Cyber Security Research and Development a Homeland Security Perspective

FBI ----------------------------------------- INFRAGARD National Conference ----------------------------------------- 2005 Cyber Security Research and Development a Homeland Security Perspective Annabelle Lee Science and Technology Directorate Department of Homeland Security Session 1 - August 9, 2005 1

Department of Homeland Security: Overview Secretary (Chertoff) Deputy Secretary (Jackson) Coast Guard United States Secret Service Citizenship & Immigration & Ombuds Civil Rights and Civil Liberties Legislative Affairs General Counsel Inspector General State & Local Coordination Private Sector Coordination International Affairs National Capital Region Coordination Counter-narcotics Small and Disadvantaged Business Privacy Officer Chief of Staff Information Analysis & Infrastructure Protection (Stephan) (acting) Science & Technology (McQueary) Border & Transportation Security (Beardsworth) (acting) Emergency Preparedness & Emergency Response (Brown) Management (Hale) 2

DHS Mission Prevent terrorist attacks within the US Reduce vulnerability Minimize damage, assist in recovery Enhance normal functions Ensure economic security is not diminished 3 You all know why DHS was formed-but you may not realize that the 144,000 feds that came into the department had day jobs - and that all of the security measures must be balanced with our national need for fresh fruit and new appliances and visiting friends and relatives and colleagues. 3

Science and Technology Directorate Science & Technology (McQueary, Under Secretary) Office of Programs, Plans, and Requirements (Kirk, Acting) Strategic, programmatic, budget planning Office of Research and Development (McCarthy) Stewardship of an enduring capability Homeland Security Advanced Research Projects Agency (Kubricky, Acting) Innovation, Adaptation, & Revolution Office of Systems Engineering & Development (Kubricky) Development Engineering, Production, & Deployment Planning Execution 4

S&T Directorate Responsibilities: Homeland Security Act of 2002 Advising the Secretary regarding... Identifying priorities for Establishing, conducting, and coordinating basic and applied research, development, testing and evaluation (RDT&E) activities that are relevant to any or all elements of the Department, through both intramural and extramural programs 5 5

Science and Technology Directorate - Mission Conduct, stimulate and enable research, development, test, evaluation, and timely transition of homeland security capabilities to federal, state, and local operational endusers Anticipate, prevent, respond to and recover from terrorist attacks Transfer technology and build capacity of federal, state, local operational end-users for all mission Provide the nation with a dedicated and enduring capability 6 Mission of S&T was mandated by statute in the Homeland Security Act of 2002. Develop, in consultation with the other elements, the national policy and strategy for coordinating USG efforts in HS. Also directed to coordinate and integrate all RDT&E within DHS, and to provide the systems engineering needed to support the missions. 6

Current Environment: Attackers Currently, there are significant advantages for an attacker: Increased dependence of our society on interconnected systems Required resources (funding, equipment, and training) are readily available Powerful attack tools are now available over the Internet to anyone who wants them Powerful, affordable computing platforms to launch sophisticated attacks are now available to the everyone Little skill or sophistication is required to initiate extremely harmful attacks 7 7

Current Environment: Attackers (concluded) Result: The sophistication of the attack is growing Also, the sophistication of the attackers is increasing The gap between an attackers' ability to attack and the defenders' ability to defend is widening 8 8

Current Environment: Threat and Vulnerability Trends The rate of development and deployment of malicious code has significantly increased. Underlying operating systems continue to contain undetected bugs. Because of the rate of technology change, development of new cyber security technology lags behind deployment of malicious code/technology Insiders continue to compromise sensitive information and information systems Because of the availability and pervasive use of the Internet Attack detection and response continues to play catch up Attribution of new attacks remains difficult 9 9

Current Environment: Threat and Vulnerability Trends (concluded) Ability to respond to cyber threats as they emerge Low cost of entry to information systems for adversaries Required resources (funding, equipment and training) are readily available Time to develop countermeasures is longer than time to attack Identifying "real" threats among the noise of traditional threats (high school hackers) is problematic 10 10

Current Environment: Technology Trends Economic pressures driving toward less robust/resilient infrastructure Redundancy and excess capacity that contributed to resiliency are decreasing with time Convergence in the telecommunications sector is eliminating the distinction between voice and data communications Critical communications become vulnerable to "Internet threats" Interconnectivity is increasing and will continue to increase over the next 10 years Outward facing networks becoming integrated with internal business networks, and even networks supporting critical functions/operations The need for cyber security underlies all security technologies that rely on information technology 11 11

Current Environment: Technology Trends (concluded) Economic pressures driving toward less robust/resilient infrastructure Redundancy and excess capacity that contributed to resiliency are decreasing with time Convergence in the telecommunications sector is eliminating the distinction between voice and data communications Critical communications become vulnerable to "Internet threats" Interconnectivity is increasing and will continue to increase over the next 10 years Outward facing networks becoming integrated with internal business networks, and even networks supporting critical functions/operations The need for cyber security underlies all security technologies that rely on information technology 12 12

Current Environment: DHS Cyber Security R&D Requirements Conduct R and D aimed at large-scale, highimpact cyber attacks Address cyber security R&D needs that are unique to critical infrastructure sectors, particularly those sectors that rely on the Internet Provide continuity of government to ensure safety of The government s cyber infrastructure and The assets required for supporting essential missions Support R and D that enables the private sector to better secure privately-owned portions of the Nation s critical infrastructure 13 13

Current Environment: DHS Cyber R&D Requirements (concluded) Provide a foundation for economicallyinformed, risk-based cyber security decision making Provide novel and next-generation secure information technology concepts and architectures Allocation of resources for R&D should not be driven only by imminent threat and known intent R&D planning must anticipate trends and expectations for the next 3 years, 5 years, 10 years 14 14

Portfolio Mission and Strategic Objectives Portfolio Mission Statement The Cyber Security R&D Portfolio will lead cyber security research, development, testing and evaluation endeavors to secure the Nation's critical information infrastructure, through coordinated efforts that will improve the security of the existing cyber infrastructure, and provide a foundation for a more secure infrastructure. Portfolio Strategic Objectives 1. Conduct research, development, testing, and evaluation of cyber security technology aimed at preventing, protecting against, detecting, responding to, and recovering from large-scale, high-impact cyber attacks. 2. Enable the creation of and migration to a more secure critical information infrastructure, through the development and use of more secure communication protocols. 15 15

Portfolio Mission and Strategic Objectives (continued) Portfolio Strategic Objectives (cont.) 3. Address cyber security R&D needs in support of DHS mission component needs (primarily the National Cyber Security Division and National Communications System in IAIP Directorate). 4. Address cyber security R&D needs that are unique to critical infrastructure sectors, particularly those that rely on the Internet to a great extent (Information and Telecommunications and Banking and Finance. In coordination with the CIP Portfolio, address the cross-cutting issue of securing process control systems). 5. Provide a foundation for the long-term goal of economically-informed, risk-based cyber security decision making. 6. Provide novel and next-generation secure information technology concepts and architectures through long-term research efforts. 16 16

Portfolio Mission and Strategic Objectives (concluded) Portfolio Strategic Objectives (concluded) 7. Actively pursue opportunities to serve as a catalyst for private sector activity, including public-private partnerships, as well as increased cooperation and communication among private sector companies and organizations.* 8. Actively pursue strategies for facilitating technology transfer and diffusion of Federally-funded R&D into commercial products and services, and private sector use.* 9. Coordinate research, development, testing, and evaluation activities with related ongoing activities at other Federal agencies.* * These objectives are not reflected in desired technical capabilities, but are firmly embedded in portfolio planning, execution, and outreach strategies. 17 17

Requirement Development and Prioritization The primary criteria for inclusion are: Role of government in R&D, relevance to DHS mission, customer requirements and related mandates, need to bridge R&D gaps, and threats More specifically: Direct relevance to the DHS mission Foundational and infrastructural needs receive early priority because they are broad-based, cross-cutting, and have long lead times Priority is placed on needs identified in high-level policy documents (e.g., National Strategy to Secure Cyberspace). Requests for capability via requirements from DHS-internal customers are given increased priority 18 18

Requirement Development and Prioritization (concluded) Problems identified as fundamentally hard problems by recognized R&D agendas and R&D needs documents R&D areas where the government has a perceived role as a neutral broker to catalyze private sector cooperation R&D areas that are more aligned with missions of other agencies are given lower priority or not considered. Emphasis placed on R&D areas where there are Federal R&D investment gaps Threat intelligence information is factored into priorities R&D areas where the private sector is very active and making progress are given lower priority or not included 19 19

Cyber Security Portfolio: FY04 Forward Securing infrastructural protocols Securing the Domain Name System (DNSSEC) and Internet routing protocols Cyber security testbeds Large scale testbed network and software testing framework (DETER/EMIST Cyber DEfense Technology Experimental Research/Evaluation Methods for Internet Security Technology) Large-scale data sets for security testing Essential for supporting development of cyber security metrics (PREDICT A Protected REpository for Defense of Infrastructure against Cyber Threats) Economic assessment activities Provide a foundation for risk-based decisions 20 20

Cyber Security Portfolio: FY04 Forward Homeland Security Advanced Research Projects Agency (HSARPA) Cyber Security Broad Area Announcement (BAA 04-17) A critical area of focus for DHS is the development and deployment of technologies to protect the nation s cyber infrastructure including the Internet and other critical infrastructures. The goals are: To perform R&D aimed at improving the security of existing deployed technologies and to ensure the security of new emerging systems; To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation s critical information infrastructure. To facilitate the transfer of these technologies into the national infrastructure as a matter of urgency. http://www.hsarpabaa.com 21 21

Cyber Security Portfolio: FY04 Forward BAA Technical Topic Areas (TTAs) System Security Engineering Vulnerability Prevention Tools and techniques for better software development Vulnerability Discovery and Remediation Tools and techniques for analyzing software to detect security vulnerabilities Cyber Security Assessment Develop methods and tools for assessing the cyber security of information systems Security of Operational Systems Security and Trustworthiness for Critical Infrastructure (CI) Protection 1) Automated security vulnerability assessments for CI systems 2) Improvements in system robustness of critical infrastructure systems 22 22

Cyber Security Portfolio: FY04 Forward BAA TTAs (concluded) Security of Operational Systems Wireless Security Security tools/products for today s networks Solutions and standards for next generation networks Investigative and Prevention Technologies Network Attack Forensics Tools and techniques for attack traceback Technologies to Defend against Identity Theft R&D of tools and techniques for defending against identity theft and other financial systems attacks, e.g., phishing 23 23

Cyber Security Portfolio: FY04 Forward BAA Project/Proposal Structure Type I (New Technologies) New technologies with an applied research phase, a development phase, and a deployment phase (optional) Funding not to exceed 36 months (including deployment phase) Type II (Prototype Technologies) More mature prototype technologies with a development phase and a deployment phase (optional) Funding not to exceed 24 months (including deployment phase) Type III (Mature Technologies) Mature technology with a deployment phase only. Funding not to exceed 12 months NOTE: Deployment Phase = Test, Evaluation, and Pilot deployment in DHS customer environments 24 24

Cyber Security Portfolio: FY04 Forward FY04 Small Business Innovative Research (SBIR) topics Cross-Domain Attack Correlation Technologies Real-time Malicious Code Detection Identification 25 25

Cyber Security R&D Portfolio Goals: FY06 Development of next-generation cyber security technologies Address functional cyber security needs in a variety of topic areas aimed at preventing, protecting against, detecting, and responding to cyber attacks Strategy: define technical areas of interest and allow university and private sector researchers to submit their best and most innovative ideas Experiments and Exercises Focus on cyber security technology experiments and pilot projects, and supports DHS S&T participation in cyber security exercises Objective: to support the use of next-generation cyber security technologies Assessments Conduct studies and holding workshops 26 26

Setting the Federal Government R&D Agenda Cyber Security and Information Assurance Interagency Working Group Responding to Homeland Security Presidential Directive 7 Membership includes over 20 organizations from 12 departments/agencies Developing a coordinated interagency Federal Plan for Cyber Security R&D InfoSec Research Council (IRC) Revisiting the IRC Hard Problems List: 5-10 year problems that require sustained R&D investments 27 27

Improving the Nation s Cyber Security More capable people Increased use of security technology in existing infrastructure Development of more inherently secure technology for new infrastructures Identification of migration paths from existing to next-generation infrastructures Better foundations for risk-based technology investments requires understanding of risk and economic issues 28 28

Tackling Cyber Security Challenges: Business Not as Usual Strong mission focus (avoid mission creep) Close coordination with other Federal agencies Outreach to communities outside of the Federal government International contacts State and local governments Building public/private partnerships Strong emphasis on technology diffusion and technology transfer Migration paths to a more secure infrastructure Awareness of economic realities 29 29

The Way Forward. Securing our cyber systems is critical not only to ensure a way of life to which we ve grown accustomed, but more importantly to protect the vast infrastructure these systems support and operate. Secretary Chertoff: July 28, 2005 Commonwealth Club of California 30 30

Questions? Annabelle Lee Acting Director, Cyber Security R&D 202.254.5875 202.557.5916 (cell) annabelle.lee@dhs.gov 31