Homeland Security Advanced Research Projects Agency
A View from Washington: The
Latest in Cyber Security
November 7, 2013
TCIPG Annual Meeting
Douglas Maughan
Division Director
http://www.dhs.gov/cyber-research
Presenter’s Name June 17, 2003
Presentation Outline
Threat Space
National / Federal Activities
DHS Activities
Cyber Security Division (CSD) Overview
What’s Ahead
Summary
Q&A
2
Environment: Greater Use of Technology,
More Threats, Less Resources
Globalization &
Transportation
Natural Disasters
& Pushing
Beyond Design
Limits
Misuse of
Technology
Border Security
& Immigration
Cyber Domain
L
E
S
S
R
E
S
O
U
R
C
E
S
MORE THREATS
Violent
Extremism
Nature of
Innovation
Both sides get
to innovate Predictive &
Reactive
Aviation as an
example …
Low cost
of entry
Strategic
potential
Anywhere in the
world in 24 hours
Historical
Perspective
Tenuous
balance
Insider
Threat
“Cyber” – Where is it used?
Business / Personal
Shopping & Banking Point of Sale (in store or on line)
Personnel
Social Media
…
DHS
provides
advice and
alerts to the
16 critical
infrastructure
areas …
… DHS
collaborates
with sectors
through Sector
Coordinating
Councils (SCC)
X X
Presenter’s Name June 17, 2003
Cyber Threat Sources Ready to Exploit Weaknesses
Nation States
Hackers/Hacktivists
Cyber Criminals
Insider Threats
Terrorists, DTOs, etc.
Presenter’s Name June 17, 2003
Malware – Malicious software to disrupt computers
Viruses, worms, …
Theft of Intellectual Property or Data
Hactivism – Cyber protests that are socially or politically motivated
Mobile Devices and Applications and their associated Cyber Attacks
Social Engineering – Entice users to click on Malicious Links
Spear Phishing – Deceptive communications (E-Mails, Texts, Tweets…)
Domain Name System (DNS) Hijacking
Router Security – BGP Hijacking
Denial of Service (DOS) – blocking access to web sites
Others …..
6
Cyber Threats
Presenter’s Name June 17, 2003
Recent Events
7
Presenter’s Name June 17, 2003
Targeting of DHS through Email The primary method of specifically targeting
DHS is through phishing emails
Emails contain malicious attachment or link
Recipients often “BCCed”
A single compromise can provide an attacker
with a foothold for complete network access
Notable Targeted Email Statistics:
60% of malicious emails sent from Gmail
Account names are believable
17% spoof other Government agencies
Total Emails per Year
2010 – 1108 emails (143 campaigns)
2011 – 1312 emails (157 campaigns)
2012 – 1497 emails (102 campaigns)
Targeted Malicious Email
Detection and Response
2012 - Average new campaign every 3.6 days
Presenter’s Name June 17, 2003
Cyberspace Definitions
“The interdependent network of information and communications technology infrastructures, including the Internet, telecommunications networks, computer systems and networks, and embedded processors and controllers in facilities and industries.” White House Cyberspace Policy Review, May 2009
AND PEOPLE!!!
EO-13636 and PPD-21
In February 2013, the President issued two new policies:
1) Executive Order 13636: Improving Critical
Infrastructure Cybersecurity
2) Presidential Policy Directive – 21: Critical
Infrastructure Security and Resilience
America's national security and economic prosperity are
dependent upon the operation of critical infrastructure
that are increasingly at risk to the effects of cyber attacks
The vast majority of U.S. critical infrastructure is owned
and operated by private companies
A strong partnership between government and industry is
indispensible to reducing the risk to these vital systems
Presenter’s Name June 17, 2003
Integrating Cyber-Physical Security
Executive Order 13636: Improving
Critical Infrastructure Cybersecurity
directs the Executive Branch to:
Develop a technology-neutral
voluntary cybersecurity framework
Promote and incentivize the
adoption of cybersecurity
practices
Increase the volume, timeliness and
quality of cyber threat information
sharing
Incorporate strong privacy and civil
liberties protections into every
initiative to secure our critical
infrastructure
Explore the use of existing
regulation to promote cyber security
Presidential Policy Directive-21:
Critical Infrastructure Security and
Resilience replaces Homeland Security
Presidential Directive-7 and directs the
Executive Branch to:
Develop a situational awareness
capability that addresses both
physical and cyber aspects of how
infrastructure is functioning in near-
real time
Understand the cascading
consequences of infrastructure
failures
Evaluate and mature the public-
private partnership
Update the National Infrastructure
Protection Plan
Develop comprehensive research
and development plan (CSD / RSD)
11
Presenter’s Name June 17, 2003
• Publish instructions: unclassified threat information
• Report on cybersecurity incentives
• Publish procedures: expand the Enhanced Cybersecurity Services
120 days – June 12, 2013
• Identify cybersecurity critical infrastructure
• Evaluate public-private partnership models
• Expedite security clearances for private sector
150 Days - July 12, 2013
• Develop a situational awareness capability
• Update the National Infrastructure Protection Plan
• Publish draft voluntary Cybersecurity Framework
240 Days – October 10, 2013
• Report on privacy and civil rights and civil liberties cybersecurity enhancement risks
• Stand up voluntary program based on finalized Cybersecurity Framework
365 days – February 12, 2014
• Critical Infrastructure Security and Resilience R&D Plan
Beyond 365 - TBD
12
C
C
EO-PPD Deliverables
C
Presenter’s Name June 17, 2003
Cybersecurity Framework (NIST lead)
Developed in collaboration with industry, provides guidance to an organization on
managing cybersecurity risk
Supports the improvement of cybersecurity for the Nation’s Critical Infrastructure
using industry-known standards and best practices
Provides a common language and mechanism for organizations to
1. describe current cybersecurity posture;
2. describe their target state for cybersecurity;
3. identify and prioritize opportunities for improvement within the context of risk
management;
4. assess progress toward the target state;
5. Foster communications among internal and external stakeholders.
Composed of three parts: the Framework Core, the Framework Implementation
Tiers, and Framework Profiles
13
Presenter’s Name June 17, 2003
Cybersecurity Framework
Function Category
IDENTIFY
Asset Management
Business Environment
Governance
Risk Assessment
Risk Management
PROTECT
Access Control
Awareness and Training
Data Security
Information Protection Processes and Procedures
Protective Technology
DETECT
Anomalies and Events
Security Continuous Monitoring
Detection Processes
RESPOND
Communication
Analysis
Mitigation
Improvements
RECOVER
Recovery Planning
Improvements
Communication
14
Presenter’s Name June 17, 2003
Areas:
“While these reports do not yet represent a final Administration policy, they do offer
an initial examination of how the critical infrastructure community could be
incentivized to adopt the Cybersecurity Framework as envisioned in the Executive
Order. We will be making more information on these efforts available as the
Framework and Program are completed.”
Michael Daniel,
Special Assistant to the President and Cybersecurity Coordinator
White House Blog, August 6, 2013
1. Cybersecurity Insurance
2. Grants
3. Process Preference
4. Liability Limitation
5. Streamline Regulations
6. Public Recognition
7. Rate Recovery for Price Regulated
Industries
8. Cybersecurity Research
15
Recommended Incentives
Presenter’s Name June 17, 2003
R&D guidance from PPD-21 Within 2 years, DHS in coordination with OSTP, SSA’s, DOC and other Federal
D&A, shall provide to the President a National Critical Infrastructure Security and
Resilience R&D Plan that takes into account the evolving threat landscape, annual
metrics, and other relevant information to identify priorities and guide R&D
requirements and investments…plan issued every 4 years …updates as needed.
Innovation and Research & Development: DHS in coordination with OSTP, SSA’s,
Commerce and other Federal D&A, shall provide input to align those Federal and
Federally-funded R&D activities that seek to strengthen the security and resiliency
of the Nation’s critical infrastructure, including:
Promoting R&D to enable the secure and resilient design and construction of critical
infrastructure and more secure accompanying cyber technology;
Enhancing modeling capabilities to determine potential impacts … and cascading effects;
Facilitating initiatives to incentivize cyber security investments and the adoption of critical
infrastructure design features that strengthen all-hazards security and resilience;
Prioritizing efforts to support the strategic guidance issued by the Secretary.
Working Group headed up by DHS S&T
16
Presenter’s Name June 17, 2003
How to Engage National Infrastructure Protection Plan process
Review and comment on Draft Documents
www.dhs.gov/eo-ppd
Provide input through dialogue on IdeaScale -- http://eoppd.ideascale.com
Encourage partners to review and provide input
PPD/EO Integrated Task Force Weekly Stakeholder Bulletin
Current status of activities
List of upcoming Open Forums, Webinars and other Engagement Opportunities
Contact [email protected] for more information
Also R&[email protected] for R&D plan information, participation
17
DHS S&T Mission
Strengthen America’s security and resiliency by providing
knowledge products and innovative technology solutions for
the Homeland Security Enterprise
1) Create new technological capabilities and knowledge products
2) Provide Acquisition Support and Operational Analysis
3) Provide process enhancements and gain efficiencies
4) Evolve US understanding of current and future homeland security risks and
opportunities
18
FOCUS AREAS
• Bio
• Explosives
• Cybersecurity
• First Responders
• Resilient Systems
• Borders / Maritime
Presenter’s Name June 17, 2003
Cyber Security Focus Areas
Trustworthy Cyber Infrastructure
Working with the global Internet community to secure cyberspace
Research Infrastructure to Support Cybersecurity
Developing necessary research infrastructure to support R&D community
R&D Partnerships
Establishing R&D partnerships with private sector, academia, and international partners
Innovation and Transition
Ensuring R&D results become real solutions
Cybersecurity Education
Leading National and DHS cybersecurity education initiatives
19
Presenter’s Name June 17, 2003
R&D Partnerships
Oil and Gas Sector
LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity
Electric Power Sector
TCIPG – Trustworthy Computing Infrastructure for the Power Grid
Banking and Finance Sector
FI-VICS – Financial Institutions – Verification of Identity Credential Service
DECIDE – Distributed Environment for Critical Incident Decision-making
Exercises (recent Quantum Dawn II exercise)
State and Local
PRISEM - Public Regional Information Security Event Management
PIV-I/FRAC TTWG – State and Local and Private Sector First Responder
Authentication Credentials and Technology Transition
Law Enforcement
SWGDE – Special Working Group on Digital Evidence (FBI lead)
CFWG – Cyber Forensics Working Group (CBP, ICE, USSS, FBI, S/L)
20
Presenter’s Name June 17, 2003
International Bilateral Agreements
Government-to-government cooperative activities for 13 bilateral Agreements
S&T International Engagements
• Canada (2004)
• Australia (2004)
• United Kingdom (2005)
• Singapore (2007)
• Sweden (2007)
• Mexico (2008)
• Israel (2008)
• France (2008)
• Germany (2009)
• New Zealand (2010)
• European Commission (2010)
• Spain (2011)
• Netherlands (2013)
COUNTRY PROJECTS MONEY IN JOINT MONEY OUT Australia 3 $300K $400K
Canada 11 $1.8M
Germany 1 $300K
Israel 2 $100K Netherlands 7 $450K $1.2M $150K
Sweden 4 $650K United Kingdom 3 $1.2M $400K European Union 1
Japan 1
Over $6M of
International
co-funding
Presenter’s Name June 17, 2003
Transition To Practice (TTP) Program
22
R&D Sources
DOE National
Labs
FFRDC’s (Federally
Funded R&D Centers)
Academia
Small Business
Transition
processes
Testing &
evaluation
Red Teaming
Pilot
deployments
Utilization
Open Sourcing
Licensing
New Companies
Adoption by
cyber
operations
analysts
Direct private-
sector adoption
Government
use
Implement Presidential Memorandum –
“Accelerating Technology Transfer and
Commercialization of Federal Research in Support
of High-Growth Businesses” (Oct 28, 2011)
Presenter’s Name June 17, 2003
Cybersecurity Education
Cyber Security Competitions (http://nationalccdc.org)
National Initiative for Cybersecurity Education (NICE)
NCCDC (Collegiate); U.S. Cyber Challenge (High School)
Provide a controlled, competitive environment
to assess a student’s depth of understanding and
operational competency in managing the challenges
inherent in protecting a corporate network
infrastructure and business information systems.
DHS Cyber Skills Task Force (CSTF)
Established June 6, 2012 - Homeland Security Advisory Council
Over 50 interviews (DHS internal and external)
Identify best ways DHS can foster the development of a national security
workforce capable of meeting current and future cybersecurity challenges;
Outline how DHS can improve its capability to recruit and retain sophisticated
cybersecurity talent.
11 recommendations in 5 key areas
23
Presenter’s Name June 17, 2003
White House Priorities – FY14+
Secure Federal Networks Identity/Credential Access Mgmt (ICAM), Cloud Exchange, Fed-RAMP
Protect Critical Infrastructure Public-Private Cyber Coordination, EO/PPD Initiatives
Improve Incident Response and Reporting Information Sharing among Federal Centers
Capacity Building for State/Local/Tribal/Territorial (SLTTs)
Engage Internationally Foreign Assistance Capacity Building
Build Workforce Capacity to Support International Cyber Engagement
Shape the Future National Strategy for Trusted Identity in Cyberspace (NSTIC)
National Initiative for Cybersecurity Education (NICE)
Cybersecurity R&D – EO/PPD R&D Plan, Federal R&D Plan, Transition To
Practice, Foundational Research
24
Presenter’s Name June 17, 2003
Cyber Physical Systems (CPS) “Smart networked systems with embedded sensors, processors
and actuators that are designed to sense and interact with the
physical world (including the human users), and support real-time,
guaranteed performance in safety-critical applications”
Several workshops over the past year or two Transportation
Automotive, UAVs, Aeronautical, Rail
Manufacturing
Healthcare
Energy
Agriculture
Defense
Emergency Response
Others …..
All with an eye towards society, economics, and impact
Future - Inter-Agency: CPS
25
Presenter’s Name June 17, 2003
CSD New Program Ideas
Security for Cloud-Based Systems
Data Privacy Technologies
Mobile Wireless Investigations
Mobile Device Security
Next-Generation DDOS Defenses
Application Security Threat Attack Modeling (ASTAM)
Static Tool Analysis Modernization Project (STAMP)
Network Reputation and Risk Analysis
Data Analytics Methods for Cyber Security
Cyber Security Education
Designed-In Security
Finance Sector Cybersecurity
DNSSEC Applications
Data Provenance for Cybersecurity
Cyber Economic Incentives – based on EO/PPD 26
DHS S&T Long Range Broad Agency Announcement (LRBAA) 12-07 S&T seeks R&D projects for revolutionary, evolving, and maturing
technologies that demonstrate the potential for significant
improvement in homeland security missions and operations
Offerors can submit a pre-submission inquiry prior to White Paper
submission that is reviewed by an S&T Program Manager
CSD has 18 Topic Areas (CSD.01 – CSD.18) – SEE NEXT SLIDE
LRBAA 12-07 has been extended and closes on 12/31/13
S&T BAA Website: https://baa2.st.dhs.gov
Additional information can be found on the Federal Business
Opportunities website (www.fbo.gov) (Solicitation #:DHSS-
TLRBAA12-07)
27
CSD.01 – Comprehensive National
Cybersecurity Initiative and Federal R&D
Strategic Plan topics
CSD.02 – Internet Infrastructure Security
CSD.03 – National Research
Infrastructure
CSD.04 –Homeland Open Security
Technology
CSD.05 – Forensics support to law
enforcement
CSD.06 – Identity Management
CSD.07 – Data Privacy and Information
Flow technologies.
CSD.08 – Software Assurance
CSD.09 – Cyber security competitions,
education and curriculum development.
LRBAA Summary Listing CSD.10 – Process Control Systems and
Critical Infrastructure Security
CSD.11 – Internet Measurement and
Attack Modeling
CSD.12 – Securing the mobile
workforce
CSD.13 - Security in cloud based
systems
CSD.14 – Experiments – Test and
evaluation in experimental operational
environments to facilitate transition.
CSD.15 – Research Data Repository
CSD.16 – Cybersecurity Economic
Incentives
CSD.17 – Data Analytics – analysis
techniques, visualization,
CSD.18 – Tailored Trustworthy Spaces
– trust negotiation, app anonymity
28
Presenter’s Name June 17, 2003
Summary
Cybersecurity research is a key area of innovation to
support our global economic and national security futures
DHS S&T continues with an aggressive cyber security
research agenda
Working to solve the cyber security problems of our current (and
future) infrastructure and systems
Working with academe and industry to improve research tools and
datasets
Looking at future R&D agendas with the most impact for the nation
Need to continue strong emphasis on technology transfer
and experimental deployments
Must focus on the education, training, and awareness
aspects of our current and future cybersecurity workforce
29
Presenter’s Name June 17, 2003
Recent CSD Publications
30
Presenter’s Name June 17, 2003
For more information, visit
http://www.dhs.gov/cyber-research
http://www.dhs.gov/st-csd
Douglas Maughan, Ph.D.
Division Director
Cyber Security Division
Homeland Security Advanced
Research Projects Agency (HSARPA)
202-254-6145 / 202-360-3170
31