improving Critical Infrastructure Cybersecurity/ Policy Presidential Directive (PPD) on Critical Infrastructure Security and Resilience Credit: White House / Pete Souza America must also face the rapidly growing threat from cyber attacks That s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy. President Barack Obama, 2013 State of the Union Homeland Security Executive Order 13636: Improving Critical Infrastructure Cybersecurity directs the Executive Branch to: Develop a technology-neutral voluntary cybersecurity framework Promote/incentivize adoption of cybersecurity practices Increase the volume, timeliness and quality of cyber threat information sharing Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure Explore existing regulation to promote cyber security Presidential Policy Directive-21: Critical Infrastructure Security and Resilience replaces Homeland Security Presidential Directive-7 and directs the Executive Branch to: Develop a situational awareness capability that addresses both physical and cyber aspects of how infrastructure is functioning in near-real time Understand cascading consequences of infrastructure failures Evaluate and mature the public-private partnership Update the National Infrastructure Office of Cybersecurity Protection and Plan Communications Develop comprehensive research and development plan 27
28 Education: A National Problem Enhance public awareness: (1) Augment current messaging to promote policies and practices that support Administration priorities, such as EO and PPD-21, and (2) develop messaging that targets senior executives of critical infrastructure companies (e.g., CEOs, Boards of Directors). Expand the Pipeline: (1) Expand formal education at the post-secondary level, including both four-year and two-year institutions and (2) establish new National Academic Consortiums for Cybersecurity Education (government, colleges/universities, high schools, middle schools, technical academies, industry, professional organizations) Evolve the profession: (1) Identify critical cybersecurity workforce skills through a national cybersecurity Workforce Inventory and Gap Analysis and continued development of Cybersecurity Workforce Forecasting Tools and (2) provide access to free or low-cost training for the identified critical skills. NICE was established in support of the Comprehensive National Cybersecurity Initiative (CNCI) Initiative 8: Expand Cyber Education Interim Way Forward and is comprised of over 20 federal departments and agencies. 28
29 CSD R&D Execution Model Research, Development, Test and Evaluation & Transition (RDTE&T) "Crossing the Valley of Death : Transitioning Cybersecurity Research into Practice," IEEE Security & Privacy, March-April 2013, Maughan, Douglas; Balenson, David; Lindqvist, Ulf; Tudor, Zachary Successes Over 30 products transitioned since 2004, including: 2004 BAA commercial products 2 Open Source products 2005 BAA (RTAP) 1 commercial product 1 GOTS product 1 Open Source product 2007 BAA commercial products 2011 BAA (more to come) 1 Open Source product 1 Research Infrastructure Law Enforcement Support 2 commercial products 1 Open Source product Multiple Knowledge products Identity Management 1 Open Source standard and GOTS solution SBIRs 8 commercial products 1 Open Source product 29
30 2014 CYBER SECURITY DIVISION R&D SHOWCASE AND TECHNICAL WORKSHOP
31 Recent CSD Publications 31
32 Summary / Conclusions Cybersecurity research is a key area of innovation to support our global economic and national security futures CSD continues with an aggressive cyber security research agenda to solve the cyber security problems of our current and future infrastructure and systems We believe the Showcase and Technical Workshop over the next 3 days will highlight the excellent work being funded by CSD Will continue strong emphasis on technology transition Will impact cyber education, training, and awareness of our current and future cybersecurity workforce Will continue to work internationally to find and deploy the best ideas and solutions to real-world problems 32
33 #CyberShowcase Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) / For more information, visit 33
34 Cybersecurity Requirements Historical Timeline Call for Action - Secure Protocols DNSSEC Secure Routing - DETER security testbed - PREDICT data repository Beginnings of CNCI - Call for NICE (Education) - Call for NSTIC (Trusted Identities) - Reinforced need for PREDICT data repository S&T Produced National R&D Roadmap with community input Source for DHS S&T BAA, SBIR, and other solicitations CNCI Tasks 4&9 S&T led via cochair of CSIA IWG Significant interagency activities initiated by WH/NSS/OSTP Implementation plan to accomplish goals of DHS QHSR 24 high priority capabilities needed NPPD-led, S&T involved EO 13636: Improving Critical Infrastructure Cybersecurity PPD 21: Critical Infrastructure Security and Resilience 34
35 Trustworthy Cyber Infrastructure Objective: Develop standards, policies, processes, and technologies to enable more secure and robust global cyber infrastructure and to identify components of greatest need of protection, applying analysis capabilities to predict and respond to cyber attack effects and provide situational understanding to providers Secure Protocols Develop agreed-upon global infrastructure standards and solutions Working with IETF standards, routing vendors, global registries and ISPs Provide global Routing Public Key Infrastructure (RPKI) solutions Follow same process used for DNSSEC global deployment Internet Measurement and Attack Modeling (IMAM) Create more complete view of the geographical and topological mapping of networks and systems Improve global peering, geo-location, and router level maps to assist automated solutions for attack prevention, detection, response Support cross-org, situational understanding at multiple time scales Distributed Denial of Service Defenses (DDOSD) Policy-based technologies to shift the advantage to the defender Measurement/analysis tools to test success of BCP38 deployments Engaging with major finance sector companies and supporting ISPs 35
36 Network and System Security and Investigations - 1 Objective: Develop new and innovative methods, services, and capabilities for the security of future networks and systems to ensure they are usable and security properties can be measured and provide the tools and techniques needed for combatting cybercrime Security for Cloud-Based Systems Develop methodologies and technologies for cloud auditing and forensics in end-point devices Identify data audit methodologies to identify the location, movement, and behavior of data and Virtual Machines (VMs) Work with DHS CIO/CISOs and datacenters Mobile Device Security Develop new approaches to mobile device security (user identity/authentication, device management, App security and management, and secure data) for government purposes Working with DHS CISO and across several components Identity Management / Data Privacy Advance the identity management ecosystem to support Federal, state, local, and private sector identity management functions Develop data privacy technologies to better express, protect, and control the confidentiality of private information Working with DHS, other Federal, State, Local and Private Sector 36
37 Network and System Security and Investigations - 2 Objective: Develop new and innovative methods, services, and capabilities for the security of future networks and systems to ensure they are usable and security properties can be measured and provide the tools and techniques needed for combatting cybercrime toola toolb toold toolc Software Quality Assurance Develop new methods and capabilities to analyze software and address the presence of internal flaws and vulnerabilities to reduce the risk and cost associated with software failures Develop automated capability to bring together independent software and system assessment activities Usable Security and Security Metrics Improve the usability of cybersecurity technologies while maintaining security Develop security metrics and tools and techniques to make them practical and useful as decision aids for enterprise security posture Investigation Capabilities for Law Enforcement Develop investigative tools/techniques for LE agencies to address the use of computers/phones in criminal and cyber related crimes Develop techniques and tools focused on detecting and limiting malicious behavior by untrustworthy insiders inside an organization Cyber Forensics Working Group USSS, ICE, CBP, FBI, S/L 37
38 Cyber Physical Systems / Process Control Systems Objective: Ensure necessary security enhancements are added to the design and implementation of ubiquitous cyber physical systems and process control systems, with an emphasis on transportation, emergency response, energy, and oil and gas systems. Cyber Physical Systems Security (CPSSEC) Build security into the design of critical, smart, networked systems Gain better understanding of threats and system interactions Testing and validation of solutions in partnership with private sector Working with DoTrans and NPPD and Transportation Sector Trustworthy Computing Infrastructure for the Power Grid (TCIPG) Improve the security of next-generation power grid infrastructure, making the underlying infrastructure more secure, reliable and safe 4 University consortium UIUC, WSU, UC-Davis, Dartmouth Private sector advisory board provides reqmts and transition path Partnership with DOE-OE and Universities Securing the Oil and Gas Infrastructure (LOGIIC) Conduct collaborative RDT&E to identify and address sector-wide vulnerabilities in oil and gas industry digital control systems All R&D projects identified and funded by private sector members CSD provides project mgmt. support and inter-sector support 38
39 Research Infrastructure Objective: Develop research infrastructure, such as test facilities, realistic datasets, tools, and methodologies to enable global cybersecurity R&D community researchers to perform at-scale experimentation on their emerging technologies with respect to system performance goals Experimental Research Testbed (DETER) Researcher and vendor-neutral experimental infrastructure Used by 300+ organizations from 25+ states and 30+ countries - DARPA Used in 40 + classes, from 30 institutions and 3,000+ students Open Source code used by Canada, Israel, Australia, Singapore Research Data Repository (PREDICT) Repository of over 700TB of network data for use by community More than 250 users (academia, industry, gov t NSA SBIR) Leading activities on ICT Research Ethics (e.g., Menlo Report) Opening up to international partners (JP, CA, AU, UK, IL, EU) Software Assurance Market Place (SWAMP) A software assurance testing and evaluation facility and services Advance the quality and usage of SwA tools commercial & open IOC 2/1/14; 500+ assessments/week; 9 platforms; 5 SwA tools 39
40 Transition and Outreach Objective: Accelerate the transition of mature federally-funded cybersecurity R&D technology into widespread operational deployment; Educate and train the current and next generations of cybersecurity workforce through multiple methods, models, and activities Transition To Practice (TTP) White House initiated program; CSD budget plus-up in FY12 Working with DOE and DOD labs, FFRDCs, UARCs, NSF, SBIRs Developing relationships in the Energy and Finance Sectors Multiple pilots in progress; Two commercial licensing deals done Cybersecurity Competitions Provide a controlled, competitive environment to assess a student s understanding and operational competency CSD-funded technologies included for test and evaluation 180+ schools and college students participated in 2014 Involvement from private sector; Assisting int l competitions National Initiative for Cybersecurity Education (NICE) Joint DHS/NSF/DOD/DOEd initiative with WH and NIST support Enhance Awareness (led by NPPD); Expand the Pipeline (led by CSD, NSF, DOEd); Evolve the Profession (led by NPPD and DOD) Regional Alliances for Cyber Education (RACE) FY15 solicit. thru NIST 40
41 CSD Projects / Relationships Cyber Economic Incentives Moving Target Defense Tailored Trustworthy Spaces Leap Ahead Technologies Transition to Practice People Systems Identity Management Enterprise Level Security Metrics Usable Security Data Privacy Cyber Forensics Competitions Education Mobile Device Security Insider Threat Secure Protocols Software Quality Assurance Homeland Open Security Technology Assessments & Evaluations Experiments & Pilots Infrastructure Process Control Systems (PCS) Internet Measurement & Attack Modeling Cyber Physical Systems Distributed Denial of Service (DDoS) Defenses Research Infrastructure Experimental Research Testbed (DETER) Research Data Repository (PREDICT) Software Quality Assurance (SWAMP) 41
DHS S&T Cyber Security R&D Programs
Homeland Security Advanced Research Projects Agency DHS S&T Cyber Security R&D Programs Ann Cox, PhD Program Manager October 24, 2014 http://www.dhs.gov/cyber-research Presentation Outline Threat Space
More informationBenefits of Collaborative Science and Innovation - Improve Cyber Security
Public-Private Cooperation in Cybersecurity Research Strategy Development across the Globe A View from the U.S. Department of Homeland Security (DHS) Background Envision a future... in which universities
More informationCyber Security Division Overview
Homeland Security Advanced Research Projects Agency Cyber Security Division Overview Douglas Maughan, Ph.D. Director October 9, 2012 http://www.cyber.st.dhs.gov Environment: Greater Use of Technology,
More informationDHS S&T Cyber Security Division (CSD) Overview
Dept. of Homeland Security Science & Technology Directorate DHS S&T Cyber Security Division (CSD) Overview TCIPG Industry Workshop UIUC November 8, 2011 Greg Wigton Program Manager Cyber Security Division
More informationDHS S&T Cyber Security R&D Program
Dept. of Homeland Security Science & Technology Directorate DHS S&T Cyber Security R&D Program PSU NSRC Industry Day State College, PA October 17, 2006 Douglas Maughan, Ph.D. Program Manager, HSARPA douglas.maughan@dhs.gov
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationMary Ellen Seale National Protection and Programs Directorate May 16, 2012
Finding & Integrating CyberTech in the U.S. Government Mary Ellen Seale National Protection and Programs Directorate May 16, 2012 Obtaining Federal Funding Understanding the Landscape Contracting Small
More informationDHS S&T Cyber Security Division (CSD) Overview
Dept. of Homeland Security Science & Technology Directorate DHS S&T Cyber Security Division (CSD) Overview NDIA Executive Briefing Crystal City, VA February 17, 2011 Douglas Maughan, Ph.D. Division Director
More informationActions and Recommendations (A/R) Summary
Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry
More informationUS Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST)
US Federal Cyber Security Research Program November 15, 2012 New England Advanced Cyber Security Center Workshop Bill Newhouse (NIST) william.newhouse@nist.gov NITRD Structure for US Federal Cybersecurity
More informationCyber Security Research and Development a Homeland Security Perspective
FBI ----------------------------------------- INFRAGARD National Conference ----------------------------------------- 2005 Cyber Security Research and Development a Homeland Security Perspective Annabelle
More informationUS Federal Cyber Security Research Program. NITRD Program
US Federal Cyber Security Research Program NITRD Program Purpose The primary mechanism by which the U.S. Government coordinates its unclassified Networking and IT R&D (NITRD) investments Supports NIT-related
More informationIn December 2011, the White House Office of Science. Introducing the federal cybersecurity R&D strategic plan. Leaping ahead on cybersecurity
Introducing the federal cybersecurity R&D strategic plan Douglas Maughan, Bill Newhouse, and Tomas Vagoun In December 2011, the White House Office of Science and Technology Policy (OSTP) released the document,
More informationTUSKEGEE CYBER SECURITY PATH FORWARD
TUSKEGEE CYBER SECURITY PATH FORWARD Preface Tuskegee University is very aware of the ever-escalating cybersecurity threat, which consumes continually more of our societies resources to counter these threats,
More information(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative
(U) Appendix D: Evaluation of the Comprehensive National Cybersecurity Initiative (U) Presidential Directive NSPD 54/HSPD 23, Cybersecurity Policy, established United States policy, strategy, guidelines,
More informationDHS S&T Cyber Security Division (CSD) PREDICT Overview
Homeland Security Advanced Research Projects Agency DHS S&T Cyber Security Division (CSD) PREDICT Overview Douglas Maughan Division Director November 2, 2015 http://www.dhs.gov/cyber-research DHS S&T Research
More informationMiddle Class Economics: Cybersecurity Updated August 7, 2015
Middle Class Economics: Cybersecurity Updated August 7, 2015 The President's 2016 Budget is designed to bring middle class economics into the 21st Century. This Budget shows what we can do if we invest
More informationAn Update from Washington Cybersecurity / R&D
Homeland Security Advanced Research Projects Agency An Update from Washington Cybersecurity / R&D Douglas Maughan, Ph.D. Division Director October 30, 2012 http://www.cyber.st.dhs.gov Environment: Greater
More informationPreventing and Defending Against Cyber Attacks October 2011
Preventing and Defending Against Cyber Attacks October 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their
More informationPreventing and Defending Against Cyber Attacks June 2011
Preventing and Defending Against Cyber Attacks June 2011 The Department of Homeland Security (DHS) is responsible for helping Federal Executive Branch civilian departments and agencies secure their unclassified
More informationDHS S&T Cyber Security Division (CSD) Overview
Dept. of Homeland Security Science & Technology Directorate DHS S&T Cyber Security Division (CSD) Overview BAA 11-XX Industry Day WDC November 17, 2010 Douglas Maughan, Ph.D. Division Director Cyber Security
More informationHow To Transition Research Into Practice
2013 IEEE. Appears in IEEE Security & Privacy Magazine, Vol. 11, No. 2, March- April 2013, pp. 14-23. (https://ieeexplore.ieee.org/xpl/articledetails.jsp?tp=&arnumber=6493323) Crossing the Valley of Death
More informationSDN Security Challenges. Anita Nikolich National Science Foundation Program Director, Advanced Cyberinfrastructure July 2015
SDN Security Challenges Anita Nikolich National Science Foundation Program Director, Advanced Cyberinfrastructure July 2015 Cybersecurity Enhancement Act 2014 Public-Private Collaboration on Security (NIST
More informationWritten Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.
Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government
More informationCyber Security Division FY 2012 Annual Report
Cyber Security Division FY 2012 Annual Report Cyber Security Divison FY 2012 Annual Report LETTER FROM THE DIRECTOR Douglas Maughan, Ph.D. Cyber adversaries continue to present a full spectrum of threats
More informationSECURE AND TRUSTWORTHY CYBERSPACE (SaTC)
SECURE AND TRUSTWORTHY CYBERSPACE (SaTC) Overview The Secure and Trustworthy Cyberspace (SaTC) investment is aimed at building a cybersecure society and providing a strong competitive edge in the Nation
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationNational Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity
National Cybersecurity Challenges and NIST Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity Though no-one knows for sure, corporate America is believed to lose anything
More informationCyber Watch. Written by Peter Buxbaum
Cyber Watch Written by Peter Buxbaum Security is a challenge for every agency, said Stanley Tyliszczak, vice president for technology integration at General Dynamics Information Technology. There needs
More informationToward a Federal Cybersecurity Research Agenda: Three Game-changing Themes
Toward a Federal Cybersecurity Research Agenda: Three Game-changing Themes Toward a Federal Cybersecurity Research Agenda: Three Game-changing Themes Dr. Jeannette Wing Assistant Director for Computer
More informationParticipants: Introduction:
National Conversation A Trusted Cyber Future Discussion Led by Dan Massey, CSD Program Manager Moderator: Joe Gersch (Secure 64) Department of Homeland Security Science and Technology Directorate (DHS
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationCyber Security Metrics Dashboards & Analytics
Cyber Security Metrics Dashboards & Analytics Feb, 2014 Robert J. Michalsky Principal, Cyber Security NJVC, LLC Proprietary Data UNCLASSIFIED Agenda Healthcare Sector Threats Recent History Security Metrics
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationHomeland Open Security Technology HOST Program
Homeland Open Security Technology HOST Program Informational Briefing August 2011 Sponsored by: U.S. Department of Homeland Security Science and Technology Directorate Implemented by: Open Technology Research
More informationRelease of the Draft Cybersecurity Procurement Language for Energy Delivery Systems
Release of the Draft Cybersecurity Procurement Language for Energy Delivery Systems Energy Sector Control Systems Working Group Supporting the Electricity Sector Coordinating Council, Oil & Natural Gas
More information2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy
2015 Michigan NASCIO Award Nomination Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy Sponsor: David Behen, DTMB Director and Chief Information Officer Program Manager: Rod Davenport,
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationCyberSecurity Solutions. Delivering
CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions
More informationApril 10, 2009. Ms. Melissa Hathaway Acting Senior Director for Cyberspace National Security and Homeland Security Councils. Dear Ms.
William B. Nelson President & CEO FS-ISAC 20496 Partridge Place Leesburg, VA 20175 703-777-2803 (Direct) 509-278-2412 (Fax) bnelson@fsisac.us www.fsisac.com April 10, 2009 Ms. Melissa Hathaway Acting Senior
More informationNICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
More informationDOE Cyber Security Policy Perspectives
DOE Cyber Security Policy Perspectives Mike Smith Senior Cyber Policy Advisor to the Assistant Secretary Department of Energy Overview of DOE Cybersecurity Priorities Protecting the DOE Enterprise from
More informationIntroduction to NICE Cybersecurity Workforce Framework
Introduction to NICE Cybersecurity Workforce Framework Jane Homeyer, Ph.D., Deputy ADNI/HC for Skills and Human Capital Data, ODNI Margaret Maxson, Director, National Cybersecurity Education Strategy,
More informationGovernment Research Needs: Who Funds What?
Dept. of Homeland Security Science & Technology Directorate Government Research Needs: Who Funds What? ACSAC 2009 Honolulu, HI December 10, 2009 Douglas Maughan, Ph.D. Branch Chief / Program Mgr. douglas.maughan@dhs.gov
More informationNGA Paper. Act and Adjust: A Call to Action for Governors. for cybersecurity;
NGA Paper Act and Adjust: A Call to Action for Governors for Cybersecurity challenges facing the nation. Although implementing policies and practices that will make state systems and data more secure will
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationUS-CERT Overview & Cyber Threats
US-CERT Overview & Cyber Threats National Cyber Security Division United States Computer Emergency Readiness Team June 2006 Agenda Introduction to US-CERT Overview of why we depend on a secure cyberspace
More informationTestimony of. Cita M. Furlani Director
Testimony of Cita M. Furlani Director Information Technology Laboratory National Institute of Standards and Technology United States Department of Commerce Joint Hearing Before the United States House
More informationNational Initiative for Cyber Security Education
2014/PPWE/SEM2/007 Agenda Item: 5 National Initiative for Cyber Security Education Submitted by: United States Women Business and Smart Technology Seminar Beijing, China 23 May 2014 NICE OVERVIEW Women
More informationScience or Security. George O. Strawn NSF & NITRD (retired)
Science or Security George O. Strawn NSF & NITRD (retired) Caveat auditor The opinions expressed in this talk are those of the speaker, not the U.S. government Outline Anecdotes about IT security Observations
More informationCyber Security and Privacy - Program 183
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
More informationCapabilities for Cybersecurity Resilience
Capabilities for Cybersecurity Resilience In the Homeland Security Enterprise May 2012 DHS Cybersecurity Strategy A cyberspace that: Is Secure and Resilient Enables Innovation Protects Public Advances
More informationDoD Strategy for Defending Networks, Systems, and Data
DoD Strategy for Defending Networks, Systems, and Data November 13, 2013 Department DoDD of Defense Chief Information Officer DoD Strategy for Defending Networks, Systems, and Data Introduction In July
More informationAn Overview of Large US Military Cybersecurity Organizations
An Overview of Large US Military Cybersecurity Organizations Colonel Bruce D. Caulkins, Ph.D. Chief, Cyber Strategy, Plans, Policy, and Exercises Division United States Pacific Command 2 Agenda United
More informationAdap%ve Cybersecurity Technologies: Impact
Adap%ve Cybersecurity Technologies: Impact Ulf Lindqvist, Ph.D. Program Director, Infrastructure Security Research Computer Science Laboratory SRI Interna%onal Presented at the Belfast 2013 Summit, March
More informationNational Cyber Security Strategies: United States
National Cyber Security Strategies: United States Audrey L. Plonk Director, Cybersecurity and Internet Governance Intel Corporation 1 ICSS 2013 Trends: National Cybersecurity Strategies New strategies
More informationTestimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security
Testimony of Dr. Phyllis Schneck Deputy Under Secretary for Cybersecurity and Communications National Protection and Programs Directorate United States Department of Homeland Security Before the United
More informationAddressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense
A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical
More informationIEEE-Northwest Energy Systems Symposium (NWESS)
IEEE-Northwest Energy Systems Symposium (NWESS) Paul Skare Energy & Environment Directorate Cybersecurity Program Manager Philip Craig Jr National Security Directorate Sr. Cyber Research Engineer The Pacific
More informationCyber Security Research and Development: A Homeland Security Perspective
Cyber Security Research and Development: A Homeland Security Perspective Simon Szykman, Ph.D. Director, Cyber Security R&D 202-772-9867 Outline! DHS Organizational Overview Cyber Security Stakeholders
More informationInternet Safety and Security: Strategies for Building an Internet Safety Wall
Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet
More informationU. S. Attorney Office Northern District of Texas March 2013
U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate
More informationSecurity Coordination with IF-MAP
Security Coordination with IF-MAP Matt Webster, Lumeta 28 Sept 2010 Copyright 2010 Trusted Computing Group Agenda Threat Landscape and Federal Networks Recap of TNC Explanation of IF-MAP What is IF-MAP?
More informationDHS. CMSI Webinar Series
DHS CMSI Webinar Series Renee Forney Executive Director As the Executive Director for the Cyberskills Management Support Initiative (CMSI), Ms. Forney supports the Undersecretary for Management (USM) for
More informationSECURE AND TRUSTWORTHY CYBERSPACE (SaTC) $124,250,000 +$1,500,000 / 1.2%
SECURE AND TRUSTWORTHY CYBERSPACE (SaTC) $124,250,000 +$1,500,000 / 1.2% Overview The Secure and Trustworthy Cyberspace (SaTC) investment is aimed at building a cybersecure society and providing a strong
More informationIntroduction. Opening Presentation. 1 http://www.whitehouse.gov/blog/2011/12/06/federal-cybersecurity-rd-strategic-plan-released
National Conversation A Trusted Cyber Future Minneapolis Led by Dr. Douglas Maughan, Division Director and Dr. Daniel Massey, Program Manager Department of Homeland Security Science and Technology Directorate
More informationPREDICT: A Data Repository for Cyber Security Research
PREDICT: A Data Repository for Cyber Security Research Charlotte Scheper RTI International Manish Karir DHS S&T 1 RTI International is a trade name of Research Triangle Institute. www.rti.org What is PREDICT?
More informationWhy Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP
Why Cybersecurity Matters in Government Contracting Robert Nichols, Covington & Burling LLP Cybersecurity is the No. 1 Concern of General Counsel and Directors 2 Cybersecurity Concerns in the Government
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationCybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014
Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security
More informationWasting Money on the Tools? Automating the Most Critical Security Controls. Mason Brown Director, The SANS Institute
Wasting Money on the Tools? Automating the Most Critical Security Controls Bonus: Gaining Support From Top Managers for Security Investments Mason Brown Director, The SANS Institute The Most Trusted Name
More informationIntegrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education
Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and Healthy Students Hamed Negron-Perez,
More informationNational Security & Homeland Security Councils Review of National Cyber Security Policy. Submission of the Business Software Alliance March 19, 2009
National Security & Homeland Security Councils Review of National Cyber Security Policy Submission of the Business Software Alliance March 19, 2009 Question # 1: What is the federal government s role in
More informationHow To Improve Federal Network Security
Department of Federal Network Trusted Internet Connections (TIC) Update for the Information and Privacy Advisory Board July 29, 2009 Federal Network (FNS) Federal Network Branch Branch Vision: To be the
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationAddressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst
ESG Brief Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst Abstract: APTs first came on the scene in 2010, creating a wave
More informationMESSAGE FROM THE SECRETARY... ii EXECUTIVE SUMMARY... iii INTRODUCTION... 1 THE FUTURE WE SEEK... 5
TABLE OF CONTENTS MESSAGE FROM THE SECRETARY... ii EXECUTIVE SUMMARY... iii INTRODUCTION... 1 SCOPE... 2 RELATIONSHIP TO OTHER KEY POLICIES AND STRATEGIES... 3 MOTIVATION... 3 STRATEGIC ASSUMPTIONS...
More informationSECURITY. Risk & Compliance Services
SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize
More informationTriangle InfoSeCon. Alternative Approaches for Secure Operations in Cyberspace
Triangle InfoSeCon Alternative Approaches for Secure Operations in Cyberspace Lt General Bob Elder, USAF (Retired) Research Professor, George Mason University Strategic Advisor, Georgia Tech Research Institute
More informationSeptember 20, 2013 Senior IT Examiner Gene Lilienthal
Cyber Crime September 20, 2013 Senior IT Examiner Gene Lilienthal The following presentation are views and opinions of the speaker and does not necessarily reflect the views of the Federal Reserve Bank
More informationBusiness Continuity for Cyber Threat
Business Continuity for Cyber Threat April 1, 2014 Workshop Session #3 3:00 5:30 PM Susan Rogers, MBCP, MBCI Cyberwise CP S2 What happens when a computer program can activate physical machinery? Between
More informationFacilitated Self-Evaluation v1.0
Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2) Patricia Hoffman Facilitated Self-Evaluation v1.0 Assistant Secretary Office of Electricity Delivery and Energy Reliability U.S.
More informationIntegrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)
Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs) Amy Banks, U.S. Department of Education, Center for School Preparedness, Office of Safe and
More informationI3P SCADA Security Research Plan
I3P SCADA Security Research Plan Unifying Stakeholders and Security Programs to Address SCADA Vulnerability and Infrastructure Interdependency Ron Trellue, Team Lead Sandia National Laboratories 1 What
More informationIndustry involvement in education and research - TCIPG
1 Industry involvement in education and research - TCIPG Peter W. Sauer and William H. Sanders (and the TCIPG team) IEEE/PES GM, Denver, CO July 29, 2015 Outline History and facts TCIPG Overview and Vision
More informationCybersecurity: What CFO s Need to Know
Cybersecurity: What CFO s Need to Know William J. Nowik, CISA, CISSP, QSA PCIP MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2014 Wolf & Company, P.C. Today s Agenda Introduction
More informationTRUST Background. National Science Foundation Office of Integrative Activities (OIA) Core Funding (FY2005-2015)
TRUST TRUST: : Team for Research in Ubiquitous Secure Technology A Collaborative Approach to Advancing Cyber Security Research and Development Larry Rohrbough Executive Director, TRUST University of California,
More informationC ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY
CSCSS / ENTERPRISE TECHNOLOGY + SECURITY C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CENTRE FOR STRATEGIC CSCSS CYBERSPACE + SECURITY SCIENCE CSCSS / ENTERPRISE TECHNOLOGY + SECURITY GROUP Information
More informationPrivacy and Security in Healthcare
5 th 5 th th National HIPAA Summit National Strategy to Secure Cyberspace Privacy and Security in Healthcare October 31, 2002 Andy Purdy Senior Advisor, IT Security and Privacy The President s Critical
More informationOffice of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS)
Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS) PSCR Public Safety Broadband Stakeholder Conference June 4 th, 2014 Alex Kreilein Technology Policy Strategist Office
More informationPALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management
PALANTIR CYBER An End-to-End Cyber Intelligence Platform for Analysis & Knowledge Management INTRODUCTION Traditional perimeter defense solutions fail against sophisticated adversaries who target their
More informationCybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU
Cybersecurity Global status update Dr. Hamadoun I. Touré Secretary-General, ITU Cybercrime takes a toll on the global economy - Online fraud, identity theft, and lost intellectual property; - On governments,
More informationTHE WHITE HOUSE Office of the Press Secretary
FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly
More informationPreventing and Defending Against Cyber Attacks November 2010
Preventing and Defending Against Cyber Attacks November 2010 The Nation s first ever Quadrennial Homeland Security Review (QHSR), delivered to Congress in February 2010, identified safeguarding and securing
More information4/21/2015. Jim Reavis CEO, Cloud Security Alliance. Cloud Security Alliance, 2015. Agenda
Jim Reavis CEO, Cloud Security Alliance Agenda CSA History CloudCERT White House Legislative Announcements How is CSA addressing the issue of information sharing? Cloud CISC Pilot Demo Next Steps Questions?
More informationServices. Cybersecurity. Capgemini & Sogeti. Guiding enterprises and government through digital transformation while keeping them secure
Home Secure digital transformation SMACT Advise, Protect & Monitor Why Capgemini & Sogeti? In safe hands Capgemini & Sogeti Cybersecurity Services Guiding enterprises and government through digital transformation
More informationInto the cybersecurity breach
Into the cybersecurity breach Tim Sanouvong State Sector Cyber Risk Services Deloitte & Touche LLP April 3, 2015 Agenda Setting the stage Cyber risks in state governments Cyber attack vectors Preparing
More informationCybersecurity as a Risk Factor in doing business
Cybersecurity as a Risk Factor in doing business 1 Data is the new raw material of business Economist UK, 2013. In trying to defend everything he defended nothing Frederick the Great, Prussia 1712-86.
More informationNew Era in Cyber Security. Technology Development
New Era in Cyber New Era in Cyber Security Security Technology Technology Development Development Combining the Power of the Oil and Gas Industry, DHS, and the Vendor Community to Combat Cyber Security
More information