1 / 14

A Scientific Research and Development Approach to Transform Cyber Security

A Scientific Research and Development Approach to Transform Cyber Security. A Report Prepared for the Department of Energy Charlie Catlett, CIO, Argonne National Laboratory On behalf of the Cyber Security Community (DOE Laboratories, Universities, Industry participants) December 2008.

winda
Download Presentation

A Scientific Research and Development Approach to Transform Cyber Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A ScientificResearch and Development Approach to TransformCyber Security A Report Prepared for the Department of Energy Charlie Catlett, CIO, Argonne National Laboratory On behalf of the Cyber Security Community (DOE Laboratories, Universities, Industry participants) December 2008 A Scientific Research and Development Approach To Cyber Security December 2008 Submitted to The Department of Energy

  2. Background (Context) Source: C. Catlett, c@anl.gov • DOE Executive Cyber Security Discussions • DOE SC, OCIO, Lab directors and Lab CIOs met several times in “summits” in late 2007. • Working groups formed to look at various aspects of DOE cyber security from current practice to R&D. • R&D “Working Group” • Initial discussions with Strayer and Polansky (10/07) • Follow-up discussion with Orbach (11/07) • Outlined science-based cyber security vision • Orbach requested a report from the community

  3. Background (Actions) Source: C. Catlett, c@anl.gov • Workshops • Two open workshops in 2008 involving 100 participants from industry, academia, and labs. • Multiple topical white papers created • Organized parallel classified discussions • Inter-agency TS/SCI workshop (8/08) • Fifteen agencies represented; Hosted at Forrestal • Discussed focus areas and needs of various agencies • Interest in collaborating; greater interest in using results • This Plan • First draft October 2008 • Review and writing workshop (Oct) • Reviews from experts in industry, academia, gov’t (Nov)

  4. Cyber Defense Today Source: C. Catlett, c@anl.gov • Mathematics and Computational Science • Largely unexplored by cyber security community • Architecture is Anachronistic • Inherent trust among components • Passive data • Policy is Reactive and Tactical • Defense against specific, previous tactics • Underlying model (layered defense) awkward

  5. A National Priority • PITAC (2005) • “Cyber Security: A Crisis of Prioritization” • “broad failure to invest” in “fundamental research in civilian cyber security.” • PCAST (2007) • “The ability to design and develop secure… systems is a national priority.” • NSTC (2008) • “special focus and prioritization are needed to respond to current national networking security concerns.” Source: C. Catlett, c@anl.gov

  6. The Department of Energy Source: C. Catlett, c@anl.gov • Unique Requirements • National-scale civilian and classified infrastructure • Classified and Unclassified assets and programs • International science communities • Unique Strengths • National Laboratories with strong multi-disciplinary programs and rich academic and industry collaborations • Leadership computing facilities and expertise • Mathematics and Computational Science programs coupled with Leadership Class facilities.

  7. Three Focus Areas Data Observations Visualizing a collection of transmission system lines Indicators Behaviors Indicators assessed to gauge threat Incoming data processed to infer observations Observations processed to infer indicators “Connecting the Dots” Information MathematicsPredictive Awareness for Secure Systems InformationSelf-Protective Data and Software PlatformsTrustworthy Systems from Untrusted Components Leverage Office of Science Culture, Strengths, History • Bridge between research and application in operational national-scale infrastructure • Peer-review and prioritization synergized across classified & unclassified research • Multidisciplinary and multi-agency collaboration to maximize intellectual capital • Rich, proven approach with multiple R&D models and national-scale instruments and user facilities Source: C. Catlett, c@anl.gov

  8. Mathematics: Predictive Awareness for Secure Systems Data Observations Visualizing a collection of transmission system lines Indicators Behaviors Indicators assessed to gauge threat Incoming data processed to infer observations Observations processed to infer indicators “Connecting the Dots” • Create capabilities to examine system or network behavior to anticipate failure or attack, including real-time detection of anomalous activity and adaptive “immune system” response. • Requires a deeper understanding of complex applications and systems, appropriate architectures, techniques, and processes – using data-driven modeling, analysis, and simulation. • Leverages DOE programs in mathematics and computational science, and leadership computing expertise and facilities. Predictive Awareness through modeling Complex, Large-Scale Systems “…meteorology provides proof that complex, evolving, large-scale systems are amenable to mathematical analysis and that the network-security community need not necessarily restrict itself to the (probably oversimplified) models now in the literature.” Workshop on Scalable Cyber-Security Challenges in Large-Scale Networks: Deployment Obstacles, Interagency Working Group for IT R&D, March 2003. Source: C. Catlett, c@anl.gov

  9. Information: Self-Protective Data and Software • Create “active” data systems and protocols to enable self-protective, self-advocating, and self-healing digital objects. • Requires data provenance and related research to provide information integrity, awareness of attributes such as source, modification, trace back, and actors; and mechanisms to enforce policy concerning data confidentiality and access. • Leverages DOE leadership in, and mission requirements for, protection of classified and/or controlled information (data, software) and analysis and stewardship of large-scale scientific data sets for international experiments. Information Self-Protective Data and Software Source: C. Catlett, c@anl.gov

  10. Platforms: Trustworthy Systems from Untrusted Components • Create mechanisms for specifying and maintaining overall trust properties for operating environments and platforms. • Requires techniques for quantifying and bounding security and protection, integrity, confidentiality, and access in the context of a “system” comprised of individual components for which there are varying degrees of trust. • Leverages DOE expertise in hardware and software systems architecture, operating systems, and secure build and test facilities. Trustworthy Systems from Untrusted Components Source: C. Catlett, c@anl.gov

  11. Focus Areas in Context PITAC (2005) PCAST (2007) MathematicsPredictive Awareness for Secure Systems Authentication Technologies Comprehensive analysis of potential system-level vulnerabilities to inform the design of inherently secure NIT systems Secure Fundamental Protocols Secure Software Engineering & Software Assurance Holistic System Security InformationSelf-Protective Data and Software Generation of the fundamental building blocks for the development of secure NIT systems Monitoring & Detection Mitigation & Recovery Methodologies Cyber Forensics: Catching & Deterring Criminal Activities PlatformsTrustworthy Systems from Untrusted Components Modeling & Testbeds for New Technologies Usability and related social sciences, because progress in improving the security of NIT systems also involves altering user behavior.” Metrics, Benchmarks, & Best Practices Non-Technology Issues that Compromise Cyber Security Source: C. Catlett, c@anl.gov

  12. DOE: Uniquely Positioned Source: C. Catlett, c@anl.gov

  13. Recommendations (1 of 2) Source: C. Catlett, c@anl.gov • Focus Areas to Harness DOE Strengths • Mathematics: Predictive Awareness for Secure Systems • Leadership computing, mathematics, and computational science programs – cyber security as a computational science and engineering challenge leveraging INCITE. • Information: Self-Protective Data and Software • Computer science, computer architecture programs to explore novel approaches to active data. • Platforms: Trustworthy Systems from Untrusted Components • System software and architecture programs to pursue new operating system, distributed application, and platform architectures harnessing state-of-the-art such as multicore.

  14. Recommendations (2 of 2) Source: C. Catlett, c@anl.gov • Programmatic Considerations • SciDAC-scale multidisciplinary teams • “X-Prize” style – clear targets, broad competition • Beyond the “usual suspects” • Facilitate many “failures” to find diamonds in the rough (aggressive program leadership/management) • Proactive research collaboration with industry, other agencies (NSF, DHS) and DOE programs. • Harness Leadership Computing, data analysis, and related infrastructure. • Support computational science (modeling and simulation) as well as nearer term needs such as sensor data analysis and intensive software vulnerability testing (e.g. “a software wind tunnel”)

More Related