View
212
Download
0
Category
Preview:
Citation preview
Federal CybersecurityResearch Agenda
June 2010
Dawn Meyerriecksdawn.c.meyerriecks@ugov.gov
Mission Spectrum
Hard Targets through Nation Building & Stabilization
Democratization of Technology
diydrones.com
lava-amp.com
local-motors.com
IT Mission Impacts
ODS
OIF
Kn
ow
led
ge
Sp
eed
Pre
cisi
on
Let
hal
ity
(A
ir 2
Gn
d O
PS
)
3200 ISRSortie Hours
RESULTS
1700 ISRSortie Hours
3X InfoHalf of the Hours
Footprint
7 Mos Buildup
< 3 Mos Buildup
Footprint# Ships
Msn Achieve tSpeed of Mnvr
10 % PGMs~ 30 SOF Teams
70 % PGMs~ 100 SOF Teams
PrecisionDecisions
Collat DamRQD Ord
10 % Integ Ops4 Acft/Tgt
90 % Integ Ops1 Acft/4 Tgt
EconomyOf Force
Heavy OrdRqmts
Scope
Cybersecurity: measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack.
<which underpins>
Information Assurance: the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes.
Federal Cybersecurity Research Agenda
Tailored Trustworthy Spaces: supporting context-specific trust decisions
Moving Target: providing resilience through agility
Cyber Economics: providing incentives to good security
Tailored Trustworthy Space
• Flexible, distributed trust environment – Akin to physical world, where expectations and behaviors are based on
context User Empowerment via Edge Innovation
– Home, School, Library, Bank, Theatre, Church
• Enabling Informed Trust Decisions– Context-Specific Trust Services– Coherent Policy Implementation– Visible Rules & Attributes
• Challenges– Identifying Dimensions of a Tailored, Trustworthy Space– Policy Specification & Management– Validation of Platform Integrity– Violation Detection– Verifiable Separation of Spaces
Moving Target
• Controlled Change across Multiple System Dimensions– Increase uncertainty and apparent complexity for attackers, reduce their
windows of opportunity, increase their costs in time and effort– Increase resiliency and fault tolerance within a system
• Assumptions– All systems are compromised & perfect security is unattainable– Defensible systems, rather than perfectly secure– An adversarial science
• Challenges– Managing Moving Target Systems– Smart Movement– Developing the Ecosystem to Support Agility
Cyber Economic Incentives
• Impacts and Incentives– Motivators: Common good, Ease of Use (NOT Insurance)– Data-driven– Support for “personal data ownership”
• Enablers– Science-based Understanding of Market, Decision-Making and
Investment Motivation– Creation of Environments where Deployment of Security
Technology is Balanced
• Challenges– Legal and Ethical Collection, Protection Distribution– Lack of Data to Support Economic Analysis– Personal Information and Behavior– Empower of Critical Infrastructure Providers
Opportunities
• CLARITY– Clearly scope problem and potential solution– Don’t oversell!!
• REAL, COLLECTIVE INNOVATION– Traditional & Non-Traditional Partnering– Traditional & Non-Traditional Sourcing– Factor in “soft” as well as hard sciences
• COMMENT– FORUM: http://cybersecurity.nitrd.gov– eMail: cybersecurity@nitrd.gov
The Tech Community Must:
• Demonstrably Focus on Mission Outcomes
• Solve Problems Collaboratively
• Innovate Relentlessly
Catalyze delivery of innovative technology-based capabilities solving intelligence challenges.
Recommended