The Science & Technology Directorate at the Department of Homeland Security (S&T, DHS) was created at the inception of DHS in 2003. The Directorate has a unique mission. A core part of that mission “is to improve homeland security by working with partners to provide state-of-the-art technology and solutions to achieve their missions.”
Because of the nature of its work and the composition of its personnel – many whom are scientists, researchers, and engineers – the work of S&T at DHS has always been highly collaborative. S&T serves as a catalyst for technological outreach and innovation, especially in the area of public-private partnerships. That collaboration was highly visible at the recent RSA Cybersecurity Conference in San Francisco.
Due to the increasing cyber threat, as evidenced by recent cyber attacks targeting America’s critical infrastructure, DHS’s role in researching and helping develop emerging cybersecurity technologies has been significantly heightened. S&T has significantly invested in incubating cybersecurity “Leap Ahead” technologies, which includes opening an office in Silicon Valley. The Directorate is also helping commercialize promising new cybersecurity and information analytic technologies developed in National Labs, universities, and in commercial industry.
DHS’s S&T public-private partnerships cooperation is exemplified by the work of the Transition to Practice Program (TTP). TTP was created as a result of the White House’s Federal Cybersecurity R & D Strategic Plan as well as the Comprehensive National Cybersecurity Initiative (CNCI) in 2016. The mandate of TTP is to move promising government-funded cybersecurity technologies developed under Department of Energy (DOE) National Labs, Federal Funded Research & Development Centers (FFRDC’s) and universities into the private sector for further development.
According to the DHS “Transition to Practice Technology Guide,” several focus areas cover the critical vulnerability and cybersecurity landscape of the Directorate. These include: 1) internet infrastructure security, 2) critical infrastructure/key resources, 3) national research infrastructure, 4) leap-ahead technologies, 5) cyber security education, 6) identity management, 7) cyber forensics and 8) software assurance.
“Leap-ahead technologies” were certainly a focus at RSA 2018, especially in the areas of artificial intelligence, machine learning, mobility, and automation. Dr. Douglas Maughan, director for S&T’s Cyber Security Division (CSD), leads the Transition to Practice Program and also headed the delegation to RSA. In his March testimony before Congress, he touched on those prevailing RSA themes.
“AI is an integral part of several S&T Cyber Security Division (CSD) research projects funded within current resources, which are using AI and machine learning techniques for a variety of purposes, including but not limited to predictive analysis for malware evolution; enabling defensive techniques to be established ahead of a future malware variant; detecting anomalous network traffic and behaviors to inform cyber defensive decision making; and helping identify, categorize and score various adversarial Telephony Denial of Service (TDoS) techniques,” he said.
While at RSA, S&T featured a booth with a wide array of informational materials on their cybersecurity activities. They also highlighted and demonstrated 13 mature transition-ready technologies ready for pilot deployments and commercialization into the marketplace.
The demonstrations included:
- AI-Analyst: A technology to accelerate cyber-analysis workflow processes.
- Akatosh: A tool that runs automated, real-time forensic analysis of endpoints after malware attacks and other cybersecurity incidents.
- APE: An intrusion-prevention system for Android™ devices.
- Bastille Networks: A solution that detects and localizes radio-frequency (RF) devices and identifies RF-borne threats, vulnerabilities and active attacks.
- Code Dx: An automated application vulnerability management tool.
- Mobile Endpoint Security: An app that automatically detects when a mobile device connects to a new network and runs health checks to ensure the network is behaving properly.
- PEACE: A tool that protects end-point devices in an enterprise network by intercepting all new network connections and vetting them.
- ReCon: A system that analyzes network traffic in real time to identify and block or change privacy leaks using machine learning.
- Red Hat Mobile Application Platform: An integrated platform that enforces end-to-end security for mobile solutions and reduces the cost of maintaining mobile security policies.
- SecureCAST: A cloud-based service that scores telephone calls in real-time to determine if they are authentic, spoofed and/or part of an attack such as Telephony Denial of Service.
- Spoofer: A tool that measures and increases the deployment of Source Address Validation across the global internet.
- StreamWorks: A technology that supports continuous detection of emerging patterns on streaming data.
- Me: An identity management tool that separates log-in capabilities from attribute delivery using blockchain.
Maughan was excited to see the positive response by attendees to both the showcase booth and the demonstrations.
“Cybersecurity is not a government or industry challenge, it’s a team sport. Collaborating with industry is key to securing our nation’s systems and networks,” said Maughan. “Private sector awareness of innovative tools and technologies that can improve an enterprise’s organization is sometimes a struggle; that’s why we’re at RSA. We believe we can provide solutions to make an organization’s networks and systems resilient from adversaries.”
He noted that S&T has transitioned more than 75 cybersecurity technologies to market since 2005, with more on the way.
The ability for the private sector to invest, co-develop and integrate innovative technologies into the cybersecurity marketplace with the public sector will significantly impact progress in threat deterrence and mitigation. Rapid proto-typing, and transitioning, showcasing and providing assistance in commercializing cybersecurity technologies has become increasingly important in the face of growing and more sophisticated cyber threats. DHS S&T’s visibility and activities at RSA 2018 highlighted that mission.