- Количество слайдов: 14
Plenary panel on “the” National Cyber Defense Initiative Session chair: Carl Landwehr Panelists: Carl Landwehr, Directorate of National Intelligence/IARPA Susan Alexander, Office of the Secretary of Defense O. Sami Saydjari, Cyber Defense Agency, Inc. Steve Thompson, Directorate of National Intelligence NSF Cyber Trust PI meeting March 16, 2008 New Haven CT
Creating a National Cyber Defense Initiative Highlights of Safe Computing Workshop (SCW) held Nov 2006 and subsequent activities For NSF Cyber Trust PI meeting March 16, 2008 New Haven CT
Two Threads Research activity associated with a “grass roots” effort to create a National Cyber Defense Initiative (NCDI) n This effort predates what is now know as the Comprehensive National Cybersecurity Initiative (CNCI) n About which, more later n
NCDI Key Players n James Gosler, Sandia n O. Sami Saydjari, CDA n Cynthia Irvine, NPS n Don Simard, NSA/NCSC n Keith Jarrin, NSA/NCSC n ADM Bill Studeman (rtd), n Carl Landwehr, IARPA/DTO n Karl Levitt, NSF n Dick Schaeffer, NSA/IAD n John Mallery, MIT CSAIL n Shannon Spires, Sandia n Joe Markowitz, DSB n Alan Wade, DSB n Bridget Rogers, Sandia n William Worley, Secure 64 DSB, NGC
On the Road to the NCDI n April-August 2006, DSB Net-centric Warfare Summer Study n n August 2006, Safe Computing Workshop Planning Meeting (MIT) n n Itanium as platform for STA and issues of programming language verification https: //og 5. csail. mit. edu/cdi/itanium/ June 2007, IA Leadership Workshop (NGC, Reston) n n n http: //www. gtisc. gatech. edu/cybertrust 2007/ March 2007, NSF-DTO-NSA Itanium STA Workshop (MIT CSAL) n n US IA experts from government, industry and academia, funded DTO, NSF, & NSA https: //og 5. csail. mit. edu/scw/dist/ January 2007, NSF Cyber Trust PI Meeting (Atlanta) n n DTO, MIT, NSA, NSF, Sandia, UPenn November-December 2006, Safe Computing Workshop (Sandia) n n http: //www. acq. osd. mil/dsb/reports/2007 -04 -IM_Vol_I. pdf 20 USG IA leaders reviewed NCDI progress to date https: //og 5. csail. mit. edu/cdi/ialw/ August-October 2007, Government-only Meetings n Weekday and Weekend job to to produce an actionable plan n Workshop on Game-Changing Solutions for Cyber Security, Nov. 7, n NPS/NSF/IARPA Opening Moves workshop, Dec 3 -7, 2007 IARPA,
Representation at the Safe Computing Workshop (SCW) n n n Army Research Office BBN Boeing Carnegie Mellon U. Cryptography and Information Systems Surety Cyber Defense Agency Dartmouth College De. Paul University Disruptive Technology Office IBM Institute for Defense Analysis n n n n n Intel Corporation Kestrel Institute Lynux. Works MITRE Corporation National Science Foundation National Security Agency Naval Postgraduate School Northeastern U. Northrop Grumman n n About 60 people altogether Oxford Systems Princeton University Sandia National Laboratories Secure 64 Software SRI International Stanford University U. C. Irvine U. C. Santa Barbara U. of New Mexico U. of Pennsylvania U. of Texas at Austin
Findings from SCW Attackers Rule, Disasters are Likely n Short-term Measures Essential but Insufficient n Market Forces Will Not Change the Balance n Usability & Manageability Critical to Solution n New Technology Can Catalyze Major Changes n n Only a National Initiative Will Make a Real Difference
SCW (intended) Next Steps Carefully develop plan over next 7 -12 months n Serve a Wide Range of Interests n More Robust Cyber Infrastructure n Lever to Enhance U. S. high-tech Competitiveness n Attract Top Students into Strong Educational Programs n Strengthen govt, industry, and academic research n
SCW Planning Phase n n Plan Via Selected Small Focused Working Groups Start with Four Working Groups n n n Resources Needed n n Program Group—Oversee and Spawn Groups Vision Group—Create compelling vision Threat Assessment Group—Case for Action Architecture Group—Technical Approaches Multiple Sponsors to Ensure Broad Support Profile: Eventually High Profile, but wait until have… n Vision, Plan, and Management Structure Worked Out
NCDI Vision n Vision: Over the next ten years transform the cyber-infrastructure to be resistant to attack so that critical national interests are protected from catastrophic damage and our society can confidently adopt new technological advances. Transformation means we must learn how to build the new infrastructure and deploy it • Learning how to execute this transformation will advance both technology and U. S. competitiveness in many ways • Vision Working Group Bridget Rogers, Sandia George Cox, Intel Tom Knight, MIT David Mazieres, Stanford Peter Neumann, SRI Alan Wade, CIA (ret) Grant Wagner, NSA
Elaborating the Vision n "transform the cyber-infrastructure" refers not only to changes in technology, but to all types of change necessary to affect adequate protection (including laws, education, societal norms, software, hardware, and so on). n "resistant to attack" does not mean "blocks all attacks" or "prevents all damage". n "critical national interests" does not limit the vision to affect only those things owned or controlled by the US Federal Government. n "protected from catastrophic damage" refers to situations which are so grave or so far reaching that a national response is required because the effects can't be remediated by individuals, communities, or corporations. n "society can confidently adopt new technological advances" recognizes that an ability to rapidly adopt new technology is a vital aspect of national competitiveness.
NCDI Plan of Action n NCDI Scope n Networks, hosts, warning, response, supporting technologies n National effort from basic research to expedited delivery Jump start (0 -1 years) n Begin work on gating science & technology immediately Three parallel concurrent thrusts n Near term (1 -3 years): Improvements n Shore up the existing infrastructure n Deliver proximate IA technologies for speedy deployment n Medium term (3 -5 years): Reengineering n Deploy technologies based on best IA engineering practices n Develop several domain-specific demonstration systems n Long term (5 -10 years): New platform and applications n Foundational Research & Create agile building blocks n Develop a security architecture n Demonstrate on several priority applications n Begin phased replacement of priority infrastructures
n n Teaching ourselves to build the infrastructure we want Claim: we have component technologies, special approaches, but not economical, full-up system development strategies that predictably yield systems both resistant to attack and capable of easy incremental extension Idea: Parallel system development competitions in different domains Goal: system(s) with sound assurance argument, capable of extension Domain examples: n Large scale IT infrastructure Needed: n Embedded control System specification Evaluation Strategy n Personal communication device n Election system n ….