Cyber Security Experiments and Pilots
Technology transfer from the lab to the marketplace is a vital and unique aspect of S&T’s Cyber Security Division’s R&D efforts. The DHS CIO, FLETC, National Cyber Security Division (NCSD), and other operational components need experimental deployment opportunities to investigate operational capabilities of new technologies. The Cyber Security Experiments and Pilots Project provides a platform for experimentation, testing, evaluation and operational deployment to facilitate technology transfer. Experiments and pilots allow for technologies developed at S&T to be tested and evaluated in operational environments and provide feedback for performers and vendors. Not only does this facilitate technology transfer, but the feedback also allows DHS components to refine their requirements and ultimately make their infrastructure more secure. Examples of previous successful experiments and pilots include the Cyber Scenario Modeling And Reporting Tool (CyberSMART) and the Public Regional Information Security Event Management (PRISEM) system which utilized an S&T funded Botnet Detection and Mitigation tool.
Cyber Scenario Modeling And Reporting Tool (CyberSMART)
CyberSMART is a Web-based tool that allows a distributed team of cyber exercise scenario developers and subject matter experts to efficiently collaborate. Using the tool, team members may securely capture cyber exercise objectives, scenarios, and gamespace information, which can then be used to create scenario events. CyberSMART also enables users to generate and manipulate scenario timelines and export Master Scenario Event Lists of visible scenario effects in a variety of formats.
In a pilot project, CyberSMART was used in the Commonwealth of Massachusetts’s first cyber exercise—called “Mass-Attack”—which was designed to test communications and operational and command and control policies, procedures, and practices. Mass-Attack resulted in the identification of findings and recommendations for next steps. Exercise officials were able to determine the need for (1) increased communications, (2) clearly define roles and responsibilities, and (3) increased cyber education and training.
The CyberSMART tool meets the requirements of the U.S. Department of Homeland Security’s National Cyber Security Division and is under consideration for inclusion in the Homeland Security Exercise and Evaluation Program (HSEEP). In 2012, CyberSMART will be used in a National FEMA Exercise.
Public Regional Information Security Event Management (PRISEM)
The PRISEM system was designed to address gaps in capabilities between federal and local government entities, by extending a concept common to corporate IT organizations, managed security services, into the local government sector.
In a pilot project with the City of Seattle, PRISEM leveraged another S&T-developed Botnet Detection and Mitigation Tool. Botnets are surreptitiously installed from worms, Trojan horses, or backdoors which allow remote access and control to a user’s system. The Botnet Detection Suite mitigates botnets through the understanding of the complete botnet life-cycle rather than a single botnet feature. Based on the theory that no single detection approach will successfully mitigate the threat of botnets, the system detects bot behavior rather than specific bot symptoms. This more comprehensive approach means quicker detection and adaptability as attackers attempt to evade the system. The PRISEM system, which is designed to monitor logical security events over multiple public entities in a metropolitan region, is improving the security of Washington State’s inter-governmental networks.