Cybersecurity & Cyber Defense Research

Active Cyber Defense – A Hotbed of Research and Development

One way you can evaluate what’s trending in information technology and what’s not is looking over what is happening in R&D. Since the US federal government is one of the biggest spenders in R&D, you can begin to find out what is going on by investigating the Networking and Information Technology Research and Development (NITRD) Program. NITRD is the Nation’s primary source of Federally funded work on advanced information technologies in computing, networking, and software. It defines strategic plans and priorities for R&D as well as performs a coordination function to maximize R&D output and avoid redundant efforts.

The NITRD supplement to the President’s Budget for fiscal year 2015 came out last March. The President’s FY 2015 budget request for the NITRD Program is $3.8 billion. One of the priority areas for this budget is Cybersecurity and Information Assurance Research and Development (CSIA). CSIA represents 19% of the total budget request or about $720M. For more details on this budget supplement see here.

Within the overall NITRD program, CSIA focuses on research and development to detect, prevent, resist, respond to, and recover from actions that compromise or threaten to compromise the availability, integrity, or confidentiality of computer- and network-based systems. These systems provide the IT foundation in every sector of the economy, including critical infrastructures such as power grids, financial systems, and air-traffic-control networks. These systems also support national defense, homeland security, and other Federal missions. Broad areas of emphasis include Internet and network security; security of information and computer-based systems; approaches to achieving hardware and software security; testing and assessment of computer-based systems security; reconstitution of computer-based systems and data; and resilience against cyber-attacks on computer-based systems that monitor, protect, and control critical infrastructure.

Key agencies involved in the CSIA program element include: AFOSR, AFRL, ARL, ARO, DARPA, DHS, DoD (CERDEC), DOE/OE, NIST, NSA, NSF, ONR, and OSD. Other participants include DOT, IARPA, NRC, ODNI, and Treasury.

So the question is – where does Active Cyber Defense fit into this equation? The answer is – significantly.

Changes to your cybersecurity landscape

Inducing Change Through Active Cyber Defense

The CSIA Strategic Plan defines four areas for prioritizing research and development activities:

1. Inducing Change – Utilizing game-changing themes to direct efforts toward understanding the underlying root causes of known threats with the goal of disrupting the status quo; the research themes include Moving Target, Tailored Trustworthy Spaces, Designed-In Security, and Cyber Economic Incentives

2. Developing Scientific Foundations – Developing an organized, cohesive scientific foundation to the body of knowledge that informs the field of cybersecurity through adoption of a systematic, rigorous, and disciplined scientific approach

3.  Maximizing Research Impact – Catalyzing integration across the research themes, cooperation between governmental and private-sector communities, collaboration across international borders, and strengthened linkages to other national priorities, such as health IT and Smart Grid

4. Accelerating Transition to Practice – Focusing efforts to ensure adoption and implementation of the new technologies and strategies that emerge from research and activities to build a scientific foundation so as to create measurable improvements in the cybersecurity landscape

In addition to the Strategic Plan, DoD agencies prioritize research investments to advance their cyber-supported war-fighting capabilities. To do this, they have added a fifth element to their R&D efforts called “Assuring the Mission.” This program element focuses on developing technologies to be aware of missions and threats, compute optimal assurance solutions, and implement protection as needed via mission agility or infrastructure reinforcement.

The Inducing Change and DoD’s Assuring the Mission activities sound pretty relevant from an Active Cyber Defense perspective. Digging deeper into the highlights of these activities we find that the Tailored Trustworthy Spaces theme involves R&D to “enable flexible, adaptive, distributed trust environments that can support functional and policy requirements arising from a wide spectrum of user activities in the face of an evolving range of threats.” That sounds like a perfect match for Active Cyber Defense.

It gets even better with the Moving Target theme: “Develop capabilities to create, analyze, evaluate, and deploy mechanisms and strategies that are diverse and that continually shift and change over time to increase complexity and the cost for attackers, limit the exposure of vulnerabilities and malicious opportunities, and increase system resiliency.” Among some of the specific programs for this theme are:

  • Embedded System Resiliency and Agility – AFRL
  • Configuration-Based Moving Target Defense – AFRL
  • Cyber Maneuver – ARL
  • Adaptive Cyber Defense MURI – ARL
  • Cyber Agility Program – AFRL
  • Moving Target Defense Program – DHS
  • Proactive and Reactive Adaptive Systems – NSA
  • Security Automation and Vulnerability Management – NIST
  • Robust Autonomic Computing System – ONR
  • Active Repositioning in Cyberspace for Synchronized Evasion (ARCSYNE) – AFRL
  • Morphing Network Assets to Restrict Adversarial Reconnaissance (Morphinator) – ARL, ARO, and CERDEC
  • Defensive Enhancements for Information Assurance Technologies (DEFIANT) – ARL, ARO, and CERDEC
  • Clean-slate design of Resilient, Adaptive, Secure Hosts (CRASH) and Mission-Oriented Resilient Clouds (MRC) Programs – AFRL, DARPA
  • Autonomic Cyber Agility – OSD

Also, ONR is leading some key Active Cyber Defense-related efforts for the cyber information infrastructure that involve “resilient autonomic computing, dynamically reconfigurable computing systems, data science, data security, tactical cloud, self-aware/mission-aware/self-reconfigurable dynamic networked sensing, automated cyber C2, automated courses of action generation, and synergistic integration of network sensing, reasoning and control for intelligence-driven information assurance and cyber-physical system defense via automation and machine situational awareness,” to mention just some.

Wow, that sounds like a lot of Active Cyber Defense, and it is. Finally, the Designed-in Security theme caps if off by its focus on “developing capabilities to design and evolve high-assurance, software-intensive systems predictably and reliably while effectively managing risk, cost, schedule, quality, and complexity. Create tools and environments that enable the simultaneous development of cyber-secure systems and the associated assurance evidence necessary to prove the system’s resistance to vulnerabilities, flaws, and attacks.” Included in this theme are some foundational elements of Active Cyber Defense such as Trusted Computing and Roots of Trust.

Hopefully, some of these R&D efforts will transition to capable products and services for use by industry as well. We’ll be tracking the progress of these programs to keep you informed as we go along. We’ll also examine the independent R&D efforts of industry and other governments in future articles so stay tuned to this space. Let us know if there are specific Active Cyber Defense R&D that you are involved with or know about as well.

Thanks for reading and keep adapting!