The Science of Cybersecurity

The Homeland Security Department attempts to set the standard for fielding cyber technologies.

 

A group of U.S. government researchers focused on fortifying homeland security has cybersecurity technology development down to a science.

Those researchers work for the Department of Homeland Security (DHS), within the Science and Technology Directorate’s (S&T’s) Cyber Security Division. The division, like the entire department, supports a wide range of missions, including science and technology research along with protecting critical infrastructure, securing government systems, assisting law enforcement and developing, training and educating the cyber work force.

Ongoing projects include efforts to support sectors such as oil and gas, electric, automotive and finance, all of which fall under the umbrella of critical infrastructure protection. “Critical infrastructure for us will continue to be at the forefront,” says Douglas Maughan, division director.

In July, the organization awarded a $70 million contract to Cyber Apex Solutions, Arlington, Virginia, to facilitate the development of prototype cyber defenses for critical national infrastructure sectors, beginning with financial services. The effort focuses on delivering capabilities in five key areas: dynamic defense, network characterization, malware detection, software assurance and insider threat.

Once the program confirms cybersecurity gaps within these broad areas, a consortium of cyber researchers, companies and academics developed by Cyber Apex Solutions will identify consortium members that have already developed possible solutions and technologies. DHS S&T will provide guidance for the projects and, jointly with each company, manage the prototype, pilot, deployment and transition phases.

The division also has a new program to evaluate the security of mobile applications on government cellphones. “That’s an area that … has tremendous commercial potential as well as use for us in the government,” Maughan says.

In addition, he cites a program to prevent distributed denial-of-service attacks (DDoS), which could benefit a wide range of organizations, including 911 call centers. Attackers sometimes use technology, such as automated dialing software, voice over Internet protocol and compromised mobile phones, to send thousands of automated calls to tie up a phone system, rendering it unusable. The attacks are relatively easy and inexpensive and can be launched from anywhere in the world. “That continues to be a problem, not just for the government but in general. There’s been significant headway in looking at technology to defend 911 centers. We’ve got some of our technology piloting in Houston and Miami,” Maughan offers.

Some possible solutions improve coordination among organizations being attacked. Other possibilities include technologies that can automatically filter out suspect calls. “We’re looking at how to evaluate calls coming into the center … to eliminate those calls that might be a DDoS attack and to make sure that only emergency calls get through. If it’s multiple calls coming from the same location, that is a sign that it is potentially a DDoS,” Maughan says.

Established in 2011, the Cyber Security Division grew out of S&T’s cybersecurity program, which began in 2003. The team has implemented a series of programs, processes and procedures designed to transition cyber technologies from the lab to the marketplace at a blistering pace by federal government standards. “In the 13 years I’ve been at DHS, we’ve transitioned or made available through open source channels more than 75 technologies—a lot of them still in the marketplace,” Maughan says. “The most important thing we’re known for is the transition of technologies. That’s one of the biggest impacts we’ve had.”

In recent years, the division’s Transition to Practice (TTP) program, which kicked off in 2012, has been a key factor in that record of success. The program’s website lists 42 projects. The program has transitioned a total of 18 technologies. Thirteen have been commercialized. Seven led to startup companies, and five are open sourced.

The TTP identifies technologies being developed with federal funding in national laboratories and focuses on putting those systems to use. “Gone are the days that research just sits on the shelf and collects dust. We have to be not only doing the research but doing the other activities to transition and commercialize the technology so that it can be acquired and used by our partners, whether they are in government or in industry,” the director declares.

More recently, the division launched the Silicon Valley Innovation Program, which is designed to form partnerships with entrepreneurs and innovators, mostly startups, that do not normally work with the federal government. S&T uses commercial investments to focus on several sectors, including information technology, finance, energy, health and first responders. The program is designed to strengthen national security with the goal of reshaping how government, entrepreneurs and industry work together to find cutting-edge solutions.

The initiative will soon kick off an effort for “seamless travel” in partnership with the Transportation Security Administration and Customs and Border Protection, Maughan says. “The Silicon Valley Innovation Program continues working with startups doing some cutting-edge acquisition activities, but more importantly, bringing new innovations and technologies to DHS components and even into the private sector,” he adds.

It applies to nontraditional startups some of the lessons learned under the TTP and other rapid acquisition efforts. “That is another one that has turned the government upside down from a contracting perspective. We’re able to do awards to startups in 60 days or less, and we’re quickly delivering technologies to components,” Maughan offers. “We’ve done some pilot tests with startup companies that are six to nine months into the effort, and we’re already doing pilots in the field with Customs and Border Protection.”

He says the division is always looking for innovative acquisition solutions to get technologies out of the lab. “Other government agencies could learn from the different models we have for transition. Some of our models for working with the private sector are cutting-edge. Nobody else is doing those kinds of things,” Maughan states. “Our models for working with the private sector are different from what other government agencies do or even think about. And we’ve been doing it for a decade.”

Furthermore, once the division personnel find a model that works, they adapt it where they can. For example, lessons learned in the oil and gas sector are now benefiting automotive manufacturers, and processes developed by the Silicon Valley Innovation Program may be applied to traditional government contractors. “We’ve been talking about how to change some of the other acquisition processes to speed them up,” Maughan explains. “We spend most of our time on the government side in proposal reviews and contracting. If there are ways to speed those up, we’d like to do better.”

The division applies those innovative acquisition practices to international partnerships as well. Maughan describes the international partnership model as “acceptable to contractors and to the legal folks” and adds that it involves “joint solicitation, independent review, joint decision making, independent contracting and joint program management.”

The division has developed a relationship with a number of other countries, including Australia, Brazil, Canada, Germany, Israel, Japan, Mexico, the Netherlands, New Zealand, South Korea, Spain, Sweden and the United Kingdom, as well as the European Union. “The mechanism that we’ve established now for doing joint international solicitations hasn’t been done this way before by the department or by any other agency,” Maughan asserts.

Other countries, namely Israel and the Republic of Singapore, have adopted the Cyber Security Division’s technology transition model, he points out. “We’ve got other countries looking at how we’re organized and establishing our programs, and they’re trying to follow. We’re known for providing leadership globally,” Maughan states.

Source:https://www.afcea.org/content/science-cybersecurity