Ongoing Research and Development
Currently, the Center is involved in the following R&D areas:
- Secure Protocols for the Routing Infrastructure (SPRI)
The National Strategy to Secure Cyberspace (NSSC) calls
out the fact that there are problems with the existing Internet
infrastructure. As a step toward fulfilling its responsibility for
coordinating implementation of the NSSC with respect to the routing
infrastructure, DHS has instituted the Secure Protocols for the
Routing Infrastructure (SPRI) program within the S&T Directorate.
DHS S&T is organizing a series of workshops in the SPRI program to
formulate an approach and a roadmap for securing the BGP protocol in
the Internet routing infrastructure. This workshop series will bring
together people from academia, research institutions, government, and
industry who have a thorough understanding of BGP technology, of BGP
use in the Internet today, and of the business of providing internet
service. Several techniques to secure BGP have been suggested, but
none has won acceptance in terms of completeness, scalability or
deployability. The workshops are intended to come to a consensus of
an acceptable, deployable security technique and a strategy for
deployment.
Back to Top
-
DHS-SRI International Identity Theft Technology Council (ITTC)
The DHS-SRI International Identity Theft Technology
Council (ITTC) is a working forum where experts and leaders from the
government, private, financial, IT, venture capitalist, and academia
and science sectors come together to address the problem of identity
theft and related criminal activity on the Internet.
The ITTC desires to identify proactive IT security solutions and
assist in the acceleration of its development and deployment into the
market place. Seasoned IT security, law enforcement professionals and
representatives from academia and science have strategically aligned
themselves with subject matter experts and organizations to accomplish
this goal. A key component to the success of this public-private
partnership is the ability to actively work with leaders in the
community who are principals of change in an effort to better protect
our communities and corporations from attacks against their critical
infrastructures.
The subject matter experts of the ITTC seek to share information that
will assist in the discovery, due diligence, development and
deployment of next generation technologies best suited to protect our
critical infrastructures and serve our communities. The ITTC is
currently divided into four subcommittees.
- Phishing Report Subcommittee:
The ITTC will produce and distribute a
report that provides an examination of various classes of phishing
attacks and ways in which technology could be deployed to stop
them. Technology-based phishing countermeasures are examined in
detail, using the information flow of a phishing attack as an
organizing principle.
-
Data Sharing and Data Collection Subcommittee:
This subcommittee explores how to best share data on phishing and crimeware
attacks. This information would better enable private industry and
government entities to proactively protect consumers and brand owners.
-
Future Threats Subcommittee:
The subcommittee efforts are focused on emerging online identity theft
techniques. Their emerging threat report is surveying various methods
that phishers might use to enhance their ability to carry out
electronic identity theft activities.
-
Development and Deployment Subcommittee:
An initial study was conducted on how the ITTC fits into the ecosystem
of the identity theft marketplace. It was found that the majority of
organizations addressing identity theft focus either on research,
reporting, education, or policy. This subcommittee will explore how
the ITTC can address an unmet need by focusing on the neglected areas
of test, evaluation, demonstration and commercialization of
technologies.
Back to Top
-
Domain Name System Security Extensions (DNSSEC)
To strengthen the domain name system against attacks, DNSSEC has
been developed to provide cryptographic support for DNS data integrity
and authenticity. DHS sponsors a community-based, international effort
to transition the current state of DNSSEC to large-scale
deployment. In May 2004, two workshops were held in Amsterdam and San
Francisco to build a roadmap and identify difficulties that must be
overcome for widely deploying DNSSEC. See the
DNSSEC deployment working group Web page
for more information.
Back to Top
-
Large Datasets for Cyber Security
DHS is sponsoring an initiative to facilitate the accessibility of
computer and network operational data for use in cyber defense
research and development. The PREDICT (Protected Repository for the
Defense of Infrastructure against Cyber Threats) initiative represents
an important three-way partnership between government, critical
information infrastructure providers, and the security development
community (both academic and commercial), all of whom seek technical
solutions to protect the public and private information
infrastructure. The goal is to bridge the gap between the producers of
security-relevant network operations data and technology developers
and evaluators who can leverage this data to accelerate the design,
production, and evaluation of next-generation cyber security
solutions.
Specifically, PREDICT provides developers and evaluators with
regularly updated network operations data sources relevant to cyber
defense technology development, including sources that are minimally
anonymized, if not entirely uncensored. The data sets will provide
developers timely and detailed insight into cyber attack phenomena
occurring across the Internet, and in some cases will reveal the
effects of these attacks on networks that are owned or managed by the
data producers. A key motivation of PREDICT is to make these
data sources more widely available to technology developers and
evaluators, who today often determine the efficacy of their technical
solutions on anecdotal evidence or small-scale test experiments,
rather than on more comprehensive real-world data.
PREDICT Workshop Presentations, September 27th, 2005.
Back to Top
-
Experiment and Exercise Participation
The S&T Directorate is working with other parts of DHS
and other federal, state, and local government agencies and entities
to demonstrate cyber security research and development capabilities
and results. The Homeland Security Advanced Research Projects
Agency (HSARPA) sponsors and participates in various experiments
and exercises to demonstrate the technical capabilities of advanced
technologies, including research products sponsored by HSARPA and by
other government, educational, and private entities.
The Center facilitates the development and deployment of
technologies that can be brought to bear to significantly improve
information infrastructure security as well as security at the
intersection of the information and other key sectors, to include such
diverse sectors as financial services and process control
systems. The Center participates in exercises that are
primarily geared towards the information infrastructure, such as
Livewire, as well as exercises where information
security is a key component, such as
Determined Promise.
Back to Top
-
Coalition Warrior Interoperability Demonstration (CWID)
The DHS S&T's Cyber Security Research and Development
Center (CSRDC) participated in the
Coalition Warrior Interoperability
Demonstration
(CWID) that completed
on 24 June 2005. CWID is an annual DoD sponsored exercise that
demonstrates innovative information technologies that can be of
immediate benefit to the joint operations community, which includes
civil sector government and allied nation stakeholders. CWID 2004 &
2005 events emphasized Homeland Security (HLS) and Homeland Defense
(HLD) initiatives.
The CSRDC sponsored a trial entitled "Pathways to a
National Cyberspace Security Response System (PNCSRS)." PNCSRS is a
prototype of information infrastructure assurance capability specified
in the National Strategy to Secure Cyberspace. The PNCSRS application
suite was used to: (1) evaluate off-the-shelf technologies that have
the potential be deployed in more advanced NCSRS pilots; (2) to
explore methods of conducting future national scale cyber security
exercises; and (3) to generate ideas for new R&D initiatives. The
trial produced key breakthroughs by demonstrating the fusing of cyber
security information with other operational intelligence through the
DoD's Global Command and Control System (GCCS), and in procedural
approaches to integrate cyber security information in the HLS-HLD
decision making process.
In addition to advancing concepts for a
National Cyberspace Security Response System, the sponsored systems
also provided security monitoring services that discovered incidents
of anomalous network access which were reported to the CWID network
security staff for further investigation. Components integrated in
the DHS trial include the EMERALD network security sensor (SRI
International), the SecureScope security
data visualization application (Secure Decisions), and the Shinkuro secure group
collaboration suite (Shinkuro, Inc.). A final CWID assessment report is expected
to be released by year's end.
Back to Top
- U.S.-Canada Cooperation on Wireless Security
In December 2001, then-Governor Tom Ridge and Canadian Deputy Prime Minister John Manley signed the "Smart Border" Declaration and associated 30-point Action Plan to enhance the security of our shared border while facilitating the legitimate flow of people and goods. The action plan has four pillars: the secure flow of people, the secure flow of goods, secure infrastructure, and information sharing and coordination in the enforcement of these objectives.
In October 2003, then Secretary of Homeland Security Tom Ridge and Canadian Deputy Prime Minister John Manley released their fourth progress report on the Smart Border Action Plan. The report outlines the significant accomplishments in modernizing the Canada-United States border since the signing of the Smart Border Declaration. This includes the completion of negotiations and an agreement in principle on the text of a legally binding bilateral agreement on science and technology cooperation for protecting our shared critical infrastructure and enhancing border security.
As part of this science and technology cooperation, the Center is supporting DHS S&T officials in cooperation projects with their Canadian counterparts. These cyber security projects are focused on secure wireless data communication systems for homeland security agencies on both sides of the border.
Back to Top
-
Testbeds
DHS is working with other government agencies, such as the
National Science Foundation
(NSF), to create testbeds for test and evaluation of cyber security technologies. These testbeds will be used by both HSARPA-funded researchers and the larger cyber security research community to evaluate their research prototypes.
The Center is participating in the coordination of testbed activities to ensure that the test and evaluation needs of HSARPA-sponsored cyber security research are met. When appropriate, the Center may also participate as a testbed site. Currently, the Center is working with the Cyber Defense Technology Experimental Research (DETER) network testbed to coordinate its activities in support of HSARPA cyber security research and development. More information about the DETER testbed is available
here.
Back to Top
