1 / 14

Innovation Partnerhsip Models with the Finance Sector

Dept. of Homeland Security Science & Technology Directorate. Innovation Partnerhsip Models with the Finance Sector. NCDI Workshop BITS, Washington, DC October 29, 2009. Douglas Maughan, Ph.D. Branch Chief / Program Mgr. douglas.maughan@dhs.gov 202-254-6145 / 202-360-3170.

fergal
Download Presentation

Innovation Partnerhsip Models with the Finance Sector

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dept. of Homeland Security Science & Technology Directorate Innovation Partnerhsip Models with the Finance Sector NCDI Workshop BITS, Washington, DC October 29, 2009 Douglas Maughan, Ph.D. Branch Chief / Program Mgr. douglas.maughan@dhs.gov 202-254-6145 / 202-360-3170

  2. Science and Technology (S&T) Mission Conduct, stimulate, and enable research, development, test, evaluation and timely transition of homeland security capabilities to federal, state and local operational end-users.

  3. Examples of Partnership Models • LOGIIC – Linking Oil and Gas Industry to Improve Cybersecurity • PPISC-ES – Payment Processing Information Sharing Council – Enhance Security Working Group • DECIDE – Distributed Exercises • TCIP – Trustworthy Cyber Infrastructure for Power • S2ERC – Security and Software Engineering Research Center • I3P – Institute for Information Infrastructure Protection • SIF – System Integrator Forum • ITSEF – IT Security Entrepreneur Forum

  4. History • ChevronTexaco approached DHS in March 2004 about possible opportunities to secure O&G cyber infrastructure • Ensuing discussions determined that this should be done sector-wide • Convened workshop in July 2004 in Washington, DC • Outcome of meeting was to determine if it was possible for government and industry to work together to (a) establish a SCADA testbed and (b) determine a working model for future research and development activities.

  5. History (cont’d) • Industry partners agreed on technical project focus • April 2005 • Project officially started July 1, 2005 • Invited technology providers to show capabilities • Aug-Sept 2005 • Industry selected winning candidates • Project presented to O&G industry - Sept. 11, 2006 • Captured in LOGIIC DVD

  6. Partnership • Project LOGIIC is a model for government-industry technology integration and demonstration efforts to address critical R&D needs • Industry contributes • Requirements and operational expertise • Project management • Product vendor channels • DHS S&T contributes • National Security Perspective on threats • Access to long term security research • Independent researchers with technical expertise • Testing facilities

  7. AttackIndicationsand Warnings ExternalEvents LOGIICCorrelationEngine ProcessControlNetwork BusinessNetwork Overview • Opportunity: Reduce vulnerabilities of oil & gas process control environments by correlating and analyzing abnormal events to identify and prevent cyber security threats • Approach: • Identify new types of security sensors for process control networks • Adapt a best-of-breed correlation engine to this environment • Integrate in testbed and demonstrate • Transfer technology to industry

  8. Project ExecutionTechnology Integration Model (TIM) Integration Definition Phase Integration Execution Phase Integration Validation Phase Solution Identification Phase

  9. Project ExecutionTechnology Advancement Model (TAM) Advancement Definition Phase Advancement Execution Phase Advancement Validation Phase Solution Definition Phase

  10. LOGIIC Consortium - NOW DHS S&T ISA Automation Federation (AF) CRADA Oil & Gas Sector Participating Companies DHS PCII Project #1 Project #2 Project #3 Project #4 Project #N Competitive Labs Vendors Researchers

  11. DECIDE (Distributed Environment for Critical Infrastructure Decision-making Exercises) • Enable enterprise decision-makers to think through responses to operational disruptions of market-based transactions across networks - Sector(s), Market(s), Institution(s) • Provide a dedicated exercise capability for several critical infrastructures in the U.S. • Enterprises will be able to initiate their own large-scale exercises, define their own scenarios, protect their proprietary data, and learn vital lessons to enhance business continuity, all from their desktops • The concept has been reviewed by and developed with input from experts at ChicagoFIRST, the Options Clearing Corporation, ABN-AMRO, Eurex, Archipelago, Bank of New York, and CitiBank. • The Financial Services Sector Coordinating Council R&D Committee has organized a user-group of subject matter experts (SMART team) paid by their respective financial institutions to support the project over the next three years.

  12. Current TCIP Scale of Effort $1.5 M per year for 5 years Funded by National Science Foundation With additional support from Department Of Energy, Department of Homeland Security 4 universities, 20 senior investigators University of Illinois at Urbana-Champaign Washington State University Cornell University Dartmouth University 35 Graduate and Undergraduate Students Industry advisory board (35 owners, operators, vendors)

  13. Questions that need Answers • What do you really want to do? • More formally organize information sharing and someone own it? • Known technology exploration and evaluation? • New R&D to support finance sector? FSSCC R&D Agenda • What do you really think the government’s role is (depends on the answer to the first question)? • What “formal agreements” do you have and do you believe you need others? • Are all of the “stakeholders” present? If not, do they need to be? If they’re not, can you still succeed? • Do you plan to put money on the table to accomplish what you want? Will everyone contribute equally? • Tons of others – anti-trust, liability, IPR, etc.

More Related