The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) awarded a total of $5,643,466 across seven organizations to develop new tools to arm researchers with the latest insight and an increased collection of cybersecurity incident data to understand and counter cyberattacks.
“Cybersecurity research and development, and the ability to develop new solutions, will be enhanced significantly by having access to expanded, improved and new types of data resources,” said William N. Bryan, the DHS Senior Official Performing the Duties of the Under Secretary for Science and Technology. “S&T continues to uniquely champion this R&D resource via the IMPACT project.”
The Information Marketplace for Policy and Analysis of Cyber-risk & Trust (IMPACT) project supports the global cyber-risk research community by coordinating and developing real-world data and information-sharing capabilities, including tools, models and methodologies. To accelerate solutions for cyber-risk issues and infrastructure security, IMPACT enables empirical data and information-sharing between and among the global academic, industry and government cybersecurity research and development (R&D) community.
“The value of having a research infrastructure that delivers real-world, largescale and longitudinal data collection, provisioning and analysis to the R&D community is severely underestimated,” said Erin Kenneally, S&T’s IMPACT Program Manager. “Too often such an infrastructure is assumed to exist without deliberate budgeted resources. “IMPACT lowers the barrier to entry for cybersecurity R&D by addressing the operational, legal and administrative costs that otherwise impede scalable and sustainable data-sharing.”
The awards were made through S&T’s Broad Agency Announcement.
- Galois, Inc., Portland, Oregon, was awarded $792,268 to develop a disclosure control system for sensitive IMPACT datasets. The “Framework for Information Disclosure with Ethical Security” effort is a scalable, fine-grained technical disclosure control system. It reduces risk for data providers by keeping non-anonymized data cryptographically secure for its lifetime on the IMPACT platform, thereby incentivizing the contribution of sensitive but valuable R&D data.
- Georgia Institute of Technology, Atlanta, Georgia, was awarded $497,561 to create threat intelligence datasets. The effort—“Real-World, Largescale Network- and Host-Level Threat Intelligence”—will pull significantly from the malware analysis experience of the institution and its researchers to build the datasets and improve the utility of the datasets for use in threat-detection and remediation decision-making.
- Massachusetts General Hospital, Boston, was awarded $950,000 to develop a medical device cybersecurity data repository. This repository, which will be developed through an effort titled “Healthcare Data Generation and Curation for Cybersecurity Analysis,” will enhance cyber protection of hospital clinical environments by providing the data cybersecurity researchers can use to develop monitoring rulesets and tools based on changes in response to threats to medical devices and networks. This knowledge will be broadly applicable in other environments.
- Parsons Government Services, Inc., Pasadena, California, was awarded $749,989 to develop a system to enable organizations to understand their level of exposure to attacks on internet infrastructure due to interconnectedness with other systems. The “Internet Risk Assessment and Mitigation” effort will enable an organization to examine its exposure to internet infrastructure risks in a systemic manner and take actions to mitigate the risks.
- University of California San Diego Center for Applied Data Analysis (CAIDA) was awarded a combined total of $1,499,999 for the effort “Advancing Scientific Study of Internet Security and Topological Stability.” UCSD CAIDA will help researchers counter large-scale internet cyberattacks and incidents by developing datasets that target cybersecurity challenge problems and generating new datasets that reflect immediate threats, vulnerabilities and hazards to the nation’s critical communications infrastructure systems. It also will provide unique Decision Analytics-as-a-Service (DAaaS) capabilities by allowing users to model threats in real time using a web application that is capable of fusing disparate control and data plane resources.
- University of Southern California Information Sciences Institute, Los Angeles, California, was awarded $653,933 to develop new cyberattack datasets. Through this effort—titled “Los Angeles/Colorado Application and Network Information Community”—researchers will create foundational and derived datasets of various types of internet attacks as well as web-based services and installable tools for use by researchers. It will also provide DAaaS, with a combination of web-based services and installable tools for browsing Internet Protocol v4 and packet header data, capture high-speed data and detect internet of things devices.
- University of Wisconsin, Madison, Wisconsin, was awarded a $499,716 contract to create new capabilities to collect and fuse data to support decision analytics for the Homeland Security Enterprise (HSE). Under the “Datasets, Methods and Tools for Internet Security Decision Analytics” effort, the team will collect and provide internet physical infrastructure data, logs from web crawls and intrusion detection system and firewall logs. They also will develop methods to link physical layer maps of the internet with routing configuration and application traffic data to enhance risk analysis and on-demand measurement of the internet that are important to HSE (e.g., outages and attacks).