A Roadmap for Cybersecurity Research: Difference between revisions
| Line 65: | Line 65: | ||
** To what extent can we test real systems? | ** To what extent can we test real systems? | ||
'''The 11 hard problems are:''' | |||
'''The 11 hard problems examined are:''' | |||
===Scalable trustworthy systems=== | ===Scalable trustworthy systems=== | ||
Revision as of 12:52, 8 July 2010
Full Title of Reference
A Roadmap for Cybersecurity Research
Full Citation
Department of Homeland Security, A Roadmap for Cybersecurity Research (2009). Web
Categorization
- Overview: US Government Reports and Documents
- Threats and Actors: Private Critical Infrastructure; Public Critical Infrastructure; States; Terrorists
- Issues: Attribution; Metrics; Privacy; Public-Private Cooperation
- Approaches: Government Organizations
Key Words
Botnet, Civilian Participation, Computer Network Attack, COTS Software, Cyber Crime, Cyber Security as a Public Good, Cyber Terrorism, Department of Homeland Security, Honeypot, Interdependencies, Malware, National Security, Outreach and Collaboration, Privacy Law
Synopsis
This cybersecurity research roadmap is an attempt to begin to define a national R&D agenda that is required to enable us to get ahead of our adversaries and produce the technologies that will protect our information systems and networks into the future. The research, development, test, evaluation, and other life cycle considerations required are far reaching—from technologies that secure individuals and their information to technologies that will ensure that our critical infrastructures are much more resilient. The R&D investments recommended in this roadmap must tackle the vulnerabilities of today and envision those of the future.
The intent of this document is to provide detailed research and development agendas for the future relating to 11 hard problem areas in cybersecurity, for use by agencies of the U.S. Government and other potential R&D funding sources. For each of the problems discussed, the roadmap examines some or all of the following:
- The background of the problem
- What is the problem being addressed?
- What are the potential threats?
- Who are the potential beneficiaries? What are their respective needs?
- What is the current state of the practice?
- What is the status of current research?
- Future directions
- On what categories can we subdivide the topic?
- What are the major research gaps?
- What are some exemplary problems for R&D on this topic?
- What R&D is evolutionary, and what is more basic, higher risk, game changing?
- What resources are required?
- Measures of success
- What needs to be in place for test and evaluation?
- To what extent can we test real systems?
The 11 hard problems examined are:
Scalable trustworthy systems
Growing interconnectedness among existing systems results, in effect, in new composite systems at increasingly large scales. Existing hardware, operating system, networking, and application architectures do not adequately account for combined requirements for security, performance, and usability—confounding attempts to build trustworthy systems on them. As a result, today the security of a system of systems may be drastically less than that of most of its components.
The primary focus of this topic area is scalability that preserves and enhances trustworthiness in real systems. The perceived order of importance for research and development in this topic area is as follows: (1) trustworthiness, (2) composability, and (3) scalability. Thus, the challenge addressed here is threefold: (a) to provide a sound basis for composability that can scale to the development of large and complex trustworthy systems; (b) to stimulate the development of the components, analysis tools, and testbeds required for that effort; and (c) to ensure that trustworthiness evaluations themselves can be composed.
This topic area interacts strongly with enterprise-level metrics (Section 2) and evaluation methodology (Section 3) to provide assurance of trustworthiness.
Enterprise-level metrics (ELMs)
Defining effective metrics for information security (and for trustworthiness more generally) has proven very difficult, even though there is general agreement that such metrics could allow measurement of progress in security measures and at least rough comparisons between systems for security. Metrics underlie and quantify progress in all other roadmap topic areas. We cannot manage what we cannot measure, as the saying goes. However, general community agreement on meaningful metrics has been hard to achieve, partly because of the rapid evolution of information technology (IT), as well as the shifting locus of adversarial action.
Lack of effective ELMs leaves one in the dark about cyberthreats in general. With respect to enterprises as a whole, cybersecurity has been without meaningful measurements and metrics throughout the history of information technology. (Some success has been achieved with specific attributes at the component level.) This lack seriously impedes the ability to make enterprise-wide informed decisions of how to effectively avoid or control innumerable known and unknown threats and risks at every stage of development and operation.
System evaluation life cycle
The security field lacks methods to systematically and cost-effectively evaluate its products in a timely fashion. Without realistic, precise evaluations, the field cannot gauge its progress toward handling security threats, and system procurement is seriously impeded. Evaluations that take longer than the existence of a particular system version are of minimal use. A suitable life cycle methodology would allow us to allocate resources in a more informed manner and enable consistent results across multiple developments and applications.
Systematic, realistic, easy-to-use and standardized evaluation methods are needed to objectively quantify performance of any security artifact [i.e., a protocol, device, architecture or system] and the security of environments where these artifacts are to be deployed, before and after deployment, as well as the performance of proposed solutions. The evaluation techniques should objectively quantify security posture throughout the critical system life cycle. This evaluation should support research, development, and operational decisions, and maximize the impact of the investment.
Combatting insider threats
Cybersecurity measures are often focused on threats from outside an organization, rather than threats posed by untrustworthy individuals inside an organization. Experience has shown that insiders pose significant threats.
The insider threat today is addressed mostly with procedures such as awareness training, background checks, good labor practices, identity management and user authentication, limited audits and network monitoring, two-person controls, application-level profiling and monitoring, and general access controls. However, these procedures are not consistently and stringently applied because of high cost, low motivation, and limited effectiveness.
At a high level, opportunities exist to mitigate insider threats through aggressive profiling and monitoring of users of critical systems, “fishbowling” suspects, “chaffing” data and services users who are not entitled to access, and finally “quarantining” confirmed malevolent actors to contain damage and leaks while collecting actionable counter-intelligence and legally acceptable evidence.
Combatting malware and botnets
Malware refers to a broad class of attack software or hardware that is loaded on machines, typically without the knowledge of the legitimate owner, that compromises the machine to the benefit of an adversary. Present classes of malware include viruses, worms, Trojan horses, spyware, and bot executables. Malware infects systems via many vectors, including propagation from infected machines, tricking users to open tainted files, or getting users to visit malwarepropagating websites. The World Wide Web has become a major vector for malware propagation.
Beyond its nuisance impact, malware can have serious economic and national security consequences. Malware can enable adversary control of critical computing resources, which in turn may lead, for example, to information compromise, disruption and destabilization of infrastructure systems (“denial of control”), and manipulation of financial markets. The potential of malware to compromise confidentiality, integrity, and availability of the Internet and other critical information infrastructures is a serious concern.
Current detection and remediation approaches are losing ground, because it is relatively easy for an adversary (whether sophisticated or not) to alter malware to evade most existing detection approaches. Emerging approaches such as behavior-based detection and semantic malware descriptions have shown promise and are deployed in commercial A/V software. However, new techniques must be developed to keep pace with the development of malware.
Global-scale identity management
Global-scale identity management concerns identifying and authenticating entities such as people, hardware devices, distributed sensors and actuators, and software applications when accessing critical information technology (IT) systems from anywhere. The term global-scale is intended to emphasize the pervasive nature of identities and implies the existence of identities in federated systems that may be beyond the control of any single organization. In this context, global-scale identity management encompasses the establishment of identities, management of credentials, oversight and accountability, scalable revocation, establishment and enforcement of relevant policies, and resolution of potential conflicts.
Our concern here is mainly the IT-oriented aspects of the broad problems of identity and credential management, including authentication, authorization, and accountability. However, we recognize that there will be many trade-offs and privacy implications that will affect identity management. In particular, global-scale identity management may require not only advances in technology, but also open standards, social norms, legal frameworks, and policies for the creation, use, maintenance, and audit of identities and privilege information (e.g., rights or authorizations). Clearly, managing and coordinating people and other entities on a global scale also raises many issues relating to international laws and regulations that must be considered. In addition, the question of when identifying information must be provided is fundamentally a policy question that can and should be considered. In all likelihood, any acceptable concept of global identity management will need to incorporate policies governing release of identifying information.
Survivability of time-critical systems
8. Situational understanding and attack attribution
9. Provenance (relating to information, systems, and hardware)
10. Privacy-aware security
11. Usable security
For each of these hard problems, the roadmap identifies critical needs, gaps in research, and research agenda appropriate for near, medium, and long term attention.
Additional Notes and Highlights
Expertise Required: Technology - Low