DHS S&T Lays Out a Broad Yet Innovative Portfolio of Cybersecurity Research In This Year’s Showcase

I attended my first DHS S&T Showcase 3 years ago and since then I have looked forward eagerly each year to see what new cyber technologies are emerging from the shadows due to the funding provided by DHS. DHS S&T steps in to help cyber start-ups and government researchers in many ways to get new cyber efforts started as well as, and more importantly, transitioned to practice. This year’s showcase, starting next week, will prove to be no different in the remarkable success of the S&T cyber program, as led by Douglas Maughan and Mary McGinley – the two subjects of this interview with Active Cyber™. Read below to get some previews of just some of the types of research efforts you will discover at the Showcase.  

Spotlights on Mr. Douglas Maughan and Ms. Mary McGinley

» Title: Douglas Maughan, Director, Industry Partnerships, DHS Science & Technology Directorate; 

Mary McGinley, Director, Physical & Cyber Security, DHS Science & Technology Directorate

» Website: https://www.dhs.gov/science-and-technology

» LinkedIn: https://www.linkedin.com/in/douglas-maughan-9bb2076; https://www.linkedin.com/in/mary-mcginley-0b620522

Read their bios below.

Chris Daly, Active Cyber™: Doug, looking back on 2018, what accomplishments of your program are you most proud? What advancements have you seen in R&D or in commercial products that bode well for the fight against cyber attacks? How has your cyber research focus incorporated support for law enforcement and first responders in 2018?

Douglas Maughan, Director, Industry Partnerships, DHS Science & Technology Directorate: We are very proud of all of the progress we made along several research program areas. There were many encouraging advances in R&D and cybersecurity technology over the past year and it’s difficult to single out specific areas. Clearly, the cat and mouse game of cyber attackers and defenders continues to evolve at a rapid pace, which requires a dedicated and focused effort by all of government and in conjunction with the private sector to help improve cyber security.
• On the software security and assurance front, our Static Tools Analysis Modernization Project made available over 9000 real-world benchmarks via the Software Assurance Marketplace (SWAMP), enabling users to easily benchmark how well their static analysis tools are able to find these bugs in a realistic code environment.
• Very late in 2017, we published the Securing Mobile Applications for First Responders report, describing a mobile application (app) pilot testing program designed to serve a public safety purpose. The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) Cyber Security Division (CSD), the Association of Public-Safety Communications Officials (APCO) International, and Kryptowire LLC, a CSD performer, collaborated to identify security vulnerabilities and privacy issues important for public safety users and to recruit app developers to participate in testing and evaluation. The report tested 33 mobile apps for IOS and Android of which 32 were found to have privacy and security concerns. Eighteen (18) mobile apps were found to have critical vulnerabilities. DHS worked with the application development community to address the mobile apps security and privacy concerns in order to further the public safety mission of first responders.
• Working with NIST, DHS S&T began a broad national discussion of how to identify, adapt and include cyber security and privacy capabilities in “Smart Cities and Communities” efforts that are underway throughout the nation. This discussion is taking place through the NIST Global Cities Team Challenge (GCTC) Program, and its FY18 focus on Secure Connected Cities and Communities (SC3). Customer engagement for this effort includes technical, business and government leadership in cities and communities throughout the country, and with DHS CISA and industry and government associations, such as the National Governor’s Association.
• The Transition to Practice (TTP) program transitioned its 20th technology since the program launched, making 50% of technologies in the portfolio now commercialized, licensed or available open source. The Autonomic Intelligent Cyber Sensor (AICS) developed at Idaho National Laboratory was exclusively licensed to Trust Automation, Inc. This commercialization will allow Trust Automation to use AICS to upgrade the cyber-defenses of vulnerable legacy critical infrastructure systems, including natural gas distribution, water distribution and management, and electrical grid systems.
• For the Cyber Physical Systems Security program, the Uptane research activity enjoyed substantial deployment success. Uptane has been adopted by one of the big three US automakers and is also deployed in Automotive Grade Linux, which is used by several auto manufacturers. Due to the security benefits and deployment success of Uptane, it was named as one of the “coolest technologies of 2017” by Popular Science and has had dozens of other mentions in the press.
• We published a research agenda for our Cyber Risk Economics (CYRIE) program this year, outlining 6 major themes for potential research in real world risk economic challenges.
• One of our most robust programs is our Cyber Security for Law Enforcement research. This program works directly with the DHS Law Enforcement components to meet their technology requirements, particularly in the area of digital forensics. In this area, we’ve collaborated with NIST to complete numerous digital forensics tool testing reports and published those results to the DHS website, making them available for all organizations, public or private.

Active Cyber™: In the last interview with DHS S&T, the start of the Next Generation Cyber Infrastructure (NGCI) Apex Program was discussed, which is intended to provide technologies and tools to confront advanced adversaries when they attack U.S. cyber systems and networks. A first focus area for this program was the financial sector. What outcomes has this program achieved to date, and what are your key focus areas going forward?

Mary McGinley, Director, Physical & Cyber Security, DHS Science & Technology Directorate: The Next Generation Cyber Infrastructure Apex program awarded two (2) new awards and funded the test and evaluation phases of two (2) existing awards, this calendar year, that specifically address systemic cyber threats plaguing the financial sector. The finding results from the first award (Network Aware) were released and demonstrated to the sector in FY 2018 Q3. Stakeholder membership in the Cyber Apex Review Team consisting of financial organizations increased from six (6) active members to over thirty-one (31) participating and potential transition members. CART participation includes NPPD, Treasury and representatives from the Financial Services Sector, ranging from large, international institutions to regional and community banks.

Going forward, the program will continue to work with Treasury and CISA to help ensure planned R&D for the Financial Services Sector can be adapted for other CI sector use as needed.

Active Cyber™: On November 16, 2018, President Trump signed into law the Cybersecurity and Infrastructure Security Agency Act of 2018. As you know, this landmark legislation elevates the mission of the former DHS National Protection and Programs Directorate (NPPD) and establishes the Cybersecurity and Infrastructure Security Agency (CISA). CISA leads the national effort to defend critical infrastructure against the threats of today, while working with partners across all levels of government and in the private sector to secure against the evolving risks of tomorrow. In general, how is S&T supporting technological advancements to improve outreach to critical infrastructure owners and operators, service providers, and other key enablers of risk management activity, and specifically, what types of innovations is S&T sponsoring to take cyber information sharing efforts to the next level?

McGinley: While there aren’t programs that directly support operational information sharing programs like CISA’s Automated Indicator Sharing (AIS) capability, S&T shares information in other ways. For example, S&T has funded the National Institute of Standards and Technology (NIST) to conduct testing of digital forensics tools. S&T publishes the results of these reports to its public facing website, thus allowing state and local law enforcement and other users of forensics tools to see the testing results.

Active Cyber™: Election security was on lots of minds during 2018 and 40 states invested more than $75 million to improve election security. What types of cyber research activities did S&T conduct over the past couple of years in getting ready for this mid-term election? What future research efforts in election security are you considering in 2019 and beyond?

McGinley: S&T has not conducted any research activity that directly impacts the election infrastructure or election security. There are, however, research projects that can apply more broadly than their initial intended customers, so there are certainly opportunities for election infrastructure owners and operators to benefit from the cyber research S&T has conducted. As you are aware, S&T has recently restructured to be a customer focused organization and will conduct R&D responsive to DHS agency priorities. S&T will work with CISA if it prioritizes research needs around election security.

Active Cyber™: A new DHS cybersecurity strategy was announced in May of 2018 around 5 strategy pillars. What are the key taskings that S&T has taken from the strategy and how is it supporting each of the pillars?

McGinley: DHS S&T fully supports the Department’s cybersecurity strategy and expects to have a role supporting all pillars through the development and deployment of new technologies that help the Department and DHS components achieve the 7 goals aligned against the 5 pillars.

Active Cyber™: Network resiliency seems to be an important theme in the R&D community during 2018. What has been the research focus of S&T on this topic in 2018 and how are these research activities aligned with those of interagency and international partners to ensure consistency of approaches? What do you expect to be funded research going forward in this space?

McGinley: S&T recognizes that the next generation of information systems must be resilient to attack and compromise, and has funded several efforts that address network and system resiliency. One of these efforts is Hardware-Enabled Zero Day Protection (HEZDP), which provides for protection against novel and zero day attacks as well as a mechanism for automatic system recovery and restoration to a known good state in the event of compromise. HEZDP has been piloted extensively in the United States Air Force Cyber Proving Ground, and is scheduled to engage in partnerships with various commercial OEMs for incorporation into the systems that those OEMs provide to the Government.

Through its Federated Security program, S&T has also funded the development of the Federated Command and Control (FC2) infrastructure. The FC2 infrastructure allows separate enterprises to join in a federation for defensive purposes; each federation member maintains complete control over their own network, however the federation provides mechanisms for participating members to automatically share attack and compromise information, as well as which defenses to deploy to best mitigate emerging threats, thus increasing the resiliency to attack of each participating enterprise. FC2 has been demonstrated at DHS and the Florida Institute of Technology, and efforts are currently underway to enhance the Federated Defense Community and to streamline the manner in which federations are joined and maintained. This effort will also work with CISA and other interested DHS component customers to ensure the resiliency needs of DHS are met.

From the interagency perspective, S&T recently completed serving as the co-chair of the Cyber Security and Information Assurance Interagency Working Group (CSIA IWG). This IWG, chartered under the Networking and Information Technology Research and Development (NITRD) Program, consistently shared program information through regular meetings, coordination of NITRD budget supplement submissions and the publication of two Federal Cybersecurity Research and Development Strategic Plans in 2011 and 2015. S&T will continue to support the development of the 2019 update to the plan.

Active Cyber™: Another important R&D theme of the past year has been on artificial intelligence and machine learning – to be used, in part, for cyber operations and to protect the nation’s critical infrastructure networks. What key innovations did you see emerge in this space in 2018 and will the space be as equally rich in R&D investment in 2019?

McGinley: Certainly the use of AI and Machine Learning for cyber security has grown significantly. It is important to keep in mind that AI/ML for cyber defense is not a “silver bullet” but rather supplements established cyber defense technologies and techniques to proactively detect adversarial attacks. S&T has funded several projects that have a machine learning element to them. For example, we’ve used AI-ML to identify, categorize and score various adversarial Telephony Denial of Service (TDoS) techniques for a top-5 US bank, major insurance companies, and at 9-1-1 call centers. Another application of ML is to create fine-grained, temporal traffic models that allow anomaly detection without preset thresholds and with low false positive rates. The application then uses Software Defined Networking technology to deploy thousands of rules to instantly defend against complex DDoS attacks at very high speeds.

Active Cyber™: Cyber supply chain security hit the headlines this year, and whether right or wrong, put a big spotlight on this problem. What types of research did S&T sponsor for this area in 2018 and what technology advancements do you feel are needed to address this problem going forward?

McGinley: While S&T did not fund research specifically on supply chain security, elements of the research portfolio could certainly support increased supply chain security. To address the supply chain threats that stem from vulnerable or malicious software distributed through firmware on mobile and IoT devices via binary firmware images, S&T developed a scalable, comprehensive, and automated framework to detect firmware-borne threats, both malicious and (un)intentionally insecure, present in Android and iOS devices. Recent S&T funded research into potential use cases for blockchain technology could be leveraged and investigated further for supply chain security applications.

Active Cyber™: In our last interview you announced the initiation of a solicitation looking for innovative technologies that can be deployed for IoT security into both the government and private sectors. How has this initiative turned out to date – what kinds of innovative research activities has this initiative spawned?

Maughan: We released a solicitation to address the following challenges around securing the Internet of Things (IoT). We specifically sought technologies in the following challenge area: Detecting IoT Components and Connections; Authenticating IoT Components; and Updating IoT Components. We’ve funded several innovative efforts under this call. A couple of examples are described below:

• Factom, Inc. has developed a technology to secure internet of things (IOT) device data. The Factom blockchain based technology allows applications to create immutable data records. By combining data validation with information and system integrity, structured in chains, one can build unquestionable integrity for devices and networks that cannot be hacked or spoofed. For purposes of the SVIP call, Factom has integrated their technology into two brands of cameras used by CBP at border locations to ensure data collected from these cameras is tamper proof. These updated test cameras have been installed and are currently being tested with CBP officers at a border location in El Paso, TX.

• Ionic is developing a commercially available solution that provides end users a tool that can secure and protect IoT enabled sensors, their data and the integrity of their service. Their solution will work with legacy and future security and Industrial Control systems, with a simple installation and management service that is enabled via an open source software development kit solution. They have developed IoT Security Proxies and Open Source Software Development Toolkits (SDK) that can be applied to new installations as well as existing legacy security and surveillance tools that use the common MODBUS standard.

Active Cyber™: What should we expect to see at the upcoming 2019 S&T Cybersecurity and Innovation Showcase – Solutions Now | Innovations for the Future – on March 18-20 2019 in Washington D.C.? What other 2019 events are planned by S&T to engage cyber researchers and technology developers and where can these folks learn more about DHS Cyber S&T?

Maughan: The showcase will feature 3 days of engaging speakers and panelists, technology presentations and dedicated demonstration sessions after the Days 1 and 2. Melissa Hathaway, noted cybersecurity expert, will kick off the conference on March 18th, DHS Secretary Kirstjen Nielsen speaks on March 19th and Natalie Vanatta, deputy chief of research at the Army Cyber Institute, will close the conference on March 20.

DHS S&T will have a presence at the 2019 Blackhat USA event Aug 7-8 in Las Vegas, NV. Individual program managers may have speaking engagements at cyber security focused events throughout the rest of the year.

For a summary of DHS technology needs, S&T’s technical focus areas, and the tools and opportunities for industry to work with S&T, please see: https://www.dhs.gov/science-and-technology/ways-work-us

Thank you Doug and Mary for this overview of DHS S&T’s portfolio of cyber research. It is great to see the depth and breadth of the innovative research which is funded each year by DHS. It is even better to see the remarkable record of success in transitioning the cyber research into operational capabilities to protect our critical infrastructure. I look forward to attending this year’s Showcase to see you and the emerging cyber stars that have benefited from your S&T program.

And thanks for checking out ActiveCyber.net! Please give us your feedback because we’d love to know some topics you’d like to hear about in the area of active cyber defenses, PQ cryptography, risk assessment and modeling, autonomous security, digital forensics, securing ICS / IIoT and IoT systems, or other security topics. Also, email marketing@activecyber.net if you’re interested in interviewing or advertising with us at Active Cyber™.