Homeland Open Security Technologies (HOST)
Upcoming SlideShare
Loading in...5

Homeland Open Security Technologies (HOST)



Homeland Open Security Technologies (HOST)

Homeland Open Security Technologies (HOST)
Douglas Maughan,
Program Manager, DHS S&T Cyber Security R&D Program



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Homeland Open Security Technologies (HOST) Homeland Open Security Technologies (HOST) Presentation Transcript

    • Dept. of Homeland Security Science & Technology Directorate
      DHS S&T Cyber Security RDTE&T Initiatives and Open Source
      MIL-OSS Conference
      Rosslyn, VA
      August 4, 2010
      Douglas Maughan, Ph.D.
      Branch Chief / Program Mgr.
      202-254-6145 / 202-360-3170
    • 4 August 2010
      Open Source and Government
      Phase 2
      May 2003
      June 2006
      Launched Oct 2009
      Bus. Case
      July 2001
      July 2001
      2001 - 03
      Jan 2003
      July 2004
      Oct 2009
      June 2007
      DoD NII
    • 4 August 2010
      Univ. of Pennsylvania
      Critical Findings
      1. Federal government should encourage the development of Open Source Software.
      2. Federal government should allow Open Source development efforts to compete on a “level playing field” with proprietary solutions in government procurement
      3. Government sponsored Open Source projects should choose from a small set of established Open Source licenses after analysis of each license and determination of which may be preferable.
      Network Associates Labs
      DARPA Program (2001-2003)
      • President’s Information Technology Advisory Committee (PITAC) Report on Open Source Software (OSS) Panel for High Performance Computing (HPC)
    • 4 August 2010
      Science and Technology (S&T) Mission
      Conduct, stimulate, and enable research, development, test, evaluation and timely transition of homeland security capabilities to federal, state and local operational end-users.
    • Cyber Security Program Areas
      Information Infrastructure Security
      Cyber Security Research Infrastructure
      Next Generation Technologies
      Two new program areas – Cyber Forensics and Homeland Open Security Technology (HOST)
      Research Horizon – What does it look like?
      4 August 2010
    • Information Infrastructure Security
      DNSSEC – Domain Name System Security
      S&T has been leading global DNSSEC Deployment Initiative since 2004, including roadmaps, workshops, testbed, pilots, software development, standards, outreach, and training
      Working with OMB, OSTP, GSA, NIST to ensure USG is leading the global deployment efforts
      Working with vendor community to ensure solutions
      SPRI – Secure Protocols for Routing Infrastructure
      S&T has been leading global SPRI Initiative since 2008, including a roadmap, workshops, testbed, software development, standards, and community outreach
      Working with global registries to deploy Public Key Infrastructure (PKI) between ICANN/IANA and registries (e.g., ARIN) and ISPs/customers
      Working with IETF standards and industry to develop solutions for our current routing security problems and future technologies
      Funding R&D for tools to facilitate deployment
      Colorado State Univ, University of Oregon, UCLA, USC-ISI, PCH, NIST
      July 6, 2010
    • Information Infrastructure Security - 2
      LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity
      A collaboration of oil and natural gas companies and DHS S&T to facilitate cooperative research, development, testing, and evaluation procedures to improve cyber security in Industrial Automation and Control Systems
      Consortium under the Automation Federation
      TCIPG – Trustworthy Computing Infrastructure for the Power Grid
      Partnership with DOE funded at UIUC with several partner universities and industry participation
      Drive the design of an adaptive, resilient, and trustworthy cyber infrastructure for transmission & distribution of electric power, including new resilient “smart” power grid
      DECIDE (Distributed Environment for Critical Infrastructure Decision-making Exercises)
      Provide a dedicated exercise capability to foster an effective, practiced business continuity effort to deal with increasingly sophisticated cyber threats
      Enterprises will be able to initiate their own large-scale exercises, define their own scenarios, protect their proprietary data, and learn vital lessons to enhance business continuity, all from their desktops
      The Financial Services Sector Coordinating Council R&D Committee has organized a user-group of subject matter experts paid by their respective financial institutions to support the project over the next two years.
      July 6, 2010
    • National Research Infrastructure
      DETER - http://www.isi.edu/deter/
      Researcher and vendor-neutral experimental infrastructure that is open to a wide community of users to support the development and demonstration of next-generation cyber defense technologies
      Over 170 users from 14 countries (and growing)
      PREDICT – https://www.predict.org
      Repository of network data for use by the U.S.- based cyber security research community
      Privacy Impact Assessment (PIA) completed
      Over 118 datasets and growing; Over 100 active users (and growing)
      End Goal: Improve the quality of defensive cyber security technologies
      4 August 2010
    • 4 August 2010
      Next Generation Technologies
      R&D funding model that delivers both near-term and medium-term solutions:
      To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure.
      To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging systems;
      To facilitate the transfer of these technologies into the national infrastructure as a matter of urgency.
    • Sample Product List
      Ironkey – Secure USB
      Standard Issue to S&T employees from S&T CIO
      Coverity – Open Source Hardening (SCAN)
      Evaluates over 150 open source software packages nightly
      USURF – Cyber Exercise Planning tool
      Currently in use in WA state exercise; partnering with NCSD
      Secure64 – DNSSEC Automation
      Several commercial customers; Government pilots underway
      HBGary – Memory and Malware Analysis
      12-15 pilot deployments as part of Cyber Forensics program (later)
      Stanford – Anti-Phishing Technologies
      Open source; Most browsers have incorporated Stanford R&D
      Secure Decisions – Data Visualization
      Pilot with DHS/NCSD/US-CERT in progress
      4 August 2010
    • 4 August 2010
      Give open source community access to entire toolset
      Open-source developers register their project.
      Coverity automatically downloads and runs tool over it.
      Developers get back bugs in coverity’s bug database
      Big success:
      Roughly 500 projects registered
      4,700+ defects actually patched.
      Some really crucial bugs found; dozens of security patches (e.g., X, ethereal)
      Coverity: scan.coverity.com
    • 4 August 2010
      Initial requirements working group held 11/20/08
      Attendees from USSS, CBP, ICE, FLETC, FBI, NIJ, TSWG, NIST, Miami-Dade PD, Albany NY PD
      Initial list of projects
      Mobile device forensic tools
      GPS forensics tools
      LE First responder “field analysis kit”
      High-speed data capture and deep packet inspection
      Live stream capture for gaming systems
      Memory analysis and malware tools
      Information Clearing House
      S&T initiated 6 projects in FY09 totaling $2M
      Cyber Forensics
    • 4 August 2010
      Vulnerability Assessment of Open Source “Wireshark”
      Assessment: Assess a key open-source monitoring and forensics tool using the University of Wisconsin’s First Principles Vulnerability Assessment (FPVA) methodology
      Training: Develop materials and teach tutorials in vulnerability assessment and secure programming techniques
      Vulnerability characterization and automated detection: Use the results from assessments to formalize the description of vulnerabilities found and develop algorithms to detect them
    • 4 August 2010
      Homeland Open Security Technology (HOST)
      Promote the development and implementation of open source solutions within US Federal, state and municipal government agencies
    • How can we (collectively) afford IT?
      $38,500,000,000+ (BILLION!)
      HOST Motivation
      4 August 2010
      • US Govt Spends $38 Billion on IT Annually
      • Trend is Not Sustainable
      • Bureaucracy (easy to blame)
      • Complexity of Govt Enterprise Systems
      • Redundancy – Re-Invent the Wheel
      • Existing System of Acquisition, Management, Updating, Technical Obsolescence
      • Significant Hurdle
      • Cybersecurity = Protection of Infrastructure and Data
      Need: Sustainable Government IT Systems
      4 August 2010
    • Approach:Leverage Open Systems
      • Audience
      • Federal, State, Local Government End Users - Citizens
      • Share Benefits with Industry, Development Communities
      • Open Technology Solutions
      • Vendor/Platform Agnostic
      • Best of Breed Development – Builds Upon Success
      • Focuses on Addressing the Needs of End Users
      4 August 2010
      GOAL: Improve systems security, enhance technical efficiency and reduce the cost of IT management...within Govt IT systems.
    • Benefits:Open Technology Solutions
      • Open Systems promote and encourage
      • Transparency – Interoperability – Technical Agility
      • Enhanced Manageability through Open Source License
      • Economic Benefits
      • Lower Adoption Costs – Promotes Vendor Competition
      • Broad Vendor and Developer Support
      • Secure – Stable – Broadly Adopted in Govt and Industry
      • Existing Govt Adoption/Usage
      • OMB/White House, DoD, Dept of Navy adoption OS Policy
      • Growing Govt Open Technology Adoption
      4 August 2010
    • Competition: Who/What are the Challenges
      • Adoption Resistance
      • Ingrained Systems
      • Existing Relationships
      • Policy Updates and Modifications
      • Change Mentality
      • Lack of Vision, Leadership and Continuity
      • FUD/Pushback
      • Proprietary Vendors
      • Technology Vendors
      • Business Models
      • Non-competitive solutions
      4 August 2010
    • 4 August 2010
      HOST Program Areas
      Information Portal
      Federal Government Open Source Census
      GovernmentForge Open Source Software Repository
      Standards, Best Practices
      Community Outreach
      “New” open source IDS/IPS
      Work with tool developers (source, binary) on open source software quality analysis
      Information Assurance / Security
      US Government security evaluation processes (OpenSSL)
      S&T initiated projects in FY09/10 totaling $1.5M
    • Progress to Date
      4 August 2010
    • HOST: Going Forward
      • Investment
      • $10M up to $50M+
      • 5-yr (1 + 4 w/options)
      • Scalable based on deliverables & program review
      • ROI
      • Value of Deliverables
      • Strategic Advantage
      • Accountability
      • Metrics tied to similar IT program of record
      • Investment Costs
      • Recurring Fees
      • Management/Admin Exp
      • Upgrade Costs
      • Compatibility Expenses
      • Vendor Failure Expense
      • Process Not Product
      4 August 2010
      Can we afford NOT to Invest in Open Technology?
    • 4 August 2010
      Timeline of Past Research Reports
      President’s Commission on CIP (PCCIP)
      NRC CSTB Trust in Cyberspace
      I3P R&D Agenda
      National Strategy to Secure Cyberspace
      Computing Research Association – 4 Challenges
      NIAC Hardening the Internet
      PITAC - Cyber Security: A Crisis of Prioritization
      IRC Hard Problems List
      NSTC Federal Plan for CSIA R&D
      NRC CSTB Toward a Safer and More Secure Cyberspace
      All documents available at http://www.cyber.st.dhs.gov
    • 4 August 2010
      A Roadmap for Cybersecurity Research
      Scalable Trustrworthy Systems
      Enterprise Level Metrics
      System Evaluation Lifecycle
      Combatting Insider Threats
      Combatting Malware and Botnets
      Global-Scale Identity Management
      Survivability of Time-Critical Systems
      Situational Understanding and Attack Attribution
      Information Provenance
      Privacy-Aware Security
      Usable Security
    • DHS S&T Roadmap Content
      What is the problem being addressed?
      What are the potential threats?
      Who are the potential beneficiaries? What are their respective needs?
      What is the current state of practice?
      What is the status of current research?
      What are the research gaps?
      What challenges must be addressed?
      What resources are needed?
      How do we test & evaluate solutions?
      What are the measures of success?
      4 August 2010
    • National Cyber Leap Year (NCLY)
      RFI – 1: Generic, wide-open
      Received over 160 responses; created 9 research areas
      Attribution, Cyber Economics, Disaster Recovery, Network Ecology, Policy-based Configuration, Randomization/Moving Target, Secure Data, Software Assurance, Virtualization
      RFI – 2: Same as RFI-1, but providing IP protection
      Received over 30 responses
      RFI – 3: Requested submissions only in 9 research areas above
      Received over 40 responses
      National Cyber Leap Year (NCLY) Summit
      August 17-19, 2009
      Results posted on http://www.nitrd.gov
      4 August 2010
    • NCLY Summit Topics
      Cyber economics
      Digital provenance
      Hardware enabled trust
      Moving target defense
      Nature-inspired cyber defense
      Expectation: Agencies will be using these topic areas in future solicitations (FY11 and beyond)
      4 August 2010
    • 28
      DHS S&T continues with an aggressive cyber security research agenda
      Working with the community to solve the cyber security problems of our current (and future) infrastructure
      Outreach to communities outside of the Federal government, i.e., building public-private partnerships is essential
      Working with academe and industry to improve research tools and datasets
      Looking at future R&D agendas with the most impact for the nation, including education
      Need to continue strong emphasis on technology transfer and experimental deployments
      4 August 2010
    • 4 August 2010
      Douglas Maughan, Ph.D.
      Branch Chief / Program Mgr.
      202-254-6145 / 202-360-3170
      For more information, visithttp://www.cyber.st.dhs.gov