A Roadmap for Cybersecurity Research

A Roadmap for Cybersecurity Research

A Roadmap for Cybersecurity Research November 2009 Contents Executive Summary ................................................................................................................................................iii Introduction ..............................................................................................................................................................v Acknowledgements .................................................................................................................................................ix Current Hard Problems in INFOSEC Research 1. Scalable Trustworthy Systems ...................................................................................................................1 2. Enterprise-Level Metrics (ELMs) ..........................................................................................................13 3. System Evaluation Life Cycle ...................................................................................................................22 4. Combatting Insider Threats ....................................................................................................................29 5. Combatting Malware and Botnets ..........................................................................................................38 6. Global-Scale Identity Management ........................................................................................................50 7. Survivability of Time-Critical Systems ..................................................................................................57 8. Situational Understanding and Attack Attribution ..............................................................................65 9. Provenance .................................................................................................................................................76 10. Privacy-Aware Security ..........................................................................................................................83 11. Usable Security ........................................................................................................................................90 Appendices Appendix A. Interdependencies among Topics ..............................................................................................A1 Appendix B. Technology Transfer ....................................................................................................................B1 Appendix C. List of Participants in the Roadmap Development .................................................................C1 Appendix D. Acronyms ...................................................................................................................................... D1 i Executive Summary Executive Summary The United States is at a significant decision point. We must continue to defend our current systems and networks and at the same time attempt to “get out in front” of our adversaries and ensure that future generations of technology will position us to better protect our critical infrastructures and respond to attacks from our adversaries. The term “system” is used broadly to encompass systems of systems and networks. This cybersecurity research roadmap is an attempt to begin to define a national R&D agenda that is required to enable us to get ahead of our adversaries and produce the technologies that will protect our information systems and networks into the future. The research, development, test, evaluation, and other life cycle consider- ations required are far reaching—from technologies that secure individuals and their information to technologies that will ensure that our critical infrastructures are much more resilient. The R&D investments recommended in this roadmap must tackle the vulnerabilities of today and envision those of the future. The intent of this document is to provide detailed research and development agendas for the future relating to 11 hard problem areas in cybersecurity, for use by agencies of the U.S. Government and other potential R&D funding sources. The 11 hard problems are: 1. Scalable trustworthy systems (including system architectures and requisite development methodology) 2. Enterprise-level metrics (including measures of overall system trustworthiness) 3. System evaluation life cycle (including approaches for sufficient assurance) 4. Combatting insider threats 5. Combatting malware and botnets 6. Global-scale identity management 7. Survivability of time-critical systems 8. Situational understanding and attack attribution 9. Provenance (relating to information, systems, and hardware) 10. Privacy-aware security 11. Usable security For each of these hard problems, the roadmap identifies critical needs, gaps in research, and research agenda appropriate for near, medium, and long term attention. DHS S&T assembled a large team of subject matter experts who provided input into the development of this research roadmap. The content was developed over the course of 15 months that included three regional multi-day workshops, two virtual workshops for each topic, and numerous editing activities by the participants. iii Introduction Introduction Information technology has become pervasive in every way—from our phones and other small devices to our enterprise networks to the infrastructure that runs our economy. Improvements to the security of this information technology are essential for our future. As the critical infrastructures of the United States have become more and more dependent on public and private networks, the potential for widespread national impact resulting from disruption or failure of these networks has also increased. Securing the nation’s critical infrastructures requires protecting not only their physical systems but, just as important, the cyber portions of the systems on which they rely. The most significant cyber threats to the nation are fundamentally different from those posed by the “script kiddies” or virus writers who tradition- ally have plagued users of the Internet. Today, the Internet has a significant role in enabling the communications, monitoring, operations, and business systems underlying many of the nation’s critical infrastructures. Cyberattacks are increas- ing in frequency and impact. Adversaries seeking to disrupt the nation’s critical infrastructures are driven by different motives and view cyberspace as a possible means to have much greater impact, such as causing harm to people or widespread economic damage. Although to date no cyberattack has had a significant impact on our nation’s critical infrastructures, previous attacks have demonstrated that exten- sive vulnerabilities exist in information systems and networks, with the potential for serious damage. The effects of a successful attack might include serious economic consequences through impacts on major economic and industrial sectors, threats to infrastructure elements such as electric power, and disruptions that impede the response and communication capabilities of first responders in crisis situations. The United States is at a significant decision point. We must continue to defend our current systems and networks and at the same time attempt to “get out in front” of our adversaries and ensure that future generations of technology will position us to better protect our critical infrastructures and respond to attacks from our adversaries. It is the opinion of those involved in creating this research roadmap that government-funded research and development (R&D) must play an increasing role to enable us to accomplish this goal of national and economic security. The research topics in this roadmap, however, are relevant not only to the federal government but also to the private sector and others who are interested in securing the future. This cybersecurity research roadmap is an attempt to begin to define a national R&D agenda that is required to enable us to get ahead of our adversaries and produce the technologies that will protect our information systems and networks into the future. The research, development, test, evaluation, and other life cycle consider- ations required are far reaching—from technologies that secure individuals and their information to technologies that will ensure that our critical infrastructures “The time is now near at hand...” are much more resilient. These investments must tackle the vulnerabilities of today — George Washington, July 2, 1776 and envision those of the future. v Historical background research programs. The original list has mixes of legacy systems), and the pres- proven useful in guiding INFOSEC ence of significant, asymmetric threats. The INFOSEC Research Council (IRC) research, and policy makers and planners is an informal organization of govern- may find the document useful in evalu- The area of cybersecurity and the associ- ment program managers who sponsor ating the contributions of ongoing and ated research and development activities information security research within the proposed INFOSEC research programs. have been written about frequently over U.S. Government. Many organizations However, the significant evolution of the past decade. In addition to both have representatives as regular members technology and threats between 1999 the original IRC HPL in 1999 and the of the IRC: Central Intelligence Agency, and 2005 required an update to the list. revision in 2005, the following reports Department of Defense (including the Therefore, an updated

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    126 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us