DHS S&T Cyber Security Division (CSD) Strategic Vision

Transcription

1 Homeland Security Advanced Research Projects Agency DHS S&T Cyber Security Division (CSD) Strategic Vision Douglas Maughan Division Director December 16,

2 Presentation Outline Why are we here today? Cyber Threat landscape has changed over the past several years Early investments by CSD Comprehensive National Cybersecurity Initiative (CNCI) Established in the Bush White House Continued in the Obama Administration Sunsetted in FY14 Federal R&D Strategic Plan Research Requirements Process CSD Mission and Strategy Broad Agency Announcement (BAA) Topics 36 Awards Technology Transition Branching out internationally 2

3 Cyber Threats and Sources Nation States Terrorists, DTOs, etc. Hackers/Hacktivists Cyber Criminal Organizations Insider Threats Malware Malicious software to disrupt computers Viruses, worms, Theft of Intellectual Property or Data Hactivism Cyber protests that are socially or politically motivated Mobile Devices and Applications and their associated Cyber Attacks Social Engineering Entice users to click on Malicious Links Spear Phishing Deceptive communications ( s, Texts, Tweets) Domain Name System (DNS) Attacks Router Security Border Gateway Protocol (BGP) Hijacking Denial of Service (DOS) blocking access to web sites Others.. Bottom Line: Easier to be a bad guy and volume of threats is growing 3

4 Research Activities Already Initiated DHS / NSF Cybersecurity Testbed Large-scale Network Security Research Testing and Evaluation Datasets National Strategy to Secure Cyberspace Secure Domain Name System (DNSSEC) Secure Routing Infrastructure (e.g., BGP) Cyber Economic Assessment studies 7 April

5 BAA04-17 Awards TTA Type ID PI Organization Full Proposal Title Funding Amt. 1 II 3 University of California, Irvine Adding Mandatory Access Control to Java VMs $312,483 2 I 5 GrammaTech, Inc Model Checking Software Binaries $442,011 2 I 9 Stanford University Open Source Hardening Project $1,241,276 2 II 1 Komoku, Inc. Copilot - A High Assurance and Independent Security Auditor $1,165,416 2 II 3 Georgia Institute of Technology Preventing SQL Code Injection by Combining Static and $390,019 Runtime Analysis 3 II 5 University of Delaware Benchmarks for evaluation of DDoS defense systems $533,716 4 I 1 Princeton University Incrementally Deployable Security for Interdomain Routing $312,483 4 II 13 Adventium Labs Embedded Firewall for Robust Protection of Mission Critical $821,796 Operations 4 II 20 George Mason University Enhanced Topological Vulnerability Analysis and Visualization $1,100,000 4 III 2 Telcordia Technologies AVACC: Automated Vulnerability Assessment of Critical Cyber- Infrastructure Through Policy-based Configuration Synthesis $500,000 5 I 4 University of Michigan, Ann Arbor Secure Coordination and Communication in a Crisis Using Handheld $1,352,549 Devices 5 I 8 Dartmouth College M.A.P. (Measure, Analyze, Protect): security through $1,698,545 measurement for wireless LANs 6 I 1 BBN Technologies ZombieStones: Attack Tracing Across Events Separated in $384,892 Time 6 II 4 Southwest Research Institute Single Packet IP Traceback Through Internet Autonomous $1,224,799 Systems 7 I 2 Stanford University SpoofGuard Anti-Phishing Technologies $766,671 7 II 4 McAfee, Inc. Phisherman $887,142 7 II 7 BBN PhishBouncer- An Architectural Approach to Defending Against Phishing Attacks $749,639 8 June

6 BAA07-09 Awards TTA Type PI Organization Paper Title Time Proposed Funding 1 II Georgia Institute of Technology Countering Botnets: Anomaly-Based Detection, Comprehensive Analysis, and Efficient Mitigation 24 $ 1,050,730 2 I IBM Thomas J. Watson Research Center Montage: A Methodology for Designing Composable End-To-End Secure Distributed Systems 36 $ 900,000 2 II Secure64 Software Corporation Automating the Chain of Trust: Secure Interzone Key Management for Large Scale DNSSEC Deployments (Project Acronym: SCOTTY) 36 $ 1,242,815 2 II Packet Clearing House, Inc. INOC-DBA, VoIP Network Security 24 $ 600,000 4 I CA FloViS: Flow Visualization System $ 925,050 4 II Secure Decisions division of Applied Visions, Inc. Visualization Toolkit for NetFlow Analytics $ 617,098 The Regents of the University of California; leveraging the science and technology of Internet mapping for homeland 5 I UC San Diego security $ 1,582,467 6 II Colorado State University WIT: A Watchdog System for Internet Routing 24 $ 1,500,000 6 III Packet Clearing House, Inc. BGP Routing Integrity Checker and Prefix-List Filter Generation Tool 12 $ 450,000 7 I Digital Bond, Inc. Passive Security Log Generation for Control Systems 12 $ 475,000 7 III Sandia National Laboratories Secure and Reliable Wireless Networks for Critical Infrastructure Facilities 12 $ 643,000 8 II John Hopkins University New Frameworks for Detecting and Minimizing Information Leakage in Anonymized Network Data 24 $ 928,682 9 I Washington State University Insider Threat Detection Using a Graph-based Approach $ 327,667 9 II Dolphin Technology Inc. Document-based Management, Access Control and Security (DocuMACS) $ 1,165,000 TOTAL $ 12,407,509 4 April

7 7 Comprehensive National Cybersecurity Initiative (CNCI) Establish a front line of defense Reduce the Number of Trusted Internet Connections Deploy Passive Sensors Across Federal Systems Pursue Deployment of Automated Defense Systems Coordinate and Redirect R&D Efforts Resolve to secure cyberspace / set conditions for long-term success Connect Current Centers to Enhance Situational Awareness Develop Gov t-wide Counterintelligence Plan for Cyber Increase Security of the Classified Networks Expand Education Shape future environment / secure U.S. advantage / address new threats Define and Develop Enduring Leap Ahead Technologies, Strategies & Programs Define and Develop Enduring Deterrence Strategies & Programs Manage Global Supply Chain Risk Cyber Security in Critical Infrastructure Domains 7

8 Federal Cybersecurity R&D Strategic Plan Science of Cyber Security Research Themes Tailored Trustworthy Spaces Moving Target Defense Cyber Economics and Incentives Designed-In Security (New for FY13) Transition to Practice Technology Discovery Test & Evaluation / Experimental Deployment Transition / Adoption / Commercialization Released Dec 6, ederal-cybersecurity-rd-strategic-plan-released Support for National Priorities Health IT, Smart Grid, NSTIC (Trusted Identity), NICE (Education), Financial Services 8

9 CSD Research Requirement Inputs White House/NSS National Strategy 2003 Comprehensive National Cybersecurity Initiative (CNCI) EO 13636/PPD 21 National CISR R&D Plan (in progress) Transition to Practice (TTP) Cyber Economic Incentives Research National Initiative for Cybersecurity Education (NICE) Cybersecurity Framework Support State/Local S&T First Responders Group FRAC/TTWG SWGDE (FBI) Departmental Inputs QHSR 2009 & 2014 Blueprint NPPD/CS&C/NCCIC ICE HSI / IPR USSS CBP USCG TSA DHS CIO/CISO Councils CSD Interagency Collaboration Cyber Security and Information Assurance (CSIA) IWG SCORE Classified R&D WG Cyber-Physical Systems (CPS) SSG Big Data SSG Cyber Forensics WG Critical Infrastructure Sectors (Private Sector) Energy (Oil & Gas, Electric Power) Banking and Finance Communications/IT Cross-Sector Cyber Security WG International Collaborations 9

10 CSD Mission & Strategy REQUIREMENTS CSD MISSION Develop and deliver new technologies, tools and techniques to defend and secure current and future systems and networks Conduct and support technology transition efforts Provide R&D leadership and coordination within the government, academia, private sector and international cybersecurity community CSD STRATEGY Trustworthy Cyber Infrastructure Cybersecurity Research Infrastructure Network & System Security and Investigations Cyber Physical Systems Transition and Outreach Stakeholders Government Venture Capital International IT Security Companies Open Source Outreach Methods (Sampling) Technology Demonstrations Social Media Speaking Engagements Media Outreach Program Presenter s Reviews Name June 17,

11 CSD R&D Execution Model Research, Development, Test and Evaluation & Transition (RDTE&T) "Crossing the Valley of Death : Transitioning Cybersecurity Research into Practice," IEEE Security & Privacy, March-April 2013, Maughan, Douglas; Balenson, David; Lindqvist, Ulf; Tudor, Zachary Successes Over 30 products transitioned since 2004, including: 2004 BAA commercial products 2 Open Source products 2005 BAA (RTAP) 1 commercial product 1 GOTS product 1 Open Source product 2007 BAA commercial products 2011 BAA (more to come) 1 Open Source product 1 Research Infrastructure Law Enforcement Support 2 commercial products 1 Open Source product Multiple Knowledge products Identity Management 1 Open Source standard and GOTS solution SBIRs 8 commercial products 1 Open Source product 11

12 S&T International Engagements International Bilateral Agreements Government-to-government cooperative activities for 13 bilateral Agreements Canada (2004) Australia (2004) United Kingdom (2005) Singapore (2007) Sweden (2007) Mexico (2008) Israel (2008) France (2008) Germany (2009) New Zealand (2010) European Commission (2010) Spain (2011) Netherlands (2013) Over $6M of International co-funding COUNTRY PROJECTS MONEY IN JOINT MONEY OUT Australia 3 $300K $400K Canada 11 $1.8M Germany 1 $300K Israel 2 $100K Netherlands 7 $450K $1.2M $150K Sweden 4 $650K United Kingdom 3 $1.0M $400K $200K New Zealand 1 Japan 1 12

13 Cyber Security Budget Overview

14 Presentation Outline Where are we going? Solicitations FY14 BAA (Funded FY15-17) SBIR Long-Range BAA Collaboration Sessions Wed. afternoon Security Culture (Sweden s SECUR-IT Initiative) Cyber Experimentation for the Future Security of Open Source Solutions Economics of Cybersecurity International Partners Open Discussion Cyber Apex Banking and Finance Sector Large-scale technology integration and demonstration National Critical Infrastructure Security and Resilience R&D Strategic Plan National Initiative on Cybersecurity Education (NICE) 14

15 Anticipated Schedule 23 Apr: BAA released incl. to participating countries $95M over 5 year period OCPO/HSHQDC-14-R-B0005/listing.html S&T BAA Website: 1 June+: Publish BAA Topic Calls Open to all respondents foreign and domestic June 2014 March 2015: BAA White Paper and Proposal Review process and Contracting Activities International Collaborations 2014 Broad Agency Announcement 15

16 2014 BAA Topics Data Privacy: TTA #1 - Privacy Policy Compliance Tools TTA #2 - Privacy-Preserving Federated Search TTA #3 - Mobile Computing Privacy CPSSEC: TTA #1 - Security Models and Interactions TTA #2 - Secure System Design and Implementation TTA #3 - Experiments and Pilots Mobile Tech Sec: TTA #1 - Mobile Device Instrumentation TTA #2 - Transactional Security Methods TTA #3 - Mobile Security Mgmt Tools TTA #4 - Protecting Mobile Device Layers DDoSD: TTA #1 - Measurement & Analysis to Promote Best Current Practices (BCP 38, SAC004) TTA #2 - Tools for Communication and Collaboration TTA #3 - Novel DDoS Attack Mitigation and Defense Techniques 16

17 Important program for creating new innovation and accelerating transition into the marketplace Since 2004, DHS S&T Cyber Security has had: 74 Phase I efforts 28 Phase II efforts 4 Phase II efforts currently in progress 10 commercial/open source products available Four acquisitions Small Business Innovative Research (SBIR) - 1 Komoku, Inc. (MD) acquired by Microsoft in March 2008 Endeavor Systems (VA) acquired by McAfee in January 2009 Solidcore (CA) acquired by McAfee in June 2009 HBGary (CA) acquired by ManTech in February 2012 S&T BAA / SBIR Website: 17

18 Small Business Innovative Research (SBIR) - 2 FY04 Cross-Domain Attack Correlation Technologies (2) Real-Time Malicious Code Identification (2) Advanced SCADA and Related Distributed Control Systems (5) FY05 Hardware-assisted System Security Monitoring (4) FY06 Network-based Boundary Controllers (3) Botnet Detection and Mitigation (4) FY07 Secure & Reliable Wireless Comms for Control Systems (2) FY09 Software Testing and Vulnerability Analysis (3) FY10 Large-Scale Network Survivability, Rapid Recovery, and Reconstitution (1) FY11 Mobile Device Forensics (1) FY12 Moving Target Defense (2) Solid State Drive Analysis (1) FY13 Hybrid Analysis Mapping (2) Software Based Roots of Trust for Enhanced Mobile Device Security (3) FY14 Embedded System Security FY15 Enhanced Distributed Denial of Service Defense 18

19 DHS S&T Long Range Broad Agency Announcement (LRBAA) S&T seeks R&D projects for revolutionary, evolving, and maturing technologies that demonstrate the potential for significant improvement in homeland security missions and operations Offerors can submit a pre-submission inquiry prior to White Paper submission that is reviewed by an S&T Program Manager CSD has 18 Topic Areas (CSD.01 CSD.18) SEE NEXT SLIDE LRBAA open 2/25/2014, closes 12/31/2018 Additional information can be found on the Federal Business Opportunities website ( (Solicitation #:DHSST-LRBAA14-02) 19

20 LRBAA Summary Listing CSD.01 National Critical Infrastructure Security and Resilience (CISR) R&D Strategic Plan topics CSD.02 Internet Infrastructure Security CSD.03 Cyber Experimentation for the Future CSD.04 Homeland Open Security Technology CSD.05 Forensics support to law enforcement CSD.06 Identity Management CSD.07 Data Privacy and Information Flow technologies. CSD.08 Software Assurance CSD.09 Cyber security education, competitions, and curriculum development. CSD.10 Cyber-Physical Control and Process Control Systems Security CSD.11 Internet Measurement and Attack Modeling CSD.12 Securing the mobile workforce CSD.13 Insider Threats CSD.14 Experiments and Pilots Test and evaluation in experimental operational environments to facilitate transition. CSD.15 Cybersecurity Economic Incentives, Insurance, and Behaviors CSD.16 Data Analytics analysis techniques, visualization CSD.17 Predictive Analytics CSD.18 Distributed Denial of Service Defense 20

21 Collaboration Sessions Sweden s Security Culture and Information Tech - SECURIT The objective of this session is to share what our Swedish partners are doing, how it s worked, and how can we incorporate this into what we are doing. Cybersecurity Experimentation of the Future In order to address evolving cyber challenges researchers need an accessible, broad, and multi-organizational cybersecurity experimentation capability that supports tomorrow s research. The objective of this session is to share a plan and roadmap and seek your feedback through open dialogue. Issues and Challenges in Transitioning Open Source Solutions This session will discuss challenges and opportunities related to open source. Participants are encouraged to bring questions on open source policies, examples of open source successes and failures, and help determine how DHS S&T CSD can best help promote successful open source transitions. Economics of Cybersecurity The objective of the session is to discuss how economic considerations might affect the ultimate transition and utility of the various cyber security measures being developed through CSD s research program. International Partners Open Discussion International partners will be available to discuss additional questions not addressed in the International Panel Discussion. 21

22 The Future at DHS S&T Screening at Speed: Security that Matches the Pace of Life A Trusted Cyber Future: Protecting Privacy, Commerce and Community In a future of increasing cyber connections, underlying digital infrastructure will be self-detecting, self-protecting and self-healing. Users will trust that information is protected, illegal use is deterred, and privacy is not compromised. Security will operate seamlessly in the background. Enable the Decision Maker: Actionable Information at the Speed of Thought Responder of the Future: Protected, Connected, and Fully Aware Resilient Communities: Disaster-Proofing Society 22

23 Public-Private R&D Partnerships MOU between DHS S&T, NIST, and FS Sector Coord Council (FSSCC) in coordination with WH Framework for publicprivate collaboration on R&D projects for the FS 1) to facilitate innovation, 2) to identify and overcome cybersecurity vulnerabilities, and 3) to develop more efficient and effective processes that benefit critical financial services functions and other critical infrastructures 23

24 What are the core cybersecurity problems we are trying to address? Compromise of the cyber fabric underlying our nation s critical infrastructure (CI) is a threat to US national security 70% of critical infrastructure companies have been hit with breaches in the past year Source: 2014 Survey from Unisys and Ponemon Institute Perimeter-based defense is not sufficient for wellresourced adversaries Mandiant reports that nearly 100% of it victims have up-todate virus software; many observe best practices in network monitoring, firewall filtering, and intrusion detection 243 Median days attackers are on the network before being discovered - Mandiant All CI sectors are facing a core set of cybersecurity challenges: Adversaries are on our systems and networks without our knowledge Understanding of the cyber situation is often inaccurate or only achieved forensically, after the fact Lack of a strong repertoire of response mechanisms that can neutralize the impact of adversary presence while still allowing the sector to maintain an adequate level of operating functionality 24

25 Initial Focus on the Financial Services Sector (FSS) Existing fragilities exist in the core of the financial sector, arising from purely profitseeking behavior: - Complex interdependencies (LTCM) - Increased automation (Knight Capital) - Size and speed of data flow (May 2010 Flashcrash) Known penetration of sector networks by sophisticated adversaries - NASDAQ - JP Morgan (reported at 76M) Clear and growing risk to national security when the two combine [The report] portrayed a market so fragmented and fragile that a single large trade could send stocks into a sudden spiral. - Wall Street Journal summary of the SEC and CFTC joint after action report on the May 2010 Flash-crash 25

26 Technical Approach Overview Open System Architecture producing an integrated capability Advanced Sensing Technologies (AST) Measurement and attestation Behavioral modeling Situation Understanding (SU) Disparate Sensor Alert Analysis Operational Mission Impact Analysis Response and Recovery (RR) Real-time secure sharing Novel engagement approaches *Common interfaces and messaging *Operational Exercises (DECIDE) Network Protections (NP) Advanced network control planes 26

27 Executive Order (EO) on Improving Critical Infrastructure Cybersecurity/ Policy Presidential Directive (PPD) on Critical Infrastructure Security and Resilience Credit: White House / Pete Souza America must also face the rapidly growing threat from cyber attacks That s why, earlier today, I signed a new executive order that will strengthen our cyber defenses by increasing information sharing, and developing standards to protect our national security, our jobs, and our privacy. President Barack Obama, 2013 State of the Union Homeland Security Executive Order 13636: Improving Critical Infrastructure Cybersecurity directs the Executive Branch to: Develop a technology-neutral voluntary cybersecurity framework Promote/incentivize adoption of cybersecurity practices Increase the volume, timeliness and quality of cyber threat information sharing Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure Explore existing regulation to promote cyber security Presidential Policy Directive-21: Critical Infrastructure Security and Resilience replaces Homeland Security Presidential Directive-7 and directs the Executive Branch to: Develop a situational awareness capability that addresses both physical and cyber aspects of how infrastructure is functioning in near-real time Understand cascading consequences of infrastructure failures Evaluate and mature the public-private partnership Update the National Infrastructure Office of Cybersecurity Protection and Plan Communications Develop comprehensive research and development plan 27

28 Education: A National Problem Enhance public awareness: (1) Augment current messaging to promote policies and practices that support Administration priorities, such as EO and PPD-21, and (2) develop messaging that targets senior executives of critical infrastructure companies (e.g., CEOs, Boards of Directors). Expand the Pipeline: (1) Expand formal education at the post-secondary level, including both four-year and two-year institutions and (2) establish new National Academic Consortiums for Cybersecurity Education (government, colleges/universities, high schools, middle schools, technical academies, industry, professional organizations) Evolve the profession: (1) Identify critical cybersecurity workforce skills through a national cybersecurity Workforce Inventory and Gap Analysis and continued development of Cybersecurity Workforce Forecasting Tools and (2) provide access to free or low-cost training for the identified critical skills. NICE was established in support of the Comprehensive National Cybersecurity Initiative (CNCI) Initiative 8: Expand Cyber Education Interim Way Forward and is comprised of over 20 federal departments and agencies. 28

29 CSD R&D Execution Model Research, Development, Test and Evaluation & Transition (RDTE&T) "Crossing the Valley of Death : Transitioning Cybersecurity Research into Practice," IEEE Security & Privacy, March-April 2013, Maughan, Douglas; Balenson, David; Lindqvist, Ulf; Tudor, Zachary Successes Over 30 products transitioned since 2004, including: 2004 BAA commercial products 2 Open Source products 2005 BAA (RTAP) 1 commercial product 1 GOTS product 1 Open Source product 2007 BAA commercial products 2011 BAA (more to come) 1 Open Source product 1 Research Infrastructure Law Enforcement Support 2 commercial products 1 Open Source product Multiple Knowledge products Identity Management 1 Open Source standard and GOTS solution SBIRs 8 commercial products 1 Open Source product 29

30 2014 CYBER SECURITY DIVISION R&D SHOWCASE AND TECHNICAL WORKSHOP

31 Recent CSD Publications 31

32 Summary / Conclusions Cybersecurity research is a key area of innovation to support our global economic and national security futures CSD continues with an aggressive cyber security research agenda to solve the cyber security problems of our current and future infrastructure and systems We believe the Showcase and Technical Workshop over the next 3 days will highlight the excellent work being funded by CSD Will continue strong emphasis on technology transition Will impact cyber education, training, and awareness of our current and future cybersecurity workforce Will continue to work internationally to find and deploy the best ideas and solutions to real-world problems 32

33 #CyberShowcase Douglas Maughan, Ph.D. Division Director Cyber Security Division Homeland Security Advanced Research Projects Agency (HSARPA) / For more information, visit 33

34 Cybersecurity Requirements Historical Timeline Call for Action - Secure Protocols DNSSEC Secure Routing - DETER security testbed - PREDICT data repository Beginnings of CNCI - Call for NICE (Education) - Call for NSTIC (Trusted Identities) - Reinforced need for PREDICT data repository S&T Produced National R&D Roadmap with community input Source for DHS S&T BAA, SBIR, and other solicitations CNCI Tasks 4&9 S&T led via cochair of CSIA IWG Significant interagency activities initiated by WH/NSS/OSTP Implementation plan to accomplish goals of DHS QHSR 24 high priority capabilities needed NPPD-led, S&T involved EO 13636: Improving Critical Infrastructure Cybersecurity PPD 21: Critical Infrastructure Security and Resilience 34

35 Trustworthy Cyber Infrastructure Objective: Develop standards, policies, processes, and technologies to enable more secure and robust global cyber infrastructure and to identify components of greatest need of protection, applying analysis capabilities to predict and respond to cyber attack effects and provide situational understanding to providers Secure Protocols Develop agreed-upon global infrastructure standards and solutions Working with IETF standards, routing vendors, global registries and ISPs Provide global Routing Public Key Infrastructure (RPKI) solutions Follow same process used for DNSSEC global deployment Internet Measurement and Attack Modeling (IMAM) Create more complete view of the geographical and topological mapping of networks and systems Improve global peering, geo-location, and router level maps to assist automated solutions for attack prevention, detection, response Support cross-org, situational understanding at multiple time scales Distributed Denial of Service Defenses (DDOSD) Policy-based technologies to shift the advantage to the defender Measurement/analysis tools to test success of BCP38 deployments Engaging with major finance sector companies and supporting ISPs 35

36 Network and System Security and Investigations - 1 Objective: Develop new and innovative methods, services, and capabilities for the security of future networks and systems to ensure they are usable and security properties can be measured and provide the tools and techniques needed for combatting cybercrime Security for Cloud-Based Systems Develop methodologies and technologies for cloud auditing and forensics in end-point devices Identify data audit methodologies to identify the location, movement, and behavior of data and Virtual Machines (VMs) Work with DHS CIO/CISOs and datacenters Mobile Device Security Develop new approaches to mobile device security (user identity/authentication, device management, App security and management, and secure data) for government purposes Working with DHS CISO and across several components Identity Management / Data Privacy Advance the identity management ecosystem to support Federal, state, local, and private sector identity management functions Develop data privacy technologies to better express, protect, and control the confidentiality of private information Working with DHS, other Federal, State, Local and Private Sector 36

37 Network and System Security and Investigations - 2 Objective: Develop new and innovative methods, services, and capabilities for the security of future networks and systems to ensure they are usable and security properties can be measured and provide the tools and techniques needed for combatting cybercrime toola toolb toold toolc Software Quality Assurance Develop new methods and capabilities to analyze software and address the presence of internal flaws and vulnerabilities to reduce the risk and cost associated with software failures Develop automated capability to bring together independent software and system assessment activities Usable Security and Security Metrics Improve the usability of cybersecurity technologies while maintaining security Develop security metrics and tools and techniques to make them practical and useful as decision aids for enterprise security posture Investigation Capabilities for Law Enforcement Develop investigative tools/techniques for LE agencies to address the use of computers/phones in criminal and cyber related crimes Develop techniques and tools focused on detecting and limiting malicious behavior by untrustworthy insiders inside an organization Cyber Forensics Working Group USSS, ICE, CBP, FBI, S/L 37

38 Cyber Physical Systems / Process Control Systems Objective: Ensure necessary security enhancements are added to the design and implementation of ubiquitous cyber physical systems and process control systems, with an emphasis on transportation, emergency response, energy, and oil and gas systems. Cyber Physical Systems Security (CPSSEC) Build security into the design of critical, smart, networked systems Gain better understanding of threats and system interactions Testing and validation of solutions in partnership with private sector Working with DoTrans and NPPD and Transportation Sector Trustworthy Computing Infrastructure for the Power Grid (TCIPG) Improve the security of next-generation power grid infrastructure, making the underlying infrastructure more secure, reliable and safe 4 University consortium UIUC, WSU, UC-Davis, Dartmouth Private sector advisory board provides reqmts and transition path Partnership with DOE-OE and Universities Securing the Oil and Gas Infrastructure (LOGIIC) Conduct collaborative RDT&E to identify and address sector-wide vulnerabilities in oil and gas industry digital control systems All R&D projects identified and funded by private sector members CSD provides project mgmt. support and inter-sector support 38

39 Research Infrastructure Objective: Develop research infrastructure, such as test facilities, realistic datasets, tools, and methodologies to enable global cybersecurity R&D community researchers to perform at-scale experimentation on their emerging technologies with respect to system performance goals Experimental Research Testbed (DETER) Researcher and vendor-neutral experimental infrastructure Used by 300+ organizations from 25+ states and 30+ countries - DARPA Used in 40 + classes, from 30 institutions and 3,000+ students Open Source code used by Canada, Israel, Australia, Singapore Research Data Repository (PREDICT) Repository of over 700TB of network data for use by community More than 250 users (academia, industry, gov t NSA SBIR) Leading activities on ICT Research Ethics (e.g., Menlo Report) Opening up to international partners (JP, CA, AU, UK, IL, EU) Software Assurance Market Place (SWAMP) A software assurance testing and evaluation facility and services Advance the quality and usage of SwA tools commercial & open IOC 2/1/14; 500+ assessments/week; 9 platforms; 5 SwA tools 39

40 Transition and Outreach Objective: Accelerate the transition of mature federally-funded cybersecurity R&D technology into widespread operational deployment; Educate and train the current and next generations of cybersecurity workforce through multiple methods, models, and activities Transition To Practice (TTP) White House initiated program; CSD budget plus-up in FY12 Working with DOE and DOD labs, FFRDCs, UARCs, NSF, SBIRs Developing relationships in the Energy and Finance Sectors Multiple pilots in progress; Two commercial licensing deals done Cybersecurity Competitions Provide a controlled, competitive environment to assess a student s understanding and operational competency CSD-funded technologies included for test and evaluation 180+ schools and college students participated in 2014 Involvement from private sector; Assisting int l competitions National Initiative for Cybersecurity Education (NICE) Joint DHS/NSF/DOD/DOEd initiative with WH and NIST support Enhance Awareness (led by NPPD); Expand the Pipeline (led by CSD, NSF, DOEd); Evolve the Profession (led by NPPD and DOD) Regional Alliances for Cyber Education (RACE) FY15 solicit. thru NIST 40

41 CSD Projects / Relationships Cyber Economic Incentives Moving Target Defense Tailored Trustworthy Spaces Leap Ahead Technologies Transition to Practice People Systems Identity Management Enterprise Level Security Metrics Usable Security Data Privacy Cyber Forensics Competitions Education Mobile Device Security Insider Threat Secure Protocols Software Quality Assurance Homeland Open Security Technology Assessments & Evaluations Experiments & Pilots Infrastructure Process Control Systems (PCS) Internet Measurement & Attack Modeling Cyber Physical Systems Distributed Denial of Service (DDoS) Defenses Research Infrastructure Experimental Research Testbed (DETER) Research Data Repository (PREDICT) Software Quality Assurance (SWAMP) 41