The INFOSEC Research Council

1
The INFOSEC Research Council

• Carl Piechowski
• Chair IRC, DOE
• Dr. Douglas Maughan
• IRC Program Manager, DARPA
• John C. Davis
• Executive Agent IRC, Mitretek

2
The INFOSEC Research Council (IRC)

• Charter
• Informally chartered, government sponsored,
  voluntary organization
• Goals
• Facilitate communication and collaboration
  between participating organizations
• Enable knowledgeable and intelligent information
  security research investments
• Increase efficiency and effectiveness of U.S.
  Government INFOSEC research
• Support consolidated identification of high value
  research targets
• The IRC provides an opportunity for participants
  to
• Discuss critical information security issues
• Convey members research needs
• Describe current research activities and planned
  research investments
• Informally examine concepts and approaches
  against a body of experience and knowledge
• Benefit to members
• Helps them to focus their INFOSEC research
  investments through coordination with other
  relevant individuals and organizations

3
IRC Vision
INFOSEC Science and Technology Study Groups
INFOSEC Research Council
Innovative Approaches
Funding
Requirements
Fed Labs FFRDC RD
Participating Organizations
Warfighter, National Security, Homeland Security,
and Civil Agency Needs
Academic RD
Industry RD
Ideas
Solutions
4
IRC Background

• First organized by NSA R2 in May 1996
• IRC activities are sponsored by most of the
  participating organizations, as led and
  coordinated by DARPA
• U.S. Department of Energy provides the current
  chairperson

5
IRC Participants

• Representatives from U.S. Government
  organizations that sponsor information security
  research
• Current Members
• DOD BMDO, DTRA, NCS, DARPA, NSA, OSD
• Air Force AFRL, AFIWC
• Army ARL, CECOM
• Navy NRL, ONR, SPAWAR
• Intelligence Community CIA, NRO, ARDA
• Civilian Agencies DOE, NIST, NSF, FBI, FAA,
  DOJ, NRC

6
IRC Activities

• Bimonthly meetings
• Program discussions
• Relevant technical presentations
• Review new developments
• Events
• Developed the INFOSEC Hard Problems List
• Developing an RD Database
• Developed RD Summary Report
• Created and maintain IRC websites
• www.infosec-research.org
• Initiate INFOSEC Science and Technology Study
  Groups (ISTSG)

7
INFOSEC Science and Technology Study Groups

• Studies
• Issues of particular import
• Issues of shared interest
• Benefit from the contributions of recognized
  experts
• Studies Completed
• Information Assurance Vision / End State
• Malicious Code
• Studies Proposed
• Self Healing Networks
• Technology Transfer
• Network Study

8
Recent Briefings

• Institute for Information Infrastructure
  Protection (I3P) Michael Vatis, Dartmouth
  University
• National Strategy to Secure Cyberspace Marcus
  Sachs, Director for Communication Infrastructure
  Protection
• NIAP Certification of Linux and Security-Enhanced
  Linux Tony Stanco, George Washington University
• Homeland Security In Pursuit of the Asymmetric
  Advantage Ruth David, Analytic Services, Inc.
  (ANSER)
• The State of Information Security within the
  Civil Agencies Keith A. Rhodes, GAO

9
Recent Briefings

• Large Network Security Dr. Ed Amoroso, ATT
• Know Your Enemy Modeling and Predicting Hacker
  Behavior the Honeynet Project
• Fortune 500 Corporate Security Head of Security
  of F500 company
• "DUSD (ST)'s Software Protection Initiative"
  Jeff Hughes
• MAC OS Security -- Shawn Geddis, Apple Federal
• Microsoft XP Security Sean Finnegan, Microsoft

10
INFOSEC Research Hard Problems List

• Why define the hard problems?
• Identify important roadblocks to effective
  information security
• Guide research program planning
• Achieve consensus on identifying especially
  difficult/persistent information security issues
• How was it done?
• Discussion and e-mail exchanges among members
• Contributions from national experts

11
What makes INFOSEC problems hard?

• Technical factors
• Need for COTS solutions
• Need for wide deployment of security technology
• Need to manage complex, networked systems
  securely
• Need to support dynamic security policy
  environments
• Growing technical sophistication of threats
• IT Market and user perception factors
• COTS provides more function, less assurance
• Declining government influence on COTS
  information technology
• User belief COTS security will suffice
• Unrealistic assumptions (e.g. detect new attack)

12
IRCs Hard Problem List

• Design Development
• Secure system composition
• High assurance development
• Metrics for security

• Operational
• Intrusion and misuse detection
• Intrusion and misuse response
• Security of foreign and mobile code
• Controlled sharing of sensitive information
• Application security
• Denial of service
• Communications security
• Security management infrastructure
• Infosec for mobile warfare

13
Program RD Database

• Originally in hardcopy
• Now being automated
• Each member organization provides RD summary
  info
• Project records will target
• Summary technical info / URL
• Contact information
• Non-sensitive budget info
• Relationship to Hard Problems list
• Benefits identify resources being applied to
  hard problems, support gap analysis

14
RD Study

• Collected information about Federal INFOSEC RD
  Programs
• Identified key INFOSEC issues facing the U.S.
• Fundamental flaws in much of the nations
  deployed information infrastructure that leave
  systems open to exploitation
• Decreasing diversity in the software components
  of that infrastructure, and diminishing ability
  to assure that hardware communications paths are
  diverse, which causes any flaw to be very
  wide-spread
• Lack of effective means for detecting the
  exploitation of these flaws, both tactically and
  strategically
• Lack of controllable, graduated responses to such
  exploitations
• Synthesized the data
• Performed Gap Analysis

15
IRC Websites -- Overview

• Provide the infrastructure for communicating
  research priorities and sharing research results
• Mitretek Systems maintains three IRC websites for
  various audiences
• Public - http//www.infosec-research.org
• IRC Meeting Participants
• IRC Members
• Implemented using open source software
• Websites are hosted at Mitretek Systems in Falls
  Church, VA

16
IRC Public Website

• Only publicly accessible IRC website
• Provides an overview of the organization and
  objectives
• Website contents
• IRC Charter
• Member Organizations
• Upcoming Meeting Date and Location
• Public Documents
• Hard Problems List
• IRC Overview (PowerPoint and Word Document)
• Contact Information

17
IRC Meeting Participants Website

• Access controlled by username/password
• Separate username/password issued for each
  meeting to all participants
• SSL used for encrypted communication
• Website contents
• Schedule of future meetings
• Meeting agendas
• Abbreviated minutes -- contents from Closed
  Sessions are removed
• Presentations from Open Sessions

18
IRC Members Website

• Access limited to Federal employees and IPAs
• PKI client certificates are used for website
  authentication
• SSL used for encrypted communication
• Website contents
• Schedule of future meetings
• Meeting agendas
• Complete minutes
• Presentations from all sessions
• ISTSG results / Draft documents for review
• Calendar of upcoming meetings and conferences
• Infrastructure to support the RD database
• Search RD summary information
• Update RD project information

19
IRC Benefits

• While it is understood that each participating
  agency will have its own research priorities, the
  IRC helps identify and organize high priority
  INFOSEC problem areas and related research
  opportunities. The IRC
• Promotes more efficient and effective use of
  research funds
• Shares expertise
• Supports corporate memory beyond organization
• Helps identify common problems
• Helps avoid redundant efforts

20
QUESTIONS ???
21
Thank You

• Chair, Infosec Research Council
• Carl Piechowski
• U.S. Department of Energy
• SO-13
• 19901 Germantown Rd
• Germantown, MD 20874-1290
• Phone 301-903-4053
• carl.piechowski_at_hq.doe.gov

• IRC Executive Agent
• John Davis
• (703) 610-1945
• Mitretek Systems, Inc
• MS F220
• 3150 Fairview Park Drive South
• Falls Church, VA 22042
• Fax (703) 610-1699
• john.davis_at_mitretek.org