(nov 2011) Cyber S&T Priority Steering Council Research Roadmap
Cyber S&T Priority Steering Council Research Roadmap for the National Defense Industrial Association Disruptive Technologies Conference 8 November 2011 Steven E. King, Ph.D.Cyber S&T PSC Roadmap8 November 2011 Page-1 Distribution Statement A: Approved for public release; distribution is unlimited.
Problem Statement Lack of resiliency: Lack of agility: Inability to stop attack spread Inability to maneuver and avoid attack Mission failure Lack of assured Kinetic effective missions: mission Missions impaired by Insider cyber attacks Cyber Attack Lack of trustworthiness: Can’t trust global supply chain for mission-critical components Un-Verified ICsCyber S&T PSC Roadmap8 November 2011 Page-2 Distribution Statement A: Approved for public release; distribution is unlimited.
Desired End State Agile cyber operations: Assured effective missions: Maneuvering to avoid attacks Missions success is ensured Diverting to Honeynet Evaluation of cyber vs. kinetic Mission options success Kinetic mission Attack deflected & Attacker absorbed Insider Cyber neutralized Attack Resilient defenses: Trusted foundations: APP Ability to deflect, resist Trusted design, verification, and fabrication of integrated circuits; OS and absorb attacks BIOS Trusted boot and secure attestation Trusted boot Verified ICsCyber S&T PSC Roadmap8 November 2011 Page-3 Distribution Statement A: Approved for public release; distribution is unlimited.
Key Parameter: Work Factor Ratio Challenge: Increase Adversary / Defender Relative Work Factor Over Time • Missions Limit – Kinetic, cyber, and combined missions will Adversary/Defender effectiveness Work Factor Ratio have a cyber dependency and propagation Limit time of malware window for • Infrastructure exploitation – Any element of the cyber infrastructure may Shorten time for be compromised and manipulated adversary reconnaissance – DoD will continue to leverage commercial products and services we do not own or control 2012 2015 2017 2019 – DoD infrastructure defies establishing an all-encompassing static perimeter Perimeter is not well definedCyber S&T PSC Roadmap8 November 2011 Page-4 Distribution Statement A: Approved for public release; distribution is unlimited.
Four Major 10 Year Objectives Assuring Assess and control the cyber situation in mission context Effective Missions Agile Dynamically reshape cyber systems as conditions/goals change, to escape harm Operations Resilient Withstand cyber attacks, and sustain or recover critical functions Infrastructure Establish known degree of assurance that devices, networks, and Trust cyber-dependent functions perform as expected, despite attack or errorCyber S&T PSC Roadmap8 November 2011 Page-5 Distribution Statement A: Approved for public release; distribution is unlimited.
Metrics Trust Resilient Infrastructure Log10 of the Ratio of Foe-effort ($) to USG-effort ($)Restoration +10 (U) Trusted systems from components of mixed trust 2023to Baseline +5 (U) AutomatedPerformance 2013 2018 2023 0 vulnerability discovery 2018 Equal $ Dynamic real-time -5 2013 reconstitution based on Platform 9 Base 12 Command 15 Service 18 Coalition 21 Global 24 Log10 of Complexity (Level, Scale of Trust) Days continuous feedback Operational Agility Autonomous self-managing Hours resilient systems Assuring Effective Missions (U) Predictive Success of 100 cyber/kinetic mission surrogate 2023 tools for use during live mission set mission execution Minutes (% of task outcomes met) 90 2018 2013 (U) Course of action 80 option generation using cyber/kinetic situational awareness 100 10 1 Automated 70 Labor Required (Average Number of Cyber Specialists to Resolve a Significant Attack) 60 1 2 3 4 5 Normalized attack effort (surface x intensity x duration x severity)Cyber S&T PSC Roadmap8 November 2011 Page-6 Distribution Statement A: Approved for public release; distribution is unlimited.
Trust Technical Challenges and Research Opportunities Recommenders Reputation Trusted boot management system and operations Trusted APPLICATION access OS Trust BIOS Trusted connections Token Reverse engineering Trusted organization and forensics Trust Foundations • Scalable reverse engineering and analysis • Trust establishment, propagation, and maintenance techniques • Measurement of trustworthiness • Trustworthy architectures and trust composition toolsCyber S&T PSC Roadmap8 November 2011 Page-7 Distribution Statement A: Approved for public release; distribution is unlimited.
Resilient Infrastructure Technical Challenges and Research Opportunities 1 Application Large Scale Randomization 2 3 View 2 1 3 2 2 1 1 3 3 Platform View VM 3 2 1 1 2 3 VM CPU 1 1 CPU 2 2 VM 2 1 Implementation CPU 3 3 CPU 4 ViewResilient Architectures Resilient Algorithms and Protocols • Resiliency for operational systems • Code-level software resiliency • Mechanisms to compose resilient systems from • Network overlays and virtualization brittle components • Integration of sensing, detection, response, and • Network management algorithms recovery mechanisms • Mobile computing security • Secure modularization and virtualization of nodes and networks • Resiliency-specific modeling and simulationCyber S&T PSC Roadmap8 November 2011 Page-8 Distribution Statement A: Approved for public release; distribution is unlimited.
Agile Operations Technical Challenges and Research Opportunities Adversary is contained within honeynet for further observation Reallocation of mission-critical functions Residual effect of persistent adversary Re-route adversary to honeynet Exposed nodes of operational Attackers network Autonomic Cyber Agility Cyber Maneuver • Techniques for autonomous • Distributed systems architectures and service reprogramming, reconfiguration, and application polymorphism control of cyber components • Network composition based on graph theory • Distributed collaboration and social network • Machine intelligence and automated theory reasoning techniques for executing courses of actionCyber S&T PSC Roadmap8 November 2011 Page-9 Distribution Statement A: Approved for public release; distribution is unlimited.
Assuring Effective Missions Technical Challenges and Research Opportunities Cyber Posture Mission Management Kinetic Posture Management Management Command and Control Mission Model Attacker Data Model Integrated Mission View Mission Situational Awareness Cyber Mission Control • Techniques for mapping assets and describing dependencies between mission elements and cyber infrastructure • Techniques for course of action development and analysis • Cyber effects assessmentCyber S&T PSC Roadmap8 November 2011 Page-10 Distribution Statement A: Approved for public release; distribution is unlimited.
Open Broad Agency Announcements • Army Research Office (ARO) – Solicitation #:W911NF-07-R-0003-04; BAA for Basic and Applied Research, Section 5.3 • Army Research Laboratory (ARL) – Solicitation #:W911NF-07-R-0001-05; BAA for Basic and Applied Research, Section 1 • Communications and Electronics Research, Development, and Engineering Center (CERDEC) – Solicitation #: W15P7T-08-R-P415 • Office of Naval Research (ONR) – Solicitation #: ONRBAA 12-001, Code 31 Section 1 • Naval Research Laboratory (NRL) – Solicitation #: BAA-N00173-02, Section 55-11-02 (Mathematical Foundations of Computing) – Solicitation #: BAA-N00173-02, Section 55-11-03 (High Assurance Engineering and Computing) • Air Force Office of Scientific Research (AFOSR) Small Business Innovation – Solicitation #: AFOSR-BAA-2010-1, Section c.12 Research Announcements • Air Force Research Laboratory (AFRL) http://www.dodsbir.net – Solicitation #: BAA-10-09-RIKA (Cross Domain Innovative Technologies) – Solicitation #: BAA-11-01-RIKA (Cyber Assurance Technologies) NSA Contact Information • Defense Advanced Research Projects Agency (DARPA) (No Open BAAs) – Solicitation #: DARPA-BAA-11-63 (Automated Program Analysis for Cyber Security) Acquisition Resource Center Phone: (443)-479-9572 – Solicitation #: DARPA-BAA-10-83 (Strategic Technologies Office BAA) E-mail: firstname.lastname@example.org – Solicitation #: DARPA-BAA-11-34 (Information Innovation Office BAA) Office of Small Business Programs – Solicitation #: DARPA-RA-11-52 (Cyber Fast Track) Phone: (443)-479-9572 – Solicitation #: DARPA-SN-11-55 (Future Directions in Cyber Security) E-mail: email@example.comCyber S&T PSC Roadmap8 November 2011 Page-11 Distribution Statement A: Approved for public release; distribution is unlimited.
Technology Challenge Summary POC: Dr. Steven E. King Situational Figure is Unclassified Response Awareness Assuring Cyber Mission Effects at Effective Missions Control Scale Agile Autonomic Cyber Cyber Agility Maneuver Operations Fusion Instrumentation Effects Sensing Manipulation Observables Controls Actuation Metrics Resilient Resilient Resilient Algorithms Architectures Infrastructure and Protocols Metrics Trust Trust FoundationsCyber S&T PSC Roadmap8 November 2011 Page-12 Distribution Statement A: Approved for public release; distribution is unlimited.