Douglas Maughan - Security Innovation Network
Download
Report
Transcript Douglas Maughan - Security Innovation Network
Homeland Security Advanced Research Projects Agency
Improving Cyber Innovation Intake
into the Federal Government
Douglas Maughan, Ph.D.
Division Director
October 24, 2012
http://www.cyber.st.dhs.gov
DHS S&T Mission
Strengthen America’s security and resiliency by providing
knowledge products and innovative technology solutions for
the Homeland Security Enterprise
1) Create new technological capabilities and knowledge products
2) Provide Acquisition Support and Operational Analysis
3) Provide process enhancements and gain efficiencies
4) Evolve US understanding of current and future homeland security risks and
opportunities
2
CSD R&D Execution Model
Successes
•
Ironkey – Secure USB
–
•
Komoku – Rootkit Detection
Technology
–
•
Research
Development
Test and Evaluation &
Transition (RDTE&T)
Acquired by McAfee
Stanford – Anti-Phishing
Technologies
–
•
Over 100 pilot deployments as
part of Cyber Forensics
Endeavor Systems – Malware
Analysis tools
–
•
Acquired by Microsoft
HBGary – Memory and Malware
Analysis
–
•
Standard Issue to S&T
employees from S&T CIO
Open source; most browsers
have included Stanford R&D
Secure Decisions – Data
Visualization
–
Pilot with DHS/NCSD/US-CERT;
Acquisition
Programs for U. S. Small Business
Small Business Innovation Research
•2.5%
(SBIR)
Set-aside program for small business concerns to
engage in federal R&D -- with potential for
commercialization
Small Business Technology Transfer
•.3%
(STTR)
Set-aside program to facilitate cooperative R&D between
small business concerns and research institutions -- with
potential for commercialization
SBIR - A 3 Phase Program
•PHASE I
• Feasibility Study
• $100K (in general) and 6 month effort (amounts are changing)
•PHASE II
• Full Research/R&D
• $750K and 24 month effort (amounts are changing)
• Commercialization plan required
•PHASE III
• Commercialization Stage
• Use of non-SBIR Funds
Agency SBIR Differences
Number and timing of solicitations
R&D Topic Areas – Broad vs. Focused
Dollar Amount of Award (Phase I and II)
Proposal preparation instructions
Financial details (e.g., Indirect Cost Rates)
Proposal review process
Proposal success rates
Types of award
Commercialization assistance
And more…………
Small Business Innovative Research (SBIR)
FY04
FY06
Hardware-assisted System Security
Monitoring (4)
FY09
Large-Scale Network Survivability,
Rapid Recovery, and Reconstitution (1)
FY11
Software Testing and Vulnerability
Analysis (3)
FY10
FY05
Cross-Domain Attack Correlation
Technologies (2)
Real-Time Malicious Code
Identification (2)
Advanced SCADA and Related
Distributed Control Systems (5)
Mobile Device Forensics (1)
FY12
Moving Target Defense (CNCI Topic)
Solid State Drive Analysis
Network-based Boundary Controllers
(3)
Botnet Detection and Mitigation (4)
FY07
Secure and Reliable Wireless
Communication for Control Systems (2)
7
Small Business Innovative Research (SBIR)
Important program for creating new innovation and
accelerating transition into the marketplace
Since 2004, DHS S&T Cyber Security has had:
63 Phase I efforts
28 Phase II efforts
5 Phase II efforts currently in progress
9 commercial/open source products available
Four acquisitions
Komoku, Inc. (MD) acquired by Microsoft in March 2008
Endeavor Systems (VA) acquired by McAfee in January 2009
Solidcore (CA) acquired by McAfee in June 2009
HBGary (CA) acquired by ManTech in February 2012
8
Cyber Security R&D Broad Agency
Announcement (BAA)
Delivers both near-term and medium-term solutions
To develop new and enhanced technologies for the detection of,
prevention of, and response to cyber attacks on the nation’s critical
information infrastructure, based on customer requirements
To perform research and development (R&D) aimed at improving the
security of existing deployed technologies and to ensure the
security of new emerging cybersecurity systems;
To facilitate the transfer of these technologies into operational
environments.
Proposals Received According to 3 Levels of Technology Maturity
Type I (New Technologies)
Applied Research Phase
Development Phase
Demo in Op Environ.
Funding ≤ $3M & 36 mos.
Type II (Prototype Technologies)
More Mature Prototypes
Development Phase
Demo in Op Environ.
Funding ≤ $2M & 24 mos.
Type III (Mature Technologies)
Mature Technology
Demo Only in Op Environ.
Funding ≤ $750K & 12 mos.
Note: Technology Demonstrations = Test,
Evaluation, and Pilot deployment in
DHS “customer” environments
9
BAA 11-02 Technical Topic Areas (TTAs)
TTA-1
Software Assurance
DHS, FSSCC
TTA-2
Enterprise-Level Security Metrics
DHS, FSSCC
TTA-3
Usable Security
DHS, FSSCC
TTA-4
Insider Threat
DHS, FSSCC
TTA-5
Resilient Systems and Networks
DHS, FSSCC
TTA-6
Modeling of Internet Attacks
DHS
TTA-7
Network Mapping and Measurement
DHS
TTA-8
Incident Response Communities
DHS
TTA-9
Cyber Economics
CNCI
TTA-10
Digital Provenance
CNCI
TTA-11
Hardware-Enabled Trust
CNCI
TTA-12
Moving Target Defense
CNCI
TTA-13
Nature-Inspired Cyber Health
CNCI
TTA-14
Software Assurance MarketPlace (SWAMP)
S&T
224 Full Proposals encouraged
Int’l participation from AUS,
UK, CA, NL, SWE
34 Awards – Sep/Oct 2012
Over $4M of joint funding
1003 White Papers
10
HOST Program
HOST = Homeland Open Security Technology
Closing government cybersecurity gaps by sponsoring
open source projects
Suricata Intrusions Detection System
OpenSSL FIPS validation
…and helping government be able to find and deploy
existing open source cybersecurity solutions
Inventory of solutions, opencybersecurity.org
Use cases & lessons learned reports
Improved policy
11
Open Information Security Foundation
and Suricata
A new model for managing and
sustaining innovation
A non-profit to develop and “own” the
code
Software Freedom Law Center created
the License pro bono
A consortium of companies providing
support in exchange for not having to
release changes
Ground-up rewrite
Multi-Threaded
Automated Protocol Detection
File Identification and Extraction
GPU Acceleration
~$1.2m in DHS funding was matched by ~$8m in commercial sponsorship
12
Let us know how we can
work together
Include your open source efforts in our inventory
Project owners maintain small .xml, we crawl for updates
Let us know of projects that Gov should be using so we
can share them with other Gov agencies
Let us know if there are some successes that would
make a good case study
Let us know of open source cybersecurity projects that
might benefit from some government funding
13
Federal Cybersecurity R&D Strategic Plan
• Science of Cyber Security
• Research Themes
–
–
–
–
Tailored Trustworthy Spaces
Moving Target Defense
Cyber Economics and Incentives
Designed-In Security (New for FY12)
• Transition to Practice
– Technology Discovery
– Test & Evaluation / Experimental
Deployment
Released Dec 6, 2011
– Transition / Adoption / Commercialization http://www.whitehouse.gov/blog/2011/12/06/
• Support for National Priorities
federal-cybersecurity-rd-strategic-plan-released
– Health IT, Smart Grid, NSTIC (Trusted
Identity), NICE (Education), Financial
Services
14
TTP Program Focus Areas
Identify
Identify cyber security research that is at Technical
Readiness Level (TRL) 5 or higher that can be projected into
the Homeland Security Enterprise and beyond
Implement
Partner with the IT operations groups within the Homeland
Security Enterprise to pilot the cybersecurity technologies
that are identified
Introduce
Partner with the private sector to commercialize
technology to bring the innovation to a broader audience
•15
Transition To Practice Program Focus
R&D Sources
• DOE National
Labs
• FFRDC’s (Federally
Funded R&D Centers)
• Academia
• Small Business
Transition
processes
• Testing &
evaluation
• Red Teaming
• Pilot
deployments
Utilization
•
•
•
•
Open Sourcing
Licensing
New Companies
Adoption by cyber
operations
analysts
• Direct privatesector adoption
• Government use
•16
Transition to Practice Activities
• Tech Foraging
– Travel to National Labs to meet researchers and view
demonstrations of mature cybersecurity research
• Networking
– Attend conferences and workshops
– Brief industry organizations such as the CTIA – The Wireless
Association and the Bay Area Council on Transition to
Practice
• Demonstrate Technology
– Hold Demonstration Days for critical infrastructure sectors:
• Federal Government
• Financial Industry
• Others
•17
Transition to Practice Activities
• Test and Evaluation and Red Teaming
– TTP will fund the Test and Evaluation and Red Teaming of all
technologies it works with
• The results of the T&E and Red Teaming will be provided to the
research teams to make improvements if need be
• Piloting
– Work with the public and private sector to pilot technology in
production environments
• Funding
– Fund incremental improvements to promising technologies
– Assist operational partners in funding pilots
– Assist in funding the transition to market
• Business plan development
•18
DHS S&T Long Range Broad Agency
Announcement (LRBAA) 12-07
S&T seeks R&D projects for revolutionary, evolving, and maturing
technologies that demonstrate the potential for significant
improvement in homeland security missions and operations
Offerors can submit a pre-submission inquiry prior to White Paper
submission that is reviewed by an S&T Program Manager
CSD has 14 Topic Areas (CSD.01 – CSD.14) – SEE NEXT SLIDE
LRBAA 12-07 Closes on 12/31/12 at 11:59 PM
S&T BAA Website: https://baa2.st.dhs.gov
Additional information can be found on the Federal Business
Opportunities website (www.fbo.gov) (Solicitation #:DHSSTLRBAA12-07)
19
LRBAA Summary Listing
CSD.01 – Comprehensive National
Cybersecurity Initiative and Federal
R&D Strategic Plan topics
CSD.02 – Internet Infrastructure
Security
CSD.03 – National Research
Infrastructure
CSD.04 –Homeland Open Security
Technology
CSD.05 – Forensics support to law
enforcement
CSD.06 – Identity Management
CSD.07 – Data Privacy and
Information Flow technologies.
CSD.08 – Software Assurance
CSD.09 – Cyber security
competitions and education and
curriculum development.
CSD.10 – Process Control Systems
and Critical Infrastructure Security
CSD.11 – Internet Measurement and
Attack Modeling
CSD.12 – Securing the mobile
workforce
CSD.13 - Security in cloud based
systems
CSD.14 – Experiments –
Technologies developed through
federally funded research requiring
test and evaluation in experimental
operational environments to facilitate
transition.
20
Issues Encountered
Overall Business Plan
I’ve got a hammer syndrome – DHS/DOD SBIR
Especially difficult for the academics
Chicken and Egg problems
Always a problem for the first time technology provider
Testing Infrastructure and “Guinea Pigs”
At the core of the scaling problem
Building up the list of willing partners
•21
Annual Report and Research Topics
•
•
•
•
Cyber Security
Division
FY 2011 Annual Report
•
•
•
•
•
Security in Cloud-based Systems
Data Privacy
Mobile and Wireless Security
(Big) Data Analytics for Cyber
Security Applications
Embedded Device Security (e.g.,
CPS, medical, vehicle)
Network Attribution / Traceback
System Composition
Cyber Forensics
Cyber Education / Curriculum
Available
NOW!
22
Summary
Cybersecurity research is a key area of innovation needed to
support our future
DHS S&T continues with an aggressive cyber security research
agenda
Working to solve the cyber security problems of our current (and future)
infrastructure and systems
Working with academe and industry to improve research tools and
datasets
Looking at future R&D agendas with the most impact for the nation,
including education
Need to continue strong emphasis on technology transfer and
experimental deployments
23
Douglas Maughan, Ph.D.
Division Director
Cyber Security Division
Homeland Security Advanced
Research Projects Agency (HSARPA)
[email protected]
202-254-6145 / 202-360-3170
For more information, visit
http://www.cyber.st.dhs.gov
24