The INFOSEC Research Council

Presentation Transcript

Carl Piechowski

Chair IRC, DOE

Dr. Douglas Maughan

IRC Program Manager, DARPA

John C. Davis

Executive Agent IRC, Mitretek

The INFOSEC Research Council (IRC)

Charter

Informally chartered, government sponsored, voluntary organization

Goals

Facilitate communication and collaboration between participating organizations
Enable knowledgeable and intelligent information security research investments
Increase efficiency and effectiveness of U.S. Government INFOSEC research
Support consolidated identification of high value research targets

The IRC provides an opportunity for participants to:

Discuss critical information security issues
Convey members’ research needs
Describe current research activities and planned research investments
Informally examine concepts and approaches against a body of experience and knowledge

Benefit to members

Helps them to focus their INFOSEC research investments through coordination with other relevant individuals and organizations

Roll

Up

DB

Knowledge Base

Hard

Problems

List

IRC Vision

INFOSEC

Science and Technology

Study Groups

INFOSEC

Research Council

Innovative

Approaches

Funding

Requirements

Fed Labs &

FFRDC

R&D

Participating

Organizations

Warfighter,

National Security,

Homeland Security, and

Civil Agency Needs

Academic

R&D

Industry

R&D

Ideas

Solutions

IRC Background

First organized by NSA R2 in May 1996
IRC activities are sponsored by most of the participating organizations, as led and coordinated by DARPA
U.S. Department of Energy provides the current chairperson

IRC Participants

Representatives from U.S. Government organizations that sponsor information security research
Current Members

DOD: BMDO, DTRA, NCS, DARPA, NSA, OSD
Air Force: AFRL, AFIWC
Army: ARL, CECOM
Navy: NRL, ONR, SPAWAR
Intelligence Community: CIA, NRO, ARDA
Civilian Agencies: DOE, NIST, NSF, FBI, FAA, DOJ, NRC

IRC Activities

Bimonthly meetings

Program discussions
Relevant technical presentations
Review new developments
Events

Developed the INFOSEC “Hard Problems List”
Developing an R&D Database
Developed R&D Summary Report
Created and maintain IRC websites

www.infosec-research.org

Initiate INFOSEC Science and Technology Study Groups (ISTSG)

INFOSEC Science and Technology Study Groups

Studies

Issues of particular import
Issues of shared interest
Benefit from the contributions of recognized experts

Studies Completed

Information Assurance Vision / End State
Malicious Code

Studies Proposed

Self Healing Networks
Technology Transfer
Network Study

Recent Briefings

Institute for Information Infrastructure Protection (I3P) – Michael Vatis, Dartmouth University
National Strategy to Secure Cyberspace – Marcus Sachs, Director for Communication Infrastructure Protection
NIAP Certification of Linux and Security-Enhanced Linux – Tony Stanco, George Washington University
Homeland Security: In Pursuit of the Asymmetric Advantage – Ruth David, Analytic Services, Inc. (ANSER)
The State of Information Security within the Civil Agencies – Keith A. Rhodes, GAO

Recent Briefings

Large Network Security – Dr. Ed Amoroso, AT&T
Know Your Enemy: Modeling and Predicting Hacker Behavior– the Honeynet Project
Fortune 500 Corporate Security – Head of Security of F500 company
"DUSD (S&T)'s Software Protection Initiative" – Jeff Hughes
MAC OS Security -- Shawn Geddis, Apple Federal
Microsoft XP Security – Sean Finnegan, Microsoft

INFOSEC Research Hard Problems List

Why define the “hard problems?”

Identify important roadblocks to effective information security
Guide research program planning
Achieve consensus on identifying especially difficult/persistent information security issues

How was it done?

Discussion and e-mail exchanges among members
Contributions from national experts

What makes INFOSEC problems hard?

Technical factors

Need for COTS solutions
Need for wide deployment of security technology
Need to manage complex, networked systems securely
Need to support dynamic security policy environments
Growing technical sophistication of threats

IT Market and user perception factors

COTS provides more function, less assurance
Declining government influence on COTS information technology
User belief COTS security will suffice

Unrealistic assumptions (e.g. detect new attack)

Design & Development

Secure system composition

High assurance development

Metrics for security

Operational

Intrusion and misuse detection

Intrusion and misuse response

Security of foreign and mobile code

Controlled sharing of sensitive information

Application security

Denial of service

Communications security

Security management infrastructure

Infosec for mobile warfare

IRC’s Hard Problem List

Program R&D Database

Originally in hardcopy:
Now being automated

Each member organization provides R&D summary info
Project records will target:

Summary technical info / URL
Contact information
Non-sensitive budget info
Relationship to Hard Problems list

Benefits: identify resources being applied to hard problems, support gap analysis

R&D Study

Collected information about Federal INFOSEC R&D Programs
Identified key INFOSEC issues facing the U.S.

Fundamental flaws in much of the nation’s deployed information infrastructure that leave systems open to exploitation
Decreasing diversity in the software components of that infrastructure, and diminishing ability to assure that hardware communications paths are diverse, which causes any flaw to be very wide-spread
Lack of effective means for detecting the exploitation of these flaws, both tactically and strategically
Lack of controllable, graduated responses to such exploitations

Synthesized the data
Performed Gap Analysis

IRC Websites -- Overview

Provide the infrastructure for communicating research priorities and sharing research results
Mitretek Systems maintains three IRC websites for various audiences

Public - http://www.infosec-research.org
IRC Meeting Participants
IRC Members

Implemented using open source software
Websites are hosted at Mitretek Systems in Falls Church, VA

IRC Public Website

Only publicly accessible IRC website
Provides an overview of the organization and objectives
Website contents

IRC Charter
Member Organizations
Upcoming Meeting Date and Location
Public Documents

Hard Problems List
IRC Overview (PowerPoint and Word Document)

Contact Information

IRC Meeting Participants Website

Access controlled by username/password
Separate username/password issued for each meeting to all participants
SSL used for encrypted communication
Website contents

Schedule of future meetings
Meeting agendas
Abbreviated minutes -- contents from Closed Sessions are removed
Presentations from Open Sessions

IRC Members Website

Access limited to Federal employees and IPAs
PKI client certificates are used for website authentication
SSL used for encrypted communication
Website contents

Schedule of future meetings
Meeting agendas
Complete minutes
Presentations from all sessions
ISTSG results / Draft documents for review
Calendar of upcoming meetings and conferences
Infrastructure to support the R&D database

Search R&D summary information
Update R&D project information

IRC Benefits

While it is understood that each participating agency will have its own research priorities, the IRC helps identify and organize high priority INFOSEC problem areas and related research opportunities. The IRC: