Homeland Security Advanced Research Projects Agency An Update on the Cyber Security R&D Landscape...
-
Upload
angeline-birchfield -
Category
Documents
-
view
213 -
download
0
Transcript of Homeland Security Advanced Research Projects Agency An Update on the Cyber Security R&D Landscape...
Homeland Security Advanced Research Projects Agency
An Update on the Cyber Security R&D Landscape
December 4, 2013
SINET Showcase
Douglas Maughan
Division Director
http://www.dhs.gov/cyber-research
Presenter’s Name June 17, 2003
2007 ITSEF - Opening Doors to the Federal Government 2008 ITSEF Panel - Federal Government Strategic
Investment Funds 2009 ITSEF Panel - Critical Infrastructure 2010 ITSEF Panel - Moving Forward with a Roadmap for
the IT, Banking & Finance and Energy Sectors 2010 Showcase Workshop and 2011 ITSEF Workshop -
Obtaining Federal Research Funding 2011 ITSEF Panel - Partnering Practitioners & Theory -
Creating Centers of Excellence 2012 ITSEF Panel - What are the Key Attributes that Lead
to Successful Technology Transfer? 2012 Showcase Panel - DHS and DoD Efforts at Improving
Cyber Innovation Intake into the Federal Government
Past SINET Participation
2
Presenter’s Name June 17, 2003
Presentation Outline
Threat Space
National / Federal Activities
DHS Activities
Cyber Security Division (CSD) Overview
What’s Ahead
Funding Opportunities
Summary
Q&A
3
Environment: Greater Use of Technology, More Threats, Less Resources
Globalization & Transportation
Natural Disasters & Pushing
Beyond Design Limits
Misuse of Technology
Border Security & Immigration
Cyber Domain
LESS RESOURCES
MORE THREATS
Violent Extremism
Nature of Innovation
Both sides get to innovate
Predictive & Reactive
Aviation as an example …
Low cost of entry
Strategic potential
Anywhere in the world in 24 hours
Historical Perspective
Tenuous balance
Insider Threat
Presenter’s Name June 17, 2003
Cyber Threat Sources Ready to Exploit Weaknesses
Nation States
Hackers/Hacktivists
Cyber Criminals
Insider Threats
Terrorists, DTOs, etc.
Presenter’s Name June 17, 2003
Malware – Malicious software to disrupt computers
Viruses, worms, …
Theft of Intellectual Property or Data
Hactivism – Cyber protests that are socially or politically motivated
Mobile Devices and Applications and their associated Cyber Attacks
Social Engineering – Entice users to click on Malicious Links
Spear Phishing – Deceptive communications (E-Mails, Texts,
Tweets…)
Domain Name System (DNS) Hijacking
Router Security – Border Gateway Protocol (BGP) Hijacking
Denial of Service (DOS) – blocking access to web sites
Others …..6
Cyber Threats
Comprehensive National Cybersecurity Initiative (CNCI)
Reduce the Number of Trusted Internet
Connections
Deploy Passive Sensors Across Federal Systems
Pursue Deployment of Automated Defense
Systems
Coordinate and Redirect R&D Efforts
Establish a front line of defense
Connect Current Centers to Enhance
Situational Awareness
Develop Gov’t-wide Counterintelligence
Plan for Cyber
Increase Security of the Classified Networks Expand Education
Resolve to secure cyberspace / set conditions for long-term success
Define and Develop Enduring Leap Ahead
Technologies, Strategies & Programs
Define and Develop Enduring Deterrence
Strategies & Programs
Manage Global Supply Chain Risk
Cyber Security in Critical Infrastructure
Domains
http://cybersecurity.whitehouse.gov
Shape future environment / secure U.S. advantage / address new threats
Presenter’s Name June 17, 2003
Federal Cybersecurity R&D Strategic Plan
Science of Cyber Security
Research Themes Tailored Trustworthy Spaces Moving Target Defense Cyber Economics and Incentives Designed-In Security (New for FY13)
Transition to Practice Technology Discovery Test & Evaluation / Experimental
Deployment Transition / Adoption / Commercialization
Support for National Priorities Health IT, Smart Grid, NSTIC (Trusted
Identity), NICE (Education), Financial Services
Released Dec 6, 2011http://www.whitehouse.gov/blog/2011/12/06/federal-cybersecurity-rd-strategic-plan-released
10
DHS S&T Mission Guidance
StrategicGuidance
OperationalDirectives
HSPD-5National Incident
Management System(2003)
PPD-8National
Preparedness(2011)
HSPD-22Domestic Chemical Defense(2007)
HSPD-9Defense of
U.S. Agriculture
& Food(2004)
HSPD-10Biodefense for the 21st
Century(2004)
Homeland Security Act
2002
QHSR (Feb 2010)
BUR(July 2010)
1. Preventing terrorism & enhancing security2. Securing and managing our borders3. Enforcing & administering immigration laws
4. Safeguarding and securing cyberspace5. Ensuring resilience to disasters
Prevention, Protection, Mitigation, Response, Recovery
S&T Strategic Plan (2011)
Smaller Scale Terrorism
Trafficking, Crime
Pandemics, Accidents,
Natural Hazards
Violent Extremism
High Consequence
WMDThreats
Core Missions
QHSR
Cybersecurity for the 16 Critical Infrastructure Sectors
Business / Personal Shopping & Banking Point of Sale (in store or on line)
Personnel
Social Media
…
DHS provides
advice and alerts to the 16 critical
infrastructure areas …
… DHS collaborates with sectors
through Sector Coordinating
Councils (SCC)
X X
EO-13636 and PPD-21
In February 2013, the President issued two new policies:
1) Executive Order 13636: Improving Critical Infrastructure Cybersecurity
2) Presidential Policy Directive – 21: Critical Infrastructure Security and Resilience
America's national security and economic prosperity are dependent upon the operation of critical infrastructure that are increasingly at risk to the effects of cyber attacks
The vast majority of U.S. critical infrastructure is owned and operated by private companies
A strong partnership between government and industry is indispensible to reducing the risk to these vital systems
Presenter’s Name June 17, 2003
Integrating Cyber-Physical Security
Executive Order 13636: Improving Critical Infrastructure Cybersecurity directs the Executive Branch to:
Develop a technology-neutral voluntary cybersecurity framework
Promote and incentivize the adoption of cybersecurity practices
Increase the volume, timeliness and quality of cyber threat information sharing
Incorporate strong privacy and civil liberties protections into every initiative to secure our critical infrastructure
Explore the use of existing regulation to promote cyber security
Presidential Policy Directive-21: Critical Infrastructure Security and Resilience replaces Homeland Security Presidential Directive-7 and directs the Executive Branch to: Develop a situational awareness
capability that addresses both physical and cyber aspects of how infrastructure is functioning in near-real time
Understand the cascading consequences of infrastructure failures
Evaluate and mature the public-private partnership
Update the National Infrastructure Protection Plan
Develop comprehensive research and development plan (CSD / RSD)
14
Presenter’s Name June 17, 2003
120 days – June 12, 2013• Publish instructions: unclassified threat information• Report on cybersecurity incentives• Publish procedures: expand the Enhanced Cybersecurity Services
150 Days - July 12, 2013• Identify cybersecurity critical infrastructure• Evaluate public-private partnership models• Expedite security clearances for private sector
240 Days – October 10, 2013• Develop a situational awareness capability • Update the National Infrastructure Protection Plan• Publish draft voluntary Cybersecurity Framework
365 days – February 12, 2014
• Report on privacy and civil rights and civil liberties cybersecurity enhancement risks• Stand up voluntary program based on finalized Cybersecurity Framework
Beyond 365 - TBD
• Critical Infrastructure Security and Resilience R&D Plan
15
C
C
EO-PPD Deliverables
C
Presenter’s Name June 17, 2003
Cybersecurity Framework (NIST lead) Developed in collaboration with industry, provides guidance to an organization on
managing cybersecurity risk Supports the improvement of cybersecurity for the Nation’s Critical Infrastructure
using industry-known standards and best practices Provides a common language and mechanism for organizations to
1. describe current cybersecurity posture;
2. describe their target state for cybersecurity;
3. identify and prioritize opportunities for improvement within the context of risk management;
4. assess progress toward the target state;
5. Foster communications among internal and external stakeholders. Composed of three parts: the Framework Core, the Framework Implementation
Tiers, and Framework Profiles
16
Presenter’s Name June 17, 2003
Cybersecurity FrameworkFunction Category
IDENTIFY
Asset ManagementBusiness EnvironmentGovernanceRisk AssessmentRisk Management
PROTECT
Access ControlAwareness and TrainingData SecurityInformation Protection Processes and ProceduresProtective Technology
DETECTAnomalies and EventsSecurity Continuous MonitoringDetection Processes
RESPOND
CommunicationAnalysisMitigationImprovements
RECOVERRecovery PlanningImprovementsCommunication
17
Presenter’s Name June 17, 2003 18
Areas:
“While these reports do not yet represent a final Administration policy, they do offer an initial examination of how the critical infrastructure community could be incentivized to adopt the Cybersecurity Framework as envisioned in the Executive Order. We will be making more information on these efforts available as the Framework and Program are completed.”
Michael Daniel,Special Assistant to the President and Cybersecurity Coordinator
White House Blog, August 6, 2013
1. Cybersecurity Insurance
2. Grants
3. Process Preference
4. Liability Limitation
5. Streamline Regulations
6. Public Recognition
7. Rate Recovery for Price Regulated Industries
8. Cybersecurity Research
Recommended Incentives
Presenter’s Name June 17, 2003
R&D guidance from PPD-21 Within 2 years, DHS in coordination with OSTP, SSA’s, DOC and other Federal
D&A, shall provide to the President a National Critical Infrastructure Security and Resilience R&D Plan that takes into account the evolving threat landscape, annual metrics, and other relevant information to identify priorities and guide R&D requirements and investments…plan issued every 4 years …updates as needed.
Innovation and Research & Development: DHS in coordination with OSTP, SSA’s, Commerce and other Federal D&A, shall provide input to align those Federal and Federally-funded R&D activities that seek to strengthen the security and resiliency of the Nation’s critical infrastructure, including:
Promoting R&D to enable the secure and resilient design and construction of critical infrastructure and more secure accompanying cyber technology;
Enhancing modeling capabilities to determine potential impacts … and cascading effects;
Facilitating initiatives to incentivize cyber security investments and the adoption of critical infrastructure design features that strengthen all-hazards security and resilience;
Prioritizing efforts to support the strategic guidance issued by the Secretary.
Working Group headed up by DHS S&T
19
Presenter’s Name June 17, 2003
How to Engage National Infrastructure Protection Plan process
Review and comment on Draft Documents www.dhs.gov/eo-ppd Provide input through dialogue on IdeaScale -- http://eoppd.ideascale.com Encourage partners to review and provide input
PPD/EO Integrated Task Force Weekly Stakeholder Bulletin Current status of activities List of upcoming Open Forums, Webinars and other Engagement Opportunities
Contact [email protected] for more information
Also R&[email protected] for R&D plan information, participation
20
21
DHS S&T MissionStrengthen America’s security and resiliency by providing
knowledge products and innovative technology solutions for the Homeland Security Enterprise
1) Create new technological capabilities and knowledge products
2) Provide Acquisition Support and Operational Analysis
3) Provide process enhancements and gain efficiencies
4) Evolve US understanding of current and future homeland security risks and opportunities
FOCUS AREAS• Bio• Explosives• Cybersecurity• First Responders• Resilient Systems• Borders / Maritime
Presenter’s Name June 17, 2003
Cyber Security Focus Areas
Trustworthy Cyber Infrastructure Working with the global Internet community to secure cyberspace
Research Infrastructure to Support Cybersecurity Developing necessary research infrastructure to support R&D community
R&D Partnerships Establishing R&D partnerships with private sector, academia, and
international partners
Innovation and Transition Ensuring R&D results become real solutions
Cybersecurity Education Leading National and DHS cybersecurity education initiatives
22
Presenter’s Name June 17, 2003
Trustworthy Cyber Infrastructure Secure Protocols
DNSSEC – Domain Name System Security Govt and private sector worked together to make this happen Started in 2004; now 111 top level (gTLD) and country code (ccTLD) domains
adopted globally including the Root SPRI – Secure Protocols for Routing Infrastructure
Internet Measurement and Attack Modeling Geographic mapping of Internet resources Logically and/or physically connected maps of Internet resources Monitoring and archiving of BGP route information Co-funding with Australia
23http://www.isi.edu/ant/address/browse/
Presenter’s Name June 17, 2003
Research Infrastructure Experimental Research Testbed (DETER)
Researcher and vendor-neutral experimental infrastructure Used by over 200 organizations from more than 20 states and 17 countries Used by over 40 classes, from 30 institutions involving 2,000+ students
http://www.deter-project.org
Research Data Repository (PREDICT) Repository of network data for use by the U.S.- based cyber security
research community More than 200 users (academia, industry, gov’t); Over 600TB of network data;
Tools are used by major service providers and many companies Phase 2: New datasets, ICTR Ethics, International (CA, AUS, JP, EU)
https://www.predict.org
Software Assurance Market Place (SWAMP) A software assurance testing and evaluation facility and the associated
research infrastructure services
24
Presenter’s Name June 17, 2003
R&D Partnerships Oil and Gas Sector
LOGIIC – Linking Oil & Gas Industry to Improve Cybersecurity
Electric Power Sector TCIPG – Trustworthy Computing Infrastructure for the Power Grid
Banking and Finance Sector FI-VICS – Financial Institutions – Verification of Identity Credential Service DECIDE – Distributed Environment for Critical Incident Decision-making
Exercises (recent Quantum Dawn II exercise)
State and Local PRISEM - Public Regional Information Security Event Management PIV-I/FRAC TTWG – State and Local and Private Sector First Responder
Authentication Credentials and Technology Transition
Law Enforcement SWGDE – Special Working Group on Digital Evidence (FBI lead) CFWG – Cyber Forensics Working Group (CBP, ICE, USSS, FBI, S/L)
25
Presenter’s Name June 17, 2003
International Bilateral Agreements
Government-to-government cooperative activities for 13 bilateral Agreements
S&T International Engagements
• Canada (2004) • Australia (2004)• United Kingdom (2005)• Singapore (2007)• Sweden (2007) • Mexico (2008)• Israel (2008)• France (2008) • Germany (2009) • New Zealand (2010)• European Commission (2010)• Spain (2011)• Netherlands (2013) COUNTRY PROJECTS MONEY IN JOINT MONEY OUT
Australia 3 $300K $400K Canada 11 $1.8M Germany 1 $300K Israel 2 $100KNetherlands 7 $450K $1.2M $150KSweden 4 $650K United Kingdom 3 $1.2M $400KEuropean Union 1 Japan 1
Over $6M ofInternationalco-funding
Presenter’s Name June 17, 2003
CSD R&D Execution Model
• Ironkey – Secure USB– Standard Issue to S&T employees
from S&T CIO– Acquired by Imation
• Komoku – Rootkit Detection Technology
– Acquired by Microsoft• HBGary – Memory and Malware
Analysis– Over 100 pilot deployments as
part of Cyber Forensics• Endeavor Systems – Malware
Analysis tools– Acquired by McAfee
• Stanford – Anti-Phishing Technologies
– Open source; most browsers have included Stanford R&D
• Secure Decisions – Data Visualization
– Pilot with DHS/NCSD/US-CERT; Acquisition
Successes
ResearchDevelopmentTest and Evaluation &Transition (RDTE&T)
Example: DARPA has provided $9M to CSD for development and transition of Military Networking Protocol (MNP) technology and has started discussions for testing and evaluation of Automated Malware Analysis technology
Presenter’s Name June 17, 2003
Transition To Practice (TTP) Program
28
R&D Sources DOE National
Labs FFRDC’s (Federally
Funded R&D Centers)
Academia Small Business
Transition processes
Testing & evaluation
Red Teaming Pilot
deployments
Utilization Open Sourcing Licensing New Companies Adoption by
cyber operations analysts
Direct private-sector adoption
Government use
Implement Presidential Memorandum – “Accelerating Technology Transfer and Commercialization of Federal Research in Support of High-Growth Businesses” (Oct 28, 2011)
A NATIONAL PROBLEM
29
The Nation needs greater cybersecurity awareness and more cybersecurity experts.
There is a lack of communication between government, private industry, and academia.
Many cybersecurity training programs exist but there is little consistency among programs, and potential employees lack information about the skills needed for jobs.
Cybersecurity Career development and scholarships are available but uncoordinated, and the resources that do exist are difficult to find.
NICE was established in support of the Comprehensive National Cybersecurity Initiative (CNCI) – Initiative 8: Expand Cyber Education – Interim Way Forward and is comprised of over 20 federal departments and agencies.
Presenter’s Name June 17, 2003
Cybersecurity Education Cyber Security Competitions (http://nationalccdc.org)
National Initiative for Cybersecurity Education (NICE)
NCCDC (Collegiate); U.S. Cyber Challenge (High School)
Provide a controlled, competitive environment to assess a student’s depth of understanding and operational competency in managing the challenges inherent in protecting a corporate network infrastructure and business information systems.
DHS Cyber Skills Task Force (CSTF) Established June 6, 2012 - Homeland Security Advisory Council
Over 50 interviews (DHS internal and external) Identify best ways DHS can foster the development of a national security
workforce capable of meeting current and future cybersecurity challenges; Outline how DHS can improve its capability to recruit and retain sophisticated
cybersecurity talent.
11 recommendations in 5 key areas
30
DHS Cyber Skills Task Force (CSTF) - Objectives
Objective I: Ensure that the people given responsibility for mission-critical cybersecurity roles and tasks at DHS have demonstrated that they have high proficiency in those areas.
Objective II: Help DHS employees develop and maintain advanced technical cybersecurity skills and render their working environment so supportive that qualified candidates will prefer to work at DHS.
Objective III: Radically expand the pipeline of highly qualified candidates for technical mission-critical jobs through partnerships with community colleges, universities, organizers of cyber competitions, and other federal agencies.
Objective IV: Focus the large majority of DHS’s near term efforts in cybersecurity hiring, training, and human capital development on ensuring that the Department builds a team of approximately 600 federal employees with mission-critical cybersecurity skills.
Objective V: Establish a “CyberReserve” program to ensure a cadre of technically proficient cybersecurity professionals are ready to be called upon if and when the nation needs them.
31
32
ICE Homeland Security Investigations (HSI) Cyber Student Initiative (7/10/13) 36 HSI offices volunteered to participate 291 Applicants of which 203 were Qualified Applicants 27 Candidates Selected (of which 2 declined) – Atlanta,
Baltimore, Boston, Buffalo, Charleston, Charlotte, Chicago, Denver, El Paso, Long Beach, Los Angeles, New York, Orlando, Pensacola, Philadelphia, Phoenix, San Antonio, San Francisco, Savannah, Seattle, DC.
Twenty three (23) candidates employed between July-September 2013
33
Intern Program – Round 1Number of Interns EOD Date College Location
1intern 7/22/13 Chattahoochee Technical College Atlanta, GA1 intern 7/15/13 Anne Arundel Community College Baltimore, MD1 intern Anne Arundel Community College Baltimore, MD1 intern Bunker Hill Community College Boston, MA1intern Westchester Community College Buffalo, NY1 intern Trident Technical College Charleston, NC1 intern Central Piedmont Community College Charlotte, NC
1 intern 7/22/13 Moraine Valley Community College Chicago, IL1 intern Garden City Community College Denver, CO1 intern Community College of Denver Denver, CO1 intern El Paso Community College El Paso, TX1 intern Prince George’s Community College Fairfax, VA (C3)1 intern DeVry University Los Angeles, CA1 intern 7/09/13 New York Institute Technology New York, NY1 intern 7/09/13 SUNY Orange Middletown NY New York, NY1 intern 7/09/13 Valencia College Orlando, FL1 intern Valencia College Orlando, FL1 intern 7/08/13 Pensacola State College Pensacola, FL1 intern Anne Arundel Community College Philadelphia, PA1 intern 7/09/13 Mesa Community College Phoenix, AZ1 intern Alamo Colleges San Antonio, TX1 intern 7/08/13 Diablo Valley College San Francisco, CA1 intern Cochise College San Francisco, CA1 intern Edmonds Community College Savannah, GA1 intern Chattahoochee Technical College Seattle, WA
Presenter’s Name June 17, 2003
White House Priorities – FY14+ Secure Federal Networks
Identity/Credential Access Mgmt (ICAM), Cloud Exchange, Fed-RAMP
Protect Critical Infrastructure Public-Private Cyber Coordination, EO/PPD Initiatives
Improve Incident Response and Reporting Information Sharing among Federal CentersCapacity Building for State/Local/Tribal/Territorial (SLTTs)
Engage Internationally Foreign Assistance Capacity Building Build Workforce Capacity to Support International Cyber Engagement
Shape the Future National Strategy for Trusted Identity in Cyberspace (NSTIC) National Initiative for Cybersecurity Education (NICE) Cybersecurity R&D – EO/PPD R&D Plan, Federal R&D Plan, Transition
To Practice, Foundational Research
34
Presenter’s Name June 17, 2003
Cyber Physical Systems (CPS) “Smart networked systems with embedded sensors, processors
and actuators that are designed to sense and interact with the physical world (including the human users), and support real-time, guaranteed performance in safety-critical applications”
Several workshops over the past year or two Transportation
Automotive, UAVs, Aeronautical, Rail Manufacturing Healthcare Energy Agriculture Defense Emergency Response Others …..
All with an eye towards society, economics, and impact
Future - Inter-Agency: CPS
35
Presenter’s Name June 17, 2003
CSD New Program Ideas Security for Cloud-Based Systems Data Privacy Technologies Mobile Wireless Investigations Mobile Device Security Next-Generation DDOS Defenses Application Security Threat Attack Modeling (ASTAM) Static Tool Analysis Modernization Project (STAMP) Network Reputation and Risk Analysis Data Analytics Methods for Cyber Security Cyber Security Education Designed-In Security Finance Sector Cybersecurity DNSSEC Applications Data Provenance for Cybersecurity Cyber Economic Incentives – based on EO/PPD
36
Programs for U. S. Small Business
Small Business Innovation Research (SBIR)
Set-aside program for small business concerns to engage in federal R&D -- with potential for commercialization
Small Business Technology Transfer (STTR)
Set-aside program to facilitate cooperative R&D between small business concerns and research institutions -- with potential for commercialization
• 2.5%
• .3%
• PHASE I • Feasibility Study • $100K (in general) and 6 month effort (amounts are changing)
• PHASE III• Commercialization Stage• Use of non-SBIR Funds
• PHASE II• Full Research/R&D• $750K and 24 month effort (amounts are changing)• Commercialization plan required
SBIR - A 3 Phase Program
Agency SBIR Differences
Number and timing of solicitations
R&D Topic Areas – Broad vs. Focused
Dollar Amount of Award (Phase I and II)
Proposal preparation instructions
Financial details (e.g., Indirect Cost Rates)
Proposal review process
Proposal success rates
Types of award
Commercialization assistance
And more…………
40
FY04 Cross-Domain Attack Correlation
Technologies (2) Real-Time Malicious Code
Identification (2) Advanced SCADA and Related
Distributed Control Systems (5) FY05
Hardware-assisted System Security Monitoring (4)
FY06 Network-based Boundary Controllers
(3) Botnet Detection and Mitigation (4)
FY07 Secure and Reliable Wireless
Communication for Control Systems (2)
Small Business Innovative Research (SBIR)
FY09 Software Testing and Vulnerability
Analysis (3) FY10
Large-Scale Network Survivability, Rapid Recovery, and Reconstitution (1)
FY11 Mobile Device Forensics (1)
FY12 Moving Target Defense (2) Solid State Drive (SSD) Analysis (1)
FY13 Hybrid Analysis Mapping Software Based Roots of Trust for
Enhanced Mobile Device Security
41
Small Business Innovative Research (SBIR)
Important program for creating new innovation and accelerating transition into the marketplace
Since 2004, DHS S&T Cyber Security has had: 74 Phase I efforts 28 Phase II efforts 4 Phase II efforts currently in progress 10 commercial/open source products available Four acquisitions
Komoku, Inc. (MD) acquired by Microsoft in March 2008Endeavor Systems (VA) acquired by McAfee in January 2009Solidcore (CA) acquired by McAfee in June 2009HBGary (CA) acquired by ManTech in February 2012
42
Cyber Security R&D Broad Agency Announcement (BAA) Delivers both near-term and medium-term solutions
To develop new and enhanced technologies for the detection of, prevention of, and response to cyber attacks on the nation’s critical information infrastructure, based on customer requirements
To perform research and development (R&D) aimed at improving the security of existing deployed technologies and to ensure the security of new emerging cybersecurity systems;
To facilitate the transfer of these technologies into operational environments.
Proposals Received According to 3 Levels of Technology MaturityType I (New Technologies) Applied Research Phase Development Phase Demo in Op Environ. Funding ≤ $3M & 36 mos.
Type II (Prototype Technologies) More Mature Prototypes Development Phase Demo in Op Environ. Funding ≤ $2M & 24 mos.
Type III (Mature Technologies) Mature Technology Demo Only in Op Environ. Funding ≤ $750K & 12 mos.
Note: Technology Demonstrations = Test, Evaluation, and Pilot deployment in DHS “customer” environments
43
DHS S&T Long Range Broad Agency Announcement (LRBAA) 12-07 S&T seeks R&D projects for revolutionary, evolving, and maturing
technologies that demonstrate the potential for significant improvement in homeland security missions and operations
Offerors can submit a pre-submission inquiry prior to White Paper submission that is reviewed by an S&T Program Manager
CSD has 18 Topic Areas (CSD.01 – CSD.18) – SEE NEXT SLIDE LRBAA 12-07 has been extended and closes on 12/31/13 S&T BAA Website: https://baa2.st.dhs.gov Additional information can be found on the Federal Business
Opportunities website (www.fbo.gov) (Solicitation #:DHSS-TLRBAA12-07)
44
CSD.01 – Comprehensive National Cybersecurity Initiative and Federal R&D Strategic Plan topics
CSD.02 – Internet Infrastructure Security CSD.03 – National Research
Infrastructure CSD.04 –Homeland Open Security
Technology CSD.05 – Forensics support to law
enforcement CSD.06 – Identity Management CSD.07 – Data Privacy and Information
Flow technologies. CSD.08 – Software Assurance CSD.09 – Cyber security competitions,
education and curriculum development.
LRBAA Summary Listing CSD.10 – Process Control Systems and
Critical Infrastructure Security CSD.11 – Internet Measurement and
Attack Modeling CSD.12 – Securing the mobile
workforce CSD.13 - Security in cloud based
systems CSD.14 – Experiments – Test and
evaluation in experimental operational environments to facilitate transition.
CSD.15 – Research Data Repository CSD.16 – Cybersecurity Economic
Incentives CSD.17 – Data Analytics – analysis
techniques, visualization, CSD.18 – Tailored Trustworthy Spaces
– trust negotiation, app anonymity
Presenter’s Name June 17, 2003
Summary
Cybersecurity research is a key area of innovation to support our global economic and national security futures
DHS S&T continues with an aggressive cyber security research agenda Working to solve the cyber security problems of our current (and
future) infrastructure and systems Working with academe and industry to improve research tools and
datasets Looking at future R&D agendas with the most impact for the
nation
Need to continue strong emphasis on technology transfer and experimental deployments
Must focus on the education, training, and awareness aspects of our current and future cybersecurity workforce
45
Presenter’s Name June 17, 2003
For more information, visit
http://www.dhs.gov/cyber-researchhttp://www.dhs.gov/st-csd
Douglas Maughan, Ph.D.
Division Director
Cyber Security Division
Homeland Security Advanced Research Projects Agency (HSARPA)
202-254-6145 / 202-360-3170
47