Speaking at the RSA Conference in San Francisco last month, Homeland Security Secretary Kirstjen M. Nielsen previewed the May unveiling of the department’s new cybersecurity strategy and issued a stern warning to cybercriminals. The new DHS Cybersecurity Strategy was released May 15.
To accomplish this new stance, the Department of Homeland Security’s Science and Technology Directorate (S&T) is working in tandem with DHS operational components by conducting research and development in numerous areas that will help strengthen DHS’s ability to detect and defend against cyberattacks.
“I have a news flash for America’s adversaries: Complacency is being replaced by consequences. We will not stand on the sidelines while our networks are compromised. We will not abide the theft of our data, our innovation and our resources. And we will not tolerate cyber meddling aimed at the heart of our democracy,” Nielsen said at the conference.
She added that DHS is adopting a more forward-leaning posture that will bolster the nation’s digital defenses by prioritizing enhancements in risk identification, vulnerability reduction, threat reduction and consequence mitigation. The new plan also included a new focal area: enabling cybersecurity outcomes.
“As the R&D arm of DHS, S&T is working on a wide range of research efforts that will greatly enhance the cybersecurity posture of critical infrastructure systems and the online environment,” said William N. Bryan, Senior Official Performing the Duties of the Under Secretary for Science and Technology. “These research efforts will lead to the development and implementation of new solutions that will make it possible for DHS to achieve the new cybersecurity strategy that Secretary Nielsen outlined in the new DHS Cybersecurity Strategy.”
S&T is conducting several R&D project that support the newly-introduced strategy.
1. Risk Identification
“We must be more aware of vulnerabilities built into the fabric of the internet and other widespread weaknesses …We must also prioritize securing essential functions across sectors, including those executed through multiple assets and systems,” Secretary Nielsen said in her RSA Conference remarks.
S&T’s Application of Network Measurement Science (ANMS) project is developing innovative technologies that will provide the capability to identify, classify, report, predict, provide attribution and potentially mitigate network/internet disruptive events. Additionally, the Next Generation Cyber Infrastructure Apex program is addressing the cyber challenges facing America’s critical infrastructure sectors, enabling these essential entities to operate effectively even in the face of sophisticated, targeted cyberattacks.
2. Vulnerability Reduction
“Looking out five years, DHS aims to have far greater awareness of dangerous threats before they hit our networks … to dismantle major illicit cyber networks in minutes, not months … and to be faster, smarter and more effective in responding to incidents,” Secretary Nielsen said.
Among S&T’s many projects supporting this area is the Critical Infrastructure Design and Adaptive Resilient Systems project, which develops the technical basis and analytical tools needed to support cross-sector cybersecurity risk assessments. It also identifies standards of practice to support the expanded use of risk methodologies for cyber and physical systems and resource planning.
Separately, the Cybersecurity for the Oil and Gas Sector project undertakes collaborative R&D efforts to improve the level of cybersecurity in critical systems of interest to the oil and natural gas sector. These projects are driven by the Critical Infrastructure Security and Resilience Research and Development Implementation Plan, which outlines federal R&D priorities and activities to strengthen critical infrastructure security and resilience.
3. Threat Reduction
This area is focused on reducing cyber-threats by countering transnational criminal organizations and sophisticated cyber-criminals.
Among S&T’s many projects supporting this area is the Anonymous Networks and Currencies and Cyber Forensics projects, which are developing cost-effective and novel solutions to aid law enforcement agencies in their investigations of criminal activity in these areas. S&T also offers Autopsy, an open-source, digital forensics platform and iVe, a vehicle navigation infotainment system forensics tool used by law enforcement agencies worldwide. Autopsy determines how a digital device was used in a crime and recovers evidence, and is enhanced with the addition of several new capabilities requested by law enforcement. The iVe technology is a digital forensics toolkit that obtains digital evidence from vehicle navigation and infotainment systems. This technology is currently supported in more than 10,000 vehicle models.
Also, S&T’s Network System Security program is comprised of the previously mentioned ANMS, Distributed Denial of Service Defense and Federated Security projects, all of which are working on solutions to secure IT networks and emergency response networks from cyberattacks.
4. Consequence Mitigation
In the new plan, this focus is described as minimizing consequences from potentially significant cyber incidents.
To make it harder for cybercriminals to hack networks and systems, S&T’s Cyber Physical System Security project is helping ensure security considerations are added into the design of cyber physical systems, such as the Internet of Things, while they are being built. Also, S&T is working closely with the National Institute of Standards and Technology on its Global Cities Team Challenge (GCTC) to raise awareness for cybersecurity and privacy needs in emerging “smart cities” systems. The Smart and Secure Cities and Communities Challenge is encouraging GCTC participants to adopt designed-in cybersecurity for “smart city” systems that are more secure, reliable, resilient and protective of privacy.
5. Enable Cybersecurity Outcomes
This pillar talks about prioritizing DHS cybersecurity R&D and tech transition plus expanding international cooperation to ensure an open, interoperable, secure and reliable internet.
S&T’s Transition to Practice Program is leading the effort to transition government-funded cybersecurity technologies to the marketplace. Earlier this month, the program announced its 20th transition, which equals half the technologies enrolled in the transition-to-market program.
On the international front, S&T enjoys a range of international partnerships on many issues, including cybersecurity. Next month, S&T will award its first international awards to U.S.-Dutch research teams that will be working on Distributed Denial of Service Defense and Industrial Control Systems/Supervisory Control and Data Acquisition projects. S&T also has cybersecurity-focused partnerships with more than 20 countries and international organizations that includes Great Britain, Israel, Australia, New Zealand, Canada and the European Union.
Supporting all cyber research and development efforts
Supporting each of the aforementioned projects and in fact all S&T cybersecurity R&D projects is the Cybersecurity Research Infrastructure program, which is comprised of the Information Marketplace for Policy and Analysis of Cyber-risk & Trust and Experimental Research Testbed. The former supports the global cyber-risk research community by coordinating and developing real-world data and information-sharing capabilities including tools, models and methodologies, while the latter enables cybersecurity researchers to run their advanced defense solutions safely against live threats on a “virtual internet” without endangering other research or the larger internet.
These research areas represent only a handful of S&T’s cybersecurity R&D projects. Read the 2018 Cybersecurity Portfolio Guide and view the cybersecurity projects page to see the breadth of S&T’s research reach. Additionally, at RSA, S&T demonstrated 13 mature, transition-ready cybersecurity solutions from across its broad R&D portfolio.