COMMENTARY

5 game-changing ideas for federal cyber R&D

Included among the 12 initiatives of Homeland Security Presidential Directive 23/National Security Presidential Directive 54, popularly known as the Comprehensive National Cybersecurity Initiative, was the "Leap-Ahead R&D & Coordination" initiative.

As the title implied, this CNCI initiative was intended to kick-start research and development efforts in game-changing cyber technologies. Now known as the National Cyber Leap Year (NCLY) initiative, the official charge is "to transform the cyber infrastructure so that critical national interests are protected from catastrophic damage and our society can confidently adopt new technological advances."

The initiative is intended to develop strategies and programs to enhance the component of government research (unclassified as well as classified) and development portfolio by involving public, private and academic research communities to help solve difficult problems that require “out of the box” thinking.


Listen to an ISC(2) podcast on federal cyber R&D.


The White House Office of Science and Technology Policy and the Networking and Information Technology R&D Program Senior Steering Group kick-started their efforts by asking the research community for technical proposals to plausible changes to the current cybersecurity landscape.

More than 200 responses were submitted to three “requests for input.” The responses were then synthesized, resulting in the following five categories that demonstrate game-changing potential:

1. Digital Provenance — basing trust decisions on verified assertions.

2. Moving-target Defense — attacks only work once if at all.

3. Hardware-enabled Trust — knowing when we’ve been had.

4. Health-inspired Network Defense — move from forensics to real-time diagnosis.

5. Cyber Economics — crime doesn’t pay.

According to the NCLY Program Development Framework, summaries of these five game-changers are:

1. Digital Provenance — basing trust decisions on verified assertions.

As the definition implies, this game-changer seeks to reduce the energy expended in discovering whether to trust digital objects for any intended purpose. The technological manifestations of this could include: Caller ID for e-mail, application whitelisting, authoritative patching, cyber Identification Friend or Foe, anonymity-preserving credentials, and adaptive trust policies.

The urgency of this game-changer is to address the growing clamor for the basic security guarantees fundamental to e-commerce. Many of the technical building blocks for Digital Provenance are in-place: cryptography as the core enabler, mechanisms for signing and binding metadata to content, public-key infrastructures, e-mail directory constructs, and digital rights management.

2. Moving-Target Defense — attacks only work once if at all.

Currently attackers are winning the cyberspace battle by taking advantage of the relatively static nature of our systems. This game-changer proposes a new tactic where we win by increasing the randomness or decreasing the predictability of our systems.

Technological manifestations include: nonpersistent environments, randomized execution of code, utility computing decoupled from enterprise data assets, randomized network and host identities, randomizing compilers, dynamic address spaces, and adopting new technology faster than bad guys can figure out flaws.

There are several enabling environmental factors for this game-changer including the following: virtualization has moved from the server to the desktop, reducing start-up costs; multicore processors are ubiquitous; cloud computing emerging; need to integrate new functionality faster than it can be secured. The technical underpinnings are mostly in place across industry and include fault tolerance enabled by multiple cores; decade of experience with virtualization; hardware supports for virtualization in Intel chip set; mature research in avoiding memory-based attacks.3. Hardware-Enabled Trust — knowing when we’ve been had.

Since current machines have no way to notify us that they have been compromised, we are faced with the difficulty of having to deploy impregnable systems. Hardware-enabled trust would allow us to persistently monitor our assets for changes in trustworthiness by embedding tamper-resistant roots of trust in the architecture.

The technological manifestations could include: trusted boot, Trusted Platform Module-enabled applications, measurement and attestation, and integrity-breach alarms. Several enabling environmental factors exist for this game-changer to include: the fact that most modern PCs now have a trusted execution chip set; root-kit detection is not very robust and the attack is commonplace; Trusted Computing Group has a wide set of members.

In addition, the following technical considerations are also enhancers: TCG ideas are good and have government expertise inside; Intel has put a lot of work into the TPM and other hardware supports for trust; encouraging advancements in field-programmable gate arrays.

4. Health-Inspired Network Defense — move from forensics to real-time diagnosis.

Currently, weeks and months can elapse before successful network penetrations are detected through laborious forensic analysis. This game-changer would allow network components to have a heightened ability to observe and record what is happening to and around them.

The technological manifestations could include: the ability to automatically detect denial of service attacks, the ability to find and stop propagation of botnets, and the ability to support user intent. The technical environment is an enabler from the following perspectives: with the spread of virtualized desktops and cloud computing, the network boundary itself is now virtual; hardware switches and routers will increasingly utilize software mechanisms, completely opening up the previously ossified world of network protocols to redesign; there is room for both old and new protocols to co-exist.

5. Cyber Economics — crime doesn’t pay.

Currently, both cyber crime and cyber espionage are quite lucrative and very attractive because the cost to engage in them is very small compared to the return on investment. This idea seeks to even the odds and make cyber malefactors take more risk at a lower rate of return.

Manifestations include: the theory of cyber risk markets, incentives, disincentives and value chains; market alignment; key value chain points where cost should be introduced; and the impact of immediate law enforcement at key points. The urgency is immediate, as cyber crime losses are reaching intolerable levels. The enabling technical underpinnings include the recent advancements in attribution and forensics, and better understanding of patterns of illicit actions and behaviors.

In closing, federal chief information security officers should take tremendous comfort, if not be outright excited, about the possibilities once these NCLY game-changers are brought to fruition.

Being able to support the core-mission, essential functions of our respective federal agencies by having technologies that facilitate trust-based decisions on verified assertions — operating in large heterogeneous IT environments where attacks work only once, if at all — and having the capability to be notified in real-time of successful attacks because we’ve moved our cyber operations model from forensics to real-time diagnosis equipped with the a diminished cyber economic landscape, would be “near nirvana” for not just federal CISOs but the overall CISO community.



 

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above