Homeland Security Advanced Research Projects Agency An Update from Washington – Cybersecurity / R&D Douglas Maughan, Ph.D. Division Director October 30, 2012 http://www.cyber.st.dhs.gov
Environment: Greater Use of Technology, More Threats, Less Resources Anywhere in the Globalization & world in 24 hours Transportation L Tenuous Border Security E balance & Immigration S Violent S Insider Extremism Threat R Low cost Strategic Cyber Domain E of entry potential S O Both sides get Aviation as an Predictive & Nature of to innovate example … Reactive U Innovation R Historical Misuse of C Perspective Technology E S Natural Disasters & Pushing Beyond Design Limits MORE THREATS
September 2012 Cyber Events Chinese Hackers Blamed for Intrusion at Energy Industry Giant Telvent - 09/25/2012 Secret account in mission- critical router opens power plants to tampering Unknown amount of Tiffany & Co. - 9/5/2012 employees‘ account information exposed by unauthorized access Mozilla releases to JPMorgan Chase Bank’s servers patches for more - 9/5/12 than 30 Firefox bugs - 9/1/12 Twitter users dealt malicious links via direct DDoS attacks hit Wells Fargo, messages PNC Bank, U.S. Bancorp - 9/26/12 - 9/27/12 • 3
DHS S&T Mission Guidance Strategic Guidance Homeland QHSR BUR S&T Strategic Security Act 2002 (Feb 2010) (July 2010) Plan (2011) QHSR Pandemics, High Smaller Scale Trafficking, Violent Threats Accidents, Consequence Terrorism Crime Extremism Natural Hazards WMD 1. Preventing terrorism & enhancing security 4. Safeguarding and securing cyberspace Core 2. Securing and managing our borders 5. Ensuring resilience to disasters Missions 3. Enforcing & administering immigration laws HSPD-5 HSPD-9 HSPD-10 HSPD-22 PPD-8 National Defense of Biodefense Domestic National Operational Incident U.S. for the 21 st Chemical Preparedness Management Agriculture Century Defense (2011) Directives System & Food (2004) (2007) (2003) (2004) Prevention, Protection, Mitigation, Response, Recovery
Comprehensive National Cybersecurity Initiative (CNCI) Establish a front line of defense Operational – NPPD and Inter-agency Reduce the Number of Pursue Deployment of S&T – part Deploy Passive Sensors Coordinate and Trusted Internet Automated Defense (S&T supporting NPPD) Across Federal Systems Redirect R&D Efforts of SSG Connections Systems Resolve to secure cyberspace / set conditions for long-term success Develop Gov’t-wide NICE – S&T Connect Current Classified – Intel Community/Inter-agency Increase Security of the Counterintelligence Expand Education Centers to Enhance Classified Networks involved S&T CSD not involved Plan for Cyber Situational Awareness Shape future environment / secure U.S. advantage / address new threats S&T – $18M Define and Develop NIPP -S&T Define and Develop Cyber Security in Inter-agency Programs Enduring Leap Ahead Manage Global Supply FY12 OMB Enduring Deterrence Critical Infrastructure Technologies, Strategies Chain Risk involved S&T CSD not involved Strategies & Programs Domains add & Programs http://cybersecurity.whitehouse.gov
A N ATIONAL P ROBLEM The Nation needs greater cybersecurity awareness and more cybersecurity experts. There is a lack of communication between government, private industry, and academia. Many cybersecurity training programs exist but there is little consistency among programs, and potential employees lack information about the skills needed for jobs. Cybersecurity Career development and scholarships are available but uncoordinated, and the resources that do exist are difficult to find. NICE was established in support of the Comprehensive National Cybersecurity Initiative (CNCI) – Initiative 8: Expand Cyber Education – Interim Way Forward and is comprised of over 20 federal departments and agencies. • 6
Cybersecurity for the 18 Critical Infrastructure Sectors DHS … DHS provides collaborates advice and with sectors alerts to the through Sector 18 critical Coordinating infrastructure Councils (SCC) areas … In the future, DHS will provide cybersecurity for … National Cybersecurity and The .gov and critical .com domains with a mix of: Communications Integration Center (NCCIC) Managed security services is a 24x7 center for production of a common Developmental activities operating picture … Information sharing Linkages to our U.S. – CERT (Computer Emergency Readiness Team)
DHS Cyber Skills Task Force (CSTF) Established June 6, 2012 as Jeff Moss (Co-Chair) ICANN part of the Homeland Security Alan Paller (Co-Chair) SANS Institute Advisory Council Steve Adegbite Lockheed Martin Over 50 interviews (DHS Asheem Chandna Greylock Partners internal and external) Larry Cockell Time Warner, Inc. Robert Gallucci MacArthur Foundation 1. Identify the best ways DHS John Gilligan Gilligan Group can foster the development of a Steven Myers Steven Myers & Associates national security workforce Dr. Michael Papay Northrop Grumman capable of meeting current and Tony Sager National Security Agency future cybersecurity challenges; Nicole Seligman Sony Corporation of America 2. Outline how DHS can improve Michael Steed Paladin Capital Group its capability to recruit and retain Joe Sullivan Facebook that sophisticated cybersecurity Roy Vallee Avnet, Inc. talent. Rita Wells Idaho National Laboratory 8
DHS Cyber Skills Task Force (CSTF) - 1 Objective I: Ensure that the people given responsibility for mission-critical cybersecurity roles and tasks at DHS have demonstrated that they have high proficiency in those areas. Recommendation 1: Adopt and maintain an authoritative list of mission-critical cybersecurity tasks (Page 6). Recommendation 2: Develop training scenarios that enable evaluation of mission-critical cybersecurity talent for each of the mission-critical tasks (Page 9). Recommendation 3: Adopt a sustainable model for assessing the competency and progress of the existing and future DHS mission-critical cybersecurity workforce (Page 10). 9
DHS Cyber Skills Task Force (CSTF) - 2 Objective II: Help DHS employees develop and maintain advanced technical cybersecurity skills and render their working environment so supportive that qualified candidates will prefer to work at DHS. Recommendation 4: Establish a Department-level infrastructure with direct responsibility for the development and oversight of the cybersecurity workforce (Page 12). Recommendation 5: Make the hiring process smooth and supportive and make mission-critical cybersecurity jobs for the federal civilian workforce enticing in every dimension: in mission and service, skills, growth potential, and “total value proposition” (Page 14). 10
DHS Cyber Skills Task Force (CSTF) - 3 Objective III: Radically expand the pipeline of highly qualified candidates for technical mission-critical jobs through innovative partnerships with community colleges, universities, organizers of cyber competitions, and other federal agencies. Recommendation 6: Establish a two-year, community-college- based program that identifies and trains large numbers of talented men and women to prepare them for mission-critical jobs in cybersecurity (Page 17). Recommendation 7: Raise the eligibility criteria for designation as CAE and SFS schools to ensure that graduates are prepared to perform technical critical cybersecurity jobs (Page 19). Recommendation 8: Launch a major, sustained initiative to enhance the opportunities for U.S. veterans to be trained for and hired in mission-critical cybersecurity jobs (Page 21). 11
DHS Cyber Skills Task Force (CSTF) - 4 Objective IV: Focus the large majority of DHS’s near term efforts in cybersecurity hiring, training, and human capital development on ensuring that the Department builds a team of approximately 600 federal employees with mission-critical cybersecurity skills. Recommendation 9: Until 600 employees are on board with mission-critical skills, apply the large majority of direct hire authority related to information technology in the Department to bringing on people with technical mission critical cybersecurity skills (Page 22). Recommendation 10: Specify the mission-critical skills and level of proficiency needed in all cybersecurity-related contracting (Page 23). 12
DHS Cyber Skills Task Force (CSTF) - 5 Objective V: Establish a “CyberReserve” program to ensure a cadre of technically proficient cybersecurity professionals are ready to be called upon if and when the nation needs them. Recommendation 11: Establish a pilot DHS CyberReserve program that ensures DHS cyber alumni and other talented cybersecurity experts outside of government are known and available to DHS in times of need and determine how this program may be implemented long-term (Page 24). 13
DHS S&T Mission Strengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise 1) Create new technological capabilities and knowledge products 2) Provide Acquisition Support and Operational Analysis 3) Provide process enhancements and gain efficiencies 4) Evolve US understanding of current and future homeland security risks and opportunities FOCUS AREAS • Bio • Explosives • Cybersecurity • First Responders 14
Recommend
More recommend