Your SlideShare is downloading. ×
Homeland Open Security Technologies (HOST)
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Homeland Open Security Technologies (HOST)


Published on

Homeland Open Security Technologies (HOST) …

Homeland Open Security Technologies (HOST)
Douglas Maughan,
Program Manager, DHS S&T Cyber Security R&D Program

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Dept. of Homeland Security Science & Technology Directorate
    DHS S&T Cyber Security RDTE&T Initiatives and Open Source
    MIL-OSS Conference
    Rosslyn, VA
    August 4, 2010
    Douglas Maughan, Ph.D.
    Branch Chief / Program Mgr.
    202-254-6145 / 202-360-3170
  • 2. 4 August 2010
    Open Source and Government
    Phase 2
    May 2003
    June 2006
    Launched Oct 2009
    Bus. Case
    July 2001
    July 2001
    2001 - 03
    Jan 2003
    July 2004
    Oct 2009
    June 2007
    DoD NII
  • 3. 4 August 2010
    Univ. of Pennsylvania
    Critical Findings
    1. Federal government should encourage the development of Open Source Software.
    2. Federal government should allow Open Source development efforts to compete on a “level playing field” with proprietary solutions in government procurement
    3. Government sponsored Open Source projects should choose from a small set of established Open Source licenses after analysis of each license and determination of which may be preferable.
    Network Associates Labs
    DARPA Program (2001-2003)
    • President’s Information Technology Advisory Committee (PITAC) Report on Open Source Software (OSS) Panel for High Performance Computing (HPC)
  • 4 August 2010
    Science and Technology (S&T) Mission
    Conduct, stimulate, and enable research, development, test, evaluation and timely transition of homeland security capabilities to federal, state and local operational end-users.
  • 4. Cyber Security Program Areas
    Information Infrastructure Security
    Cyber Security Research Infrastructure
    Next Generation Technologies
    Two new program areas – Cyber Forensics and Homeland Open Security Technology (HOST)
    Research Horizon – What does it look like?
    4 August 2010
  • 5. Information Infrastructure Security
    DNSSEC – Domain Name System Security
    S&T has been leading global DNSSEC Deployment Initiative since 2004, including roadmaps, workshops, testbed, pilots, software development, standards, outreach, and training
    Working with OMB, OSTP, GSA, NIST to ensure USG is leading the global deployment efforts
    Working with vendor community to ensure solutions
    SPRI – Secure Protocols for Routing Infrastructure
    S&T has been leading global SPRI Initiative since 2008, including a roadmap, workshops, testbed, software development, standards, and community outreach
    Working with global registries to deploy Public Key Infrastructure (PKI) between ICANN/IANA and registries (e.g., ARIN) and ISPs/customers
    Working with IETF standards and industry to develop solutions for our current routing security problems and future technologies
    Funding R&D for tools to facilitate deployment
    Colorado State Univ, University of Oregon, UCLA, USC-ISI, PCH, NIST
    July 6, 2010
  • 6. Information Infrastructure Security - 2
    LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity
    A collaboration of oil and natural gas companies and DHS S&T to facilitate cooperative research, development, testing, and evaluation procedures to improve cyber security in Industrial Automation and Control Systems
    Consortium under the Automation Federation
    TCIPG – Trustworthy Computing Infrastructure for the Power Grid
    Partnership with DOE funded at UIUC with several partner universities and industry participation
    Drive the design of an adaptive, resilient, and trustworthy cyber infrastructure for transmission & distribution of electric power, including new resilient “smart” power grid
    DECIDE (Distributed Environment for Critical Infrastructure Decision-making Exercises)
    Provide a dedicated exercise capability to foster an effective, practiced business continuity effort to deal with increasingly sophisticated cyber threats
    Enterprises will be able to initiate their own large-scale exercises, define their own scenarios, protect their proprietary data, and learn vital lessons to enhance business continuity, all from their desktops
    The Financial Services Sector Coordinating Council R&D Committee has organized a user-group of subject matter experts paid by their respective financial institutions to support the project over the next two years.
    July 6, 2010
  • 7. National Research Infrastructure
    DETER -
    Researcher and vendor-neutral experimental infrastructure that is open to a wide community of users to support the development and demonstration of next-generation cyber defense technologies
    Over 170 users from 14 countries (and growing)
    Repository of network data for use by the U.S.- based cyber security research community
    Privacy Impact Assessment (PIA) completed
    Over 118 datasets and growing; Over 100 active users (and growing)
    End Goal: Improve the quality of defensive cyber security technologies
    4 August 2010
  • 8. 4 August 2010
    Next Generation Technologies
    R&D funding model that delivers both near-term and medium-term solutions:
    To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure.
    To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging systems;
    To facilitate the transfer of these technologies into the national infrastructure as a matter of urgency.
  • 9. Sample Product List
    Ironkey – Secure USB
    Standard Issue to S&T employees from S&T CIO
    Coverity – Open Source Hardening (SCAN)
    Evaluates over 150 open source software packages nightly
    USURF – Cyber Exercise Planning tool
    Currently in use in WA state exercise; partnering with NCSD
    Secure64 – DNSSEC Automation
    Several commercial customers; Government pilots underway
    HBGary – Memory and Malware Analysis
    12-15 pilot deployments as part of Cyber Forensics program (later)
    Stanford – Anti-Phishing Technologies
    Open source; Most browsers have incorporated Stanford R&D
    Secure Decisions – Data Visualization
    Pilot with DHS/NCSD/US-CERT in progress
    4 August 2010
  • 10. 4 August 2010
    Give open source community access to entire toolset
    Open-source developers register their project.
    Coverity automatically downloads and runs tool over it.
    Developers get back bugs in coverity’s bug database
    Big success:
    Roughly 500 projects registered
    4,700+ defects actually patched.
    Some really crucial bugs found; dozens of security patches (e.g., X, ethereal)
  • 11. 4 August 2010
    Initial requirements working group held 11/20/08
    Attendees from USSS, CBP, ICE, FLETC, FBI, NIJ, TSWG, NIST, Miami-Dade PD, Albany NY PD
    Initial list of projects
    Mobile device forensic tools
    GPS forensics tools
    LE First responder “field analysis kit”
    High-speed data capture and deep packet inspection
    Live stream capture for gaming systems
    Memory analysis and malware tools
    Information Clearing House
    S&T initiated 6 projects in FY09 totaling $2M
    Cyber Forensics
  • 12. 4 August 2010
    Vulnerability Assessment of Open Source “Wireshark”
    Assessment: Assess a key open-source monitoring and forensics tool using the University of Wisconsin’s First Principles Vulnerability Assessment (FPVA) methodology
    Training: Develop materials and teach tutorials in vulnerability assessment and secure programming techniques
    Vulnerability characterization and automated detection: Use the results from assessments to formalize the description of vulnerabilities found and develop algorithms to detect them
  • 13. 4 August 2010
    Homeland Open Security Technology (HOST)
    Promote the development and implementation of open source solutions within US Federal, state and municipal government agencies
  • 14. How can we (collectively) afford IT?
    $38,500,000,000+ (BILLION!)
    HOST Motivation
    4 August 2010
  • 15.
    • US Govt Spends $38 Billion on IT Annually
    • 16. Trend is Not Sustainable
    • 17. Bureaucracy (easy to blame)
    • 18. Complexity of Govt Enterprise Systems
    • 19. Redundancy – Re-Invent the Wheel
    • 20. Existing System of Acquisition, Management, Updating, Technical Obsolescence
    • 21. Significant Hurdle
    • 22. Cybersecurity = Protection of Infrastructure and Data
    Need: Sustainable Government IT Systems
    4 August 2010
  • 23. Approach:Leverage Open Systems
    • Audience
    • 24. Federal, State, Local Government End Users - Citizens
    • 25. Share Benefits with Industry, Development Communities
    • 26. Open Technology Solutions
    • 27. Vendor/Platform Agnostic
    • 28. Best of Breed Development – Builds Upon Success
    • 29. Focuses on Addressing the Needs of End Users
    4 August 2010
    GOAL: Improve systems security, enhance technical efficiency and reduce the cost of IT management...within Govt IT systems.
  • 30. Benefits:Open Technology Solutions
    • Open Systems promote and encourage
    • 31. Transparency – Interoperability – Technical Agility
    • 32. Enhanced Manageability through Open Source License
    • 33. Economic Benefits
    • 34. Lower Adoption Costs – Promotes Vendor Competition
    • 35. Broad Vendor and Developer Support
    • 36. Secure – Stable – Broadly Adopted in Govt and Industry
    • 37. Existing Govt Adoption/Usage
    • 38. OMB/White House, DoD, Dept of Navy adoption OS Policy
    • 39. Growing Govt Open Technology Adoption
    4 August 2010
  • 40. Competition: Who/What are the Challenges
    • Adoption Resistance
    • 41. Ingrained Systems
    • 42. Existing Relationships
    • 43. Policy Updates and Modifications
    • 44. Change Mentality
    • 45. Lack of Vision, Leadership and Continuity
    • 46. FUD/Pushback
    • 47. Proprietary Vendors
    • 48. Technology Vendors
    • 49. Business Models
    • 50. Non-competitive solutions
    4 August 2010
  • 51. 4 August 2010
    HOST Program Areas
    Information Portal
    Federal Government Open Source Census
    GovernmentForge Open Source Software Repository
    Standards, Best Practices
    Community Outreach
    “New” open source IDS/IPS
    Work with tool developers (source, binary) on open source software quality analysis
    Information Assurance / Security
    US Government security evaluation processes (OpenSSL)
    S&T initiated projects in FY09/10 totaling $1.5M
  • 52. Progress to Date
    4 August 2010
  • 53. HOST: Going Forward
    • Investment
    • 54. $10M up to $50M+
    • 55. 5-yr (1 + 4 w/options)
    • 56. Scalable based on deliverables & program review
    • 57. ROI
    • 58. Value of Deliverables
    • 59. Strategic Advantage
    • 60. Accountability
    • 61. Metrics tied to similar IT program of record
    • 62. Investment Costs
    • 63. Recurring Fees
    • 64. Management/Admin Exp
    • 65. Upgrade Costs
    • 66. Compatibility Expenses
    • 67. Vendor Failure Expense
    • 68. Process Not Product
    4 August 2010
    Can we afford NOT to Invest in Open Technology?
  • 69. 4 August 2010
    Timeline of Past Research Reports
    President’s Commission on CIP (PCCIP)
    NRC CSTB Trust in Cyberspace
    I3P R&D Agenda
    National Strategy to Secure Cyberspace
    Computing Research Association – 4 Challenges
    NIAC Hardening the Internet
    PITAC - Cyber Security: A Crisis of Prioritization
    IRC Hard Problems List
    NSTC Federal Plan for CSIA R&D
    NRC CSTB Toward a Safer and More Secure Cyberspace
    All documents available at
  • 70. 4 August 2010
    A Roadmap for Cybersecurity Research
    Scalable Trustrworthy Systems
    Enterprise Level Metrics
    System Evaluation Lifecycle
    Combatting Insider Threats
    Combatting Malware and Botnets
    Global-Scale Identity Management
    Survivability of Time-Critical Systems
    Situational Understanding and Attack Attribution
    Information Provenance
    Privacy-Aware Security
    Usable Security
  • 71. DHS S&T Roadmap Content
    What is the problem being addressed?
    What are the potential threats?
    Who are the potential beneficiaries? What are their respective needs?
    What is the current state of practice?
    What is the status of current research?
    What are the research gaps?
    What challenges must be addressed?
    What resources are needed?
    How do we test & evaluate solutions?
    What are the measures of success?
    4 August 2010
  • 72. National Cyber Leap Year (NCLY)
    RFI – 1: Generic, wide-open
    Received over 160 responses; created 9 research areas
    Attribution, Cyber Economics, Disaster Recovery, Network Ecology, Policy-based Configuration, Randomization/Moving Target, Secure Data, Software Assurance, Virtualization
    RFI – 2: Same as RFI-1, but providing IP protection
    Received over 30 responses
    RFI – 3: Requested submissions only in 9 research areas above
    Received over 40 responses
    National Cyber Leap Year (NCLY) Summit
    August 17-19, 2009
    Results posted on
    4 August 2010
  • 73. NCLY Summit Topics
    Cyber economics
    Digital provenance
    Hardware enabled trust
    Moving target defense
    Nature-inspired cyber defense
    Expectation: Agencies will be using these topic areas in future solicitations (FY11 and beyond)
    4 August 2010
  • 74. 28
    DHS S&T continues with an aggressive cyber security research agenda
    Working with the community to solve the cyber security problems of our current (and future) infrastructure
    Outreach to communities outside of the Federal government, i.e., building public-private partnerships is essential
    Working with academe and industry to improve research tools and datasets
    Looking at future R&D agendas with the most impact for the nation, including education
    Need to continue strong emphasis on technology transfer and experimental deployments
    4 August 2010
  • 75. 4 August 2010
    Douglas Maughan, Ph.D.
    Branch Chief / Program Mgr.
    202-254-6145 / 202-360-3170
    For more information, visit