Experiments and Competitions

Cyber Scenario Modeling And Reporting Tool (CyberSMART)

Background

The Nations information infrastructure is comprised of a diverse collection of private and public information systems that support our national critical infrastructures. In order to prepare for an actual incident, cyber exercises are an effective tool used to assess preparedness and to identify areas for improvement without incurring the consequences of an actual incident.

Cyber exercises require the participation of a variety of organizations from public and private sectors. Currently, there is a lack of technology to assist exercise planners in developing cyber security exercise scenarios for use in cyber training for incident response teams.

Technology Implementation

The Cyber Scenario Modeling and Reporting Tool (CyberSMART) is a Web-based tool that allows a team of cyber exercise scenario developers and subject matter experts at varying locations to efficiently collaborate on issues related to the development of an Exercise Scenario within the correct parameters. Using the tool, team members may securely capture cyber exercise objectives, scenarios, and gamespace information, which can then be used to create scenario events. CyberSMART also enables users to generate and manipulate scenario timelines and export Master Scenario Event Lists information of visible scenario effects in a variety of formats.

In a pilot project, CyberSMART was used in the Commonwealth of Massachusetts first cyber exercise called Mass-Attack, which was designed to test communications, operational, command and control policies, procedures, and practices. The tool meets the requirements of the U.S. Department of Homeland Securitys National Cyber Security Division and is under consideration for inclusion in the Homeland Security Exercise and Evaluation Program (HSEEP).

Significant Impact

CyberSMART reinforces the HSEEP exercise planning guidance and can be used for many different exercise typesincluding workshops, tabletops, drills, and functional exercises. CyberSMART assists in the development of a storyboard that features engaging, plausible cyber events that challenge exercise participants while simultaneously satisfying exercise objectives. The lessons learned from a cyber exercise can identify where cyber vulnerabilities exist and ways to remediate them.

DHS Secure Wireless Access Pilot (DSWAP)

Background

Wireless technologies are pervasive and show no signs of disappearing. Although the underlying communication medium of wireless is open to intruders, government and industry are actively developing innovative ways to offset these risks. Fueled by the lessons learned during the integration of wired networks and those garnered during the early adoption of wireless, the maturation of wireless is occurring rapidly.

The ability for U.S. Department of Homeland Security (DHS) personnel to use a variety of private and public access networks to securely conduct business provides benefits such as portability and flexibility, increased productivity, and lower overall cost of ownership. However, most networks use basic wireless security that relies on a combination of Service Set Identifier (SSIDs), open authentication, static Wired Equivalency Privacy (WEP) keys, Media Access Control authentication, or Wi-Fi Protected Access/Wi-Fi Protected Access 2 Pre-Shared Key (WPA/WPA2 PSK). None of these sufficiently protects DHS-sensitive data. Therefore, technology is needed to transmit dataincluding sensitive informationacross these public wireless systems in a manner that sufficiently protects the data against eavesdropping via any of the commonly available packet analysis and sniffing tools.

Technology Implementation

The DHS Secure Wireless Access Pilot (DSWAP) demonstrates a way to securely connect to DHS networks using the public wireless infrastructure, which is available at many locations and commonly known as hot spots. Additionally, DSWAP leverages the existing DHS software operating system images on notebook computers to access existing major infrastructure elements. All elements of DSWAP make extensive use of fully-ratified industry standards, technologies, protocols, and signaling mechanisms commonly accepted as best practices. The goal is to provide a mobile DHS user with secure remote access service. The DSWAP technology incorporates multiple security components, including screen privacy filters, encrypted hard drives, traffic monitoring software, firewall and anti-virus protection, wireless policy managers, and RSA token authentication.

In a pilot program, the DHS S&T Chief Information Office (CIO) employed DSWAP when using public networks to securely connect to DHS networks. The pilot lasted for 5 weeks and incorporated over 40 users. Currently, it is begin decided whether or not this technology will be deployed operationally within DHS S&T and also at DHS Headquarters. A second pilot will be held in 2010 at the Federal Law Enforcement Training Center (FLETC) in Georgia.

Significant Impact

The DSWAP technology will allow DHS mobile users to securely connect to DHS networks. This will allow a wider range of access for users and increase productivity when outside of their normal work environment.