Douglas Maughan - Security Innovation Network

Report
Homeland Security Advanced Research Projects Agency
Improving Cyber Innovation Intake
into the Federal Government
Douglas Maughan, Ph.D.
Division Director
October 24, 2012
http://www.cyber.st.dhs.gov
DHS S&T Mission
Strengthen America’s security and resiliency by providing
knowledge products and innovative technology solutions for
the Homeland Security Enterprise
1) Create new technological capabilities and knowledge products
2) Provide Acquisition Support and Operational Analysis
3) Provide process enhancements and gain efficiencies
4) Evolve US understanding of current and future homeland security risks and
opportunities
2
CSD R&D Execution Model
Successes
•
Ironkey – Secure USB
–
•
Komoku – Rootkit Detection
Technology
–
•
Research
Development
Test and Evaluation &
Transition (RDTE&T)
Acquired by McAfee
Stanford – Anti-Phishing
Technologies
–
•
Over 100 pilot deployments as
part of Cyber Forensics
Endeavor Systems – Malware
Analysis tools
–
•
Acquired by Microsoft
HBGary – Memory and Malware
Analysis
–
•
Standard Issue to S&T
employees from S&T CIO
Open source; most browsers
have included Stanford R&D
Secure Decisions – Data
Visualization
–
Pilot with DHS/NCSD/US-CERT;
Acquisition
Programs for U. S. Small Business
Small Business Innovation Research
•2.5%
(SBIR)
Set-aside program for small business concerns to
engage in federal R&D -- with potential for
commercialization
Small Business Technology Transfer
•.3%
(STTR)
Set-aside program to facilitate cooperative R&D between
small business concerns and research institutions -- with
potential for commercialization
SBIR - A 3 Phase Program
•PHASE I
• Feasibility Study
• $100K (in general) and 6 month effort (amounts are changing)
•PHASE II
• Full Research/R&D
• $750K and 24 month effort (amounts are changing)
• Commercialization plan required
•PHASE III
• Commercialization Stage
• Use of non-SBIR Funds
Agency SBIR Differences
Number and timing of solicitations
R&D Topic Areas – Broad vs. Focused
Dollar Amount of Award (Phase I and II)
Proposal preparation instructions
Financial details (e.g., Indirect Cost Rates)
Proposal review process
Proposal success rates
Types of award
Commercialization assistance
And more…………
Small Business Innovative Research (SBIR)

FY04




FY06



Hardware-assisted System Security
Monitoring (4)
FY09



Large-Scale Network Survivability,
Rapid Recovery, and Reconstitution (1)
FY11


Software Testing and Vulnerability
Analysis (3)
FY10

FY05


Cross-Domain Attack Correlation
Technologies (2)
Real-Time Malicious Code
Identification (2)
Advanced SCADA and Related
Distributed Control Systems (5)

Mobile Device Forensics (1)
FY12


Moving Target Defense (CNCI Topic)
Solid State Drive Analysis
Network-based Boundary Controllers
(3)
Botnet Detection and Mitigation (4)
FY07

Secure and Reliable Wireless
Communication for Control Systems (2)
7
Small Business Innovative Research (SBIR)
 Important program for creating new innovation and
accelerating transition into the marketplace
 Since 2004, DHS S&T Cyber Security has had:





63 Phase I efforts
28 Phase II efforts
5 Phase II efforts currently in progress
9 commercial/open source products available
Four acquisitions
 Komoku, Inc. (MD) acquired by Microsoft in March 2008
 Endeavor Systems (VA) acquired by McAfee in January 2009
 Solidcore (CA) acquired by McAfee in June 2009
 HBGary (CA) acquired by ManTech in February 2012
8
Cyber Security R&D Broad Agency
Announcement (BAA)
 Delivers both near-term and medium-term solutions
 To develop new and enhanced technologies for the detection of,
prevention of, and response to cyber attacks on the nation’s critical
information infrastructure, based on customer requirements
 To perform research and development (R&D) aimed at improving the
security of existing deployed technologies and to ensure the
security of new emerging cybersecurity systems;
 To facilitate the transfer of these technologies into operational
environments.
 Proposals Received According to 3 Levels of Technology Maturity
Type I (New Technologies)
 Applied Research Phase
 Development Phase
 Demo in Op Environ.
 Funding ≤ $3M & 36 mos.
Type II (Prototype Technologies)
 More Mature Prototypes
 Development Phase
 Demo in Op Environ.
 Funding ≤ $2M & 24 mos.
Type III (Mature Technologies)
 Mature Technology
 Demo Only in Op Environ.
 Funding ≤ $750K & 12 mos.
Note: Technology Demonstrations = Test,
Evaluation, and Pilot deployment in
DHS “customer” environments
9
BAA 11-02 Technical Topic Areas (TTAs)
TTA-1
Software Assurance
DHS, FSSCC
TTA-2
Enterprise-Level Security Metrics
DHS, FSSCC
TTA-3
Usable Security
DHS, FSSCC
TTA-4
Insider Threat
DHS, FSSCC
TTA-5
Resilient Systems and Networks
DHS, FSSCC
TTA-6
Modeling of Internet Attacks
DHS
TTA-7
Network Mapping and Measurement
DHS
TTA-8
Incident Response Communities
DHS
TTA-9
Cyber Economics
CNCI
TTA-10
Digital Provenance
CNCI
TTA-11
Hardware-Enabled Trust
CNCI
TTA-12
Moving Target Defense
CNCI
TTA-13
Nature-Inspired Cyber Health
CNCI
TTA-14
Software Assurance MarketPlace (SWAMP)
S&T
 224 Full Proposals encouraged
 Int’l participation from AUS,
UK, CA, NL, SWE
 34 Awards – Sep/Oct 2012
 Over $4M of joint funding
 1003 White Papers
10
HOST Program
HOST = Homeland Open Security Technology
Closing government cybersecurity gaps by sponsoring
open source projects
 Suricata Intrusions Detection System
 OpenSSL FIPS validation
…and helping government be able to find and deploy
existing open source cybersecurity solutions
 Inventory of solutions, opencybersecurity.org
 Use cases & lessons learned reports
 Improved policy
11
Open Information Security Foundation
and Suricata
 A new model for managing and
sustaining innovation
 A non-profit to develop and “own” the
code
 Software Freedom Law Center created
the License pro bono
 A consortium of companies providing
support in exchange for not having to
release changes
 Ground-up rewrite
 Multi-Threaded
 Automated Protocol Detection
 File Identification and Extraction
 GPU Acceleration
~$1.2m in DHS funding was matched by ~$8m in commercial sponsorship
12
Let us know how we can
work together
 Include your open source efforts in our inventory
 Project owners maintain small .xml, we crawl for updates
 Let us know of projects that Gov should be using so we
can share them with other Gov agencies
 Let us know if there are some successes that would
make a good case study
 Let us know of open source cybersecurity projects that
might benefit from some government funding
13
Federal Cybersecurity R&D Strategic Plan
• Science of Cyber Security
• Research Themes
–
–
–
–
Tailored Trustworthy Spaces
Moving Target Defense
Cyber Economics and Incentives
Designed-In Security (New for FY12)
• Transition to Practice
– Technology Discovery
– Test & Evaluation / Experimental
Deployment
Released Dec 6, 2011
– Transition / Adoption / Commercialization http://www.whitehouse.gov/blog/2011/12/06/
• Support for National Priorities
federal-cybersecurity-rd-strategic-plan-released
– Health IT, Smart Grid, NSTIC (Trusted
Identity), NICE (Education), Financial
Services
14
TTP Program Focus Areas
Identify
 Identify cyber security research that is at Technical
Readiness Level (TRL) 5 or higher that can be projected into
the Homeland Security Enterprise and beyond
Implement
 Partner with the IT operations groups within the Homeland
Security Enterprise to pilot the cybersecurity technologies
that are identified
Introduce
 Partner with the private sector to commercialize
technology to bring the innovation to a broader audience
•15
Transition To Practice Program Focus
R&D Sources
• DOE National
Labs
• FFRDC’s (Federally
Funded R&D Centers)
• Academia
• Small Business
Transition
processes
• Testing &
evaluation
• Red Teaming
• Pilot
deployments
Utilization
•
•
•
•
Open Sourcing
Licensing
New Companies
Adoption by cyber
operations
analysts
• Direct privatesector adoption
• Government use
•16
Transition to Practice Activities
• Tech Foraging
– Travel to National Labs to meet researchers and view
demonstrations of mature cybersecurity research
• Networking
– Attend conferences and workshops
– Brief industry organizations such as the CTIA – The Wireless
Association and the Bay Area Council on Transition to
Practice
• Demonstrate Technology
– Hold Demonstration Days for critical infrastructure sectors:
• Federal Government
• Financial Industry
• Others
•17
Transition to Practice Activities
• Test and Evaluation and Red Teaming
– TTP will fund the Test and Evaluation and Red Teaming of all
technologies it works with
• The results of the T&E and Red Teaming will be provided to the
research teams to make improvements if need be
• Piloting
– Work with the public and private sector to pilot technology in
production environments
• Funding
– Fund incremental improvements to promising technologies
– Assist operational partners in funding pilots
– Assist in funding the transition to market
• Business plan development
•18
DHS S&T Long Range Broad Agency
Announcement (LRBAA) 12-07
 S&T seeks R&D projects for revolutionary, evolving, and maturing
technologies that demonstrate the potential for significant
improvement in homeland security missions and operations
 Offerors can submit a pre-submission inquiry prior to White Paper
submission that is reviewed by an S&T Program Manager




CSD has 14 Topic Areas (CSD.01 – CSD.14) – SEE NEXT SLIDE
LRBAA 12-07 Closes on 12/31/12 at 11:59 PM
S&T BAA Website: https://baa2.st.dhs.gov
Additional information can be found on the Federal Business
Opportunities website (www.fbo.gov) (Solicitation #:DHSSTLRBAA12-07)
19
LRBAA Summary Listing







CSD.01 – Comprehensive National
Cybersecurity Initiative and Federal
R&D Strategic Plan topics
CSD.02 – Internet Infrastructure
Security
CSD.03 – National Research
Infrastructure
CSD.04 –Homeland Open Security
Technology
CSD.05 – Forensics support to law
enforcement
CSD.06 – Identity Management
CSD.07 – Data Privacy and
Information Flow technologies.







CSD.08 – Software Assurance
CSD.09 – Cyber security
competitions and education and
curriculum development.
CSD.10 – Process Control Systems
and Critical Infrastructure Security
CSD.11 – Internet Measurement and
Attack Modeling
CSD.12 – Securing the mobile
workforce
CSD.13 - Security in cloud based
systems
CSD.14 – Experiments –
Technologies developed through
federally funded research requiring
test and evaluation in experimental
operational environments to facilitate
transition.
20
Issues Encountered
 Overall Business Plan

I’ve got a hammer syndrome – DHS/DOD SBIR

Especially difficult for the academics
 Chicken and Egg problems

Always a problem for the first time technology provider
 Testing Infrastructure and “Guinea Pigs”

At the core of the scaling problem

Building up the list of willing partners
•21
Annual Report and Research Topics
•
•
•
•
Cyber Security
Division
FY 2011 Annual Report
•
•
•
•
•
Security in Cloud-based Systems
Data Privacy
Mobile and Wireless Security
(Big) Data Analytics for Cyber
Security Applications
Embedded Device Security (e.g.,
CPS, medical, vehicle)
Network Attribution / Traceback
System Composition
Cyber Forensics
Cyber Education / Curriculum
Available
NOW!
22
Summary
 Cybersecurity research is a key area of innovation needed to
support our future
 DHS S&T continues with an aggressive cyber security research
agenda
 Working to solve the cyber security problems of our current (and future)
infrastructure and systems
 Working with academe and industry to improve research tools and
datasets
 Looking at future R&D agendas with the most impact for the nation,
including education
 Need to continue strong emphasis on technology transfer and
experimental deployments
23
Douglas Maughan, Ph.D.
Division Director
Cyber Security Division
Homeland Security Advanced
Research Projects Agency (HSARPA)
[email protected]
202-254-6145 / 202-360-3170
For more information, visit
http://www.cyber.st.dhs.gov
24

similar documents