GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo

Public-Private Cooperation in Cybersecurity Research Strategy Development across the Globe A View from the U.S. Department of Homeland Security (DHS)

GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo

Envision a future ... in which universities and companies are free to research and develop new concepts and products … protecting their IP and valuable data

The United States is committed to helping build cybersecurity capacity. Enhancing national-level cybersecurity … is also essential to cultivating dynamic, international research communities able to take on next-generation challenges to cybersecurity

We will further promote collaborative science and technology research to enhance cybersecurity tools and capabilities

Background

3

178 5,815

4,360

178

61 3,479

440 34 National 24K stations

170

1,120

19,902

10,000

3,637

47

COMM/911 6,153

EMS - 21,283

LE - 17,985

Fire - 30,125

and similar health facilities

5,000

Colleges & Universities

6,900

Departments 14,800

Social Services 210,427

Utilities 16,960

327

Transportation 217,926

Public Works ~24,000

Media 14,650

Chemical, Oil and Gas 2,500

Restoration & Repair 402,440

>1.5 million NGOs

Veterinarians 21,731

Schools 132,656

Telecom & IT 11,000

Sports Facilities 1,965

State, Tribal, Local Govts 39,3130

Telematics Providers 16,960

Doctors’ Offices, Nursing Homes

19,286

EMPLOYERS 7,601,160

Mental Health Services 15,000

Federal Agencies 16,960

308,500

Insurance Companies

The Broad Homeland Security Enterprise

GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo

Cybersecurity Requirements Strategies 2003 2008 2009 2011 2012 2013

4

Call for Action Secure Protocols DNSSEC Secure Routing DETER security testbed PREDICT data repository

CNCI - Call for NICE

(Education) - Call for NSTIC

(Trusted Identities)

- Reinforce need for PREDICT data repository

S&T Produced National R&D Roadmap with community input Source for DHS S&T BAA, SBIR, and other solicitations

CNCI Tasks 4&9 S&T led via co-chair of CSIA IWG Significant inter-agency activities initiated by WH/NSS/OSTP

Implementation plan to accomplish goals of DHS QHSR 24 high priority capabilities needed NPPD-led, S&T involved

EO 13636: Improving Critical Infrastructure Cybersecurity PPD 21: Critical Infrastructure Security and Resilience

GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo

Cybersecurity Research Requirements Departmental Inputs • QHSR 2009 & 2014 • Blueprint • NPPD/CS&C/NCCIC • ICE HSI / IPR • USSS • CBP • USCG • TSA • DHS CIO/CISO

Councils

State/Local • S&T First Responders Group • First Responder Access Card • SWGDE (FBI)

CSD

International Collaborations

5

White House/NSS • National Strategy 2003 • Comprehensive National

Cybersecurity Initiative (CNCI) • EO 13636/PPD 21 • National CISR R&D Plan • Transition to Practice (TTP) • Cyber Economic Incentives

Research • National Initiative for

Cybersecurity Education (NICE)

Interagency Collaboration • Cyber Security and

Information Assurance (CSIA) IWG

• Cyber-Physical Systems (CPS) SSG

• Big Data SSG • Cyber Forensics WG

Critical Infrastructure Sectors (Private Sector) • Energy (Oil & Gas,

Electric Power) • Banking and Finance • Communications/IT • Cross-Sector Cyber

Security WG

GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo

CSD Mission & Strategy REQUIREMENTS

CSD MISSION Develop and deliver new technologies, tools and techniques to defend and secure

current and future systems and networks Conduct and support technology transition efforts Provide R&D leadership and coordination within the government, academia, private

sector and international cybersecurity community CSD STRATEGY

Trustworthy Cyber

Infrastructure

Cybersecurity Research

Infrastructure

Network & System Security

and Investigations

Cyber Physical Systems

Transition and Outreach

Government Venture Capital

IT Security Companies Open Source

International

Stakeholders Outreach Methods (Sampling) Technology Demonstrations

Program Reviews Speaking Engagements

Social Media Media Outreach

GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo

S&T International Agreements

• Canada (2004) • Australia (2004) • United Kingdom (2005) • Singapore (2007) • Sweden (2007) • Mexico (2008) • Israel (2008) • France (2008) • Germany (2009) • New Zealand (2010) • European Commission (2010) • Spain (2011) • Netherlands (2013)

Government-to-government cooperative activities for 13 bilateral Agreements

FY13-14: Over $6M of International co-funding (leveraging over $70M of U.S. funded efforts)

FY 15-16: Anticipating a similar amount, including some new countries

COUNTRY PROJECTS MONEY IN JOINT MONEY OUT Australia 3 $300K $400K Canada 11 $1.8M Germany 1 $300K Israel 2 $100K Netherlands 7 $450K $1.2M $150K Sweden 4 $650K United Kingdom 3 $1.0M $400K $200K New Zealand 1 Japan 1

GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo

Netherlands / US Co-Investment Models Netherlands US US Netherlands Netherlands US

Ongoing efforts 1) Modeling Internet Attacks 2) Improving Incident Response

Teams 3) Reducing the Challenges to

Investments in Private Sector.

Ongoing efforts 1) Process Control Systems/SCADA 2) Mobile malware 3) Cybercrime economic measures.

Ongoing efforts • Forensics project

Proposed efforts • BAA projects (2014 call)

o Mobile Technology Security

o Data Privacy o Cyber Physical System

Security (CPSSEC) o Distributed Denial of

Service Defenses

Proposed efforts • Identity, privacy and trust management • Malware and malicious infrastructures • Attack detection, attack prevention and

monitoring • Forensics and incident management • Data, Policy and Access Management • Cybercrime and the underground economy • Risk management, Economics, regulation • 2016 joint call

Proposed discussions • Human-centered cybersecurity • Internet situational awareness • Cybersecurity Metrics

GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo

2014 Broad Agency Announcement BAA released incl. to participating countries: https://baa2.st.dhs.gov • $95M over 5 year period

9

GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo

The LOGIIC Model of Government & Industry Partnership

Linking the Oil and Gas Industry to Improve Cyber Security

• LOGIIC is an ongoing collaboration of oil and natural gas companies and the U.S. Department of Homeland Security, Science and Technology Directorate.

• LOGIIC facilitates cooperative research, development, testing, and evaluation procedures to improve cybersecurity in industry digital control systems.

• LOGIIC promotes the interests of the sector while maintaining impartiality, the independence of the participants, and vendor neutrality

GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo

LOGIIC Consortium Breaks New Ground

• The Automation Federation (AF) serves as the LOGIIC host organization

• Member companies contribute financially and technically, provide personnel who meet regularly to define projects of common interest, and provide staff to serve on the LOGIIC Executive Committee.

• Current members of LOGIIC include BP, Chevron, Shell, Total, and other large oil and gas companies that operate significant global energy infrastructure.

GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo

LOGIIC – Operational Context

Project #1

Project #2

Project #3

Project #4

Project #N

Researchers

Vendors

Labs

DHS S&T ISA Automation Federation (AF)

(Legal Framework)

Outreach

Vendors

Industry

Standards Bodies

CI Owners and Operators

Findings

Current Members

Oil & Gas Sector Participating Companies

• Program Management • Subject Matter Expertise

• Access to Labs • Testing Facilities

• Independent Researchers

$$ $$

GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo

Summary • Cybersecurity research is a key area of innovation to support our global

economic and national security futures • CSD continues with an aggressive cyber security research agenda to solve

the cyber security problems of our current and future infrastructure and systems – Ever-increasing speed of technology change – Scope/complexity of the different areas of the problem – The balance of near-term versus longer-term R&D

• Will continue strong emphasis on technology transition • Will impact cyber education, training, and awareness of our current and future

cybersecurity workforce • Will continue to work internationally to find and deploy the best ideas and

solutions to real-world problems

GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo

Douglas Maughan douglas.maughan@hq.dhs.gov

GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo

Douglas Maughan douglas.maughan@hq.dhs.gov

GlobalConferenceonCyberSpace2015GlobalConferenceonCyberSpace2015GlobalConferenceo