Homeland Open Security Technology HOST Program

Transcription

1 Homeland Open Security Technology HOST Program Informational Briefing August 2011 Sponsored by: U.S. Department of Homeland Security Science and Technology Directorate Implemented by: Open Technology Research Consortium Georgia Tech Research Institute Open Information Security Foundation Open Source Software Institute

2 Cybersecurity Essential Majority of US supply chains rely on information technologies that can be compromised at any time. CACI US Naval Institute report 2009 Continuous Cyber threats can be unintentional and intentional, targeted and nontargeted, and come from a variety of sources, such as foreign nations engaged in espionage and information warfare, criminals, hackers, virus writers and disgruntled employees. GAO report 2009 Expensive You cannot replicate the NSA for domestic affairs, there isn't enough money, time or human talent. Defense Secretary Robert Gates, 2010

3 Vulnerability Operation Anti-Security Top Five Government Sites Hacked Summer 2011 The US Senate The Pentagon The CIA NASA FBI

4 HOST Program The mission of HOST is to investigate open security methods, models and technologies and identify viable and sustainable approaches that support national cybersecurity objectives.

5 DHS Science & Technology Directorate Drive innovation through advanced research activities Cyber security focus areas: User identity Data Privacy End System Security Research Infrastructure Law Enforcement Forensic Secure Protocols Education DHS S&T Program Areas: DNSSEC SPRI DECIDE HOST LOGIIC ITTC DETER PREDICT Secure Wireless CWID

6 HOST Program Public-Private Collaboration Government Industry Academia Open Source Development Communities Strategic Vision Leverage the technical, economic, administrative power of open source technologies for government use Objectives Drive innovation, advanced research in open security technologies, techniques and procedures Foster collaboration between public-private tech communities Invest in sustainable programs, accessible software assets

7 Open Security do more with less OPEN SECURITY Open development model Transparency, peer review, reusable tools Flexibility, resilience, durability of assets Non-restrictive license agreements, user rights to code access Access to resources Available repositories, community knowledge base Support Increase vendor competition Industry Community Academic participation Policy compliant

8 HOST Strategy DISCOVERY: Leading the discovery process to investigate existing and potential open security projects and techniques that support and protect government cyber networks. COLLABORATION: Coordinating collaborative development activities and establishing working relationships between public and private-sector research and development communities. INVESTMENT: Contributing seed investments in advanced research and development activities that support national cyber security objectives and producing sustainable project communities through broad adoption by public and private-sector use and support.

9 HOST Accomplishments HOST DISCOVERY COLLABORATION INVESTMENT OpenCyberSecurity.org portal Open Technology Dossier Protocol Open Technology Inventory IA Open Source Policy Evaluation Open Information Security Foundation Government Strategic Council HOST Community Round Table Events Community Outreach Suricata IDS/IPS Engine FIPS Validated OpenSSL OpenCyberSecurity C&A

10 HOST Next Steps Identify more Open Security resources OpenCyberSecurity.org Information Portal Open Security Inventory, Open Technology Dossiers Adoption, Information Assurance, Acquisition Policy Issues Grow collaborative communities Government Industry Academia Development Communities Investment Opportunities Sustainable communities seed investments Provide leadership, vision, national cyber security objectives

11 Program Challenges Resistance to change Willingness to share sandbox Evolving business models Follow-through Consistent government vision Involvement of development community Ability to see the next horizon

12 Cyber Security: Our game to lose The U.S. government does not take sufficient advantage of innovative technology except within black budgets. U.S. government is missing a river of innovative technology, and it is both broad and deep. No one technology missed is a crisis, but in the aggregate, the U.S. government is falling behind in what it could do and what it is expected to do to protect the nation from cyber security threat. America s Cyber Future Security and Prosperity in the Information Age

13 HOST Contact Department of Homeland Security Luke Berndt, Program Manager Cyber Security Division Science & Technology Directorate Open Technology Research Consortium Joshua Davis, Principal Investigator Georgia Tech Research Institute Cyber Technology & Information Security Laboratory