[ISN] DHS moves ahead with cybersecurity R&D efforts

InfoSec News isn at c4i.org
Thu Sep 16 06:11:24 EDT 2004


By Dan Verton 
SEPTEMBER 15, 2004

SAN MATEO, Calif. -- The Department of Homeland Security is actively
planning several new pilot projects that officials hope will help
solve one of the most pressing cybersecurity research problems to
date: a lack of real-world attack data.

"The cybercommunity has suffered for years from the lack of good data
for testing," said Douglas Maughan, security program manager at the
Homeland Security Advanced Research Projects Agency, which is part of
the DHS's Science and Technology Directorate.

That's why the DHS is moving ahead rapidly with a new program called
Protected Repository for Defense of Infrastructure Against Cyber
Threats (Protect), said Maughan, who spoke at an industry conference
here sponsored by the U.S. Secret Service.

The Protect program has been under way since February and is aimed at
getting large private-sector infrastructure companies to volunteer
real-world incident data that researchers can use to test prototype
security products.

"We're looking to collect large, different types of data," said
Maughan. He noted that the government wouldn't hold the data and said
those who volunteer for the program can have data "anonymized."

Maughan said the program would rely on a trusted access repository
process that includes a government-funded but third-party hosted data
repository with written agreements with data providers. Researchers
can apply to take part in the program, and data owners would be
allowed to stop specific researchers from accessing their data, said
Maughan. So far, nearly two-dozen enterprises have indicated interest
in the program, which is scheduled to go live after Jan. 1.

The agency is also spearheading a new vender-neutral cybersecurity
test bed, known as DETER for Cyber Defense Technology Experimental
Research, that will help develop next-generation security technologies
for the nation's critical infrastructure. The goal is to construct a
homogeneous emulation cluster based on the University of Utah's Emulab
facility, said Maughan.

So far, he said, $14 million has been earmarked for the program, which
allows researchers to focus on security vulnerability prevention and
detection and test the security and trustworthiness of operational
systems. The DHS plans to hold an industry day on Sept. 27 to answer
questions about the program, and plans to award pilot project
contracts in mid-January 2005.

Along with the DETECT test bed, the DHS has formed an ad hoc
government/industry steering committee to study and develop security
pilot projects for the Domain Name System, a critical part of the
Internet infrastructure that converts text names of Web sites into
Internet Protocol addresses. The goal is to develop pilot projects to
study specific threats and vulnerabilities to the DNS, including loss
of service due to a denial-of-service attack, hijacking and a loss of
coherence due to the existence of unauthorized root servers and
top-level domains.

Pilot projects are being planned for the .us and .gov domains, Maughan

The DHS is scheduled to hold its first meeting Monday of its Border
Gateway Protocol steering committee, which is preparing
research-and-development pilot projects to develop secure protocols
for the routing infrastructure that connects Internet service
providers and subscriber networks. The current BGP architecture makes
it particularly vulnerable to human error as well as malicious attacks
against routers, the links between routers and the management stations
that control the routers, said Maughan.

Specific concerns, said Maughan, include the ability of attacks to
reroute traffic to enable passive or active wiretapping. At its first
meeting next week, the steering committee plans to discuss plans for a
November industry workshop with routing vendors and major ISPs.

Maughan, however, warned that solving the problems facing the BGP
infrastructure will be a long-term endeavor. "It's a good three-,
five- or seven-year problem."

More information about the ISN mailing list