DHS moves ahead with cybersecurity R&D efforts
New pilot programs will include private sector firms and incident data
Computerworld - SAN MATEO, Calif. -- The Department of Homeland Security is actively planning several new pilot projects that officials hope will help solve one of the most pressing cybersecurity research problems to date: a lack of real-world attack data.
"The cybercommunity has suffered for years from the lack of good data for testing," said Douglas Maughan, security program manager at the Homeland Security Advanced Research Projects Agency, which is part of the DHS's Science and Technology Directorate.
That's why the DHS is moving ahead rapidly with a new program called Protected Repository for Defense of Infrastructure Against Cyber Threats (Predict), said Maughan, who spoke at an industry conference here sponsored by the U.S. Secret Service.
The Predict program has been under way since February and is aimed at getting large private-sector infrastructure companies to volunteer real-world incident data that researchers can use to test prototype security products.
"We're looking to collect large, different types of data," said Maughan. He noted that the government wouldn't hold the data and said those who volunteer for the program can have data "anonymized."
Maughan said the program would rely on a trusted access repository process that includes a government-funded but third-party hosted data repository with written agreements with data providers. Researchers can apply to take part in the program, and data owners would be allowed to stop specific researchers from accessing their data, said Maughan. So far, nearly two-dozen enterprises have indicated interest in the program, which is scheduled to go live after Jan. 1.
The agency is also spearheading a new vender-neutral cybersecurity test bed, known as DETER for Cyber Defense Technology Experimental Research, that will help develop next-generation security technologies for the nation's critical infrastructure. The goal is to construct a homogeneous emulation cluster based on the University of Utah's Emulab facility, said Maughan.
So far, he said, $14 million has been earmarked for the program, which allows researchers to focus on security vulnerability prevention and detection and test the security and trustworthiness of operational systems. The DHS plans to hold an industry day on Sept. 27 to answer questions about the program, and plans to award pilot project contracts in mid-January 2005.
Along with the DETER test bed, the DHS has formed an ad hoc government/industry steering committee to study and develop security pilot projects for the Domain Name System, a critical part of the Internet infrastructure that converts text names of Web sites into Internet Protocol addresses. The goal is to develop pilot projects to study specific threats and vulnerabilities to the DNS, including loss of service due to
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts