Cyber Security Research and Development Center

The Cyber Security R&D Center was established by the Department of Homeland Security in 2004 to develop security technology for protection of the U.S. cyber infrastructure. The Center conducts its work through partnerships between government and private industry, the venture capital community, and the research community.

Recent News

Scientific Foundations of Cybersecurity

In order to encourage the development of the scientific foundations of cybersecurity, the National Security Agency (NSA) established an award for the best scientific cybersecurity paper. The nominations are due by Jan 31, 2013. NSA invites nominations of papers published in fiscal year 2012 (Oct.1,2011 – Sept. 30, 2012) that show an outstanding contribution to cybersecurity science. For more information please see http://cps-vo.org/group/sos/papercompetition

Transition to Practice Technology Demonstration Day

On 9 January 2013, the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) Cyber Security Division will be hosting a Transition to Practice Technology Demonstration Day at the Mayflower Hotel in Washington, DC. This event will feature eight innovative cybersecurity technologies that have been developed at the Department of Energy National Laboratories. During this event, Federal cybersecurity professionals will learn about these new technologies through presentations, demonstrations, and discussions with the research teams that produced these technologies. In addition, attendees may discuss opportunities for piloting the technologies and areas of interest to drive further cybersecurity research.

The TTP program works to identify emerging cybersecurity technologies that were developed with Federal funding and help them transition into products capable of broad utilization. TTP is a result of the White House’s Federal Cybersecurity R&D Strategic Plan as well as the Comprehensive National Cybersecurity Initiative (CNCI).

Registration information, as well as information on who can attend, is available here: https://www.signup4.net/Public/ap.aspx?EID=TRAN111E

Request for Comments on Federal Cybersecurity R&D Strategic Plan

This Request For Comments (RFC) is issued by the Cyber Security and Information Assurance Research and Development Senior Steering Group (SSG) of the Federal Networking and Information Technology Research and Development (NITRD) Program. The SSG is preparing a report to provide an update on technological developments in Federal cybersecurity R&D since the release of the 2011 Federal Cybersecurity Research and Development Strategic Plan. As input to the report, the SSG seeks comments on the progress over the past year in the research areas identified in the strategic plan, the strategic plan’s impact in orienting private sector cybersecurity R&D activities, the successes and challenges in achieving the technological objectives outlined in the plan, and on any nascent or emerging areas in cybersecurity research and development that warrant further focus. Additionally, the comments will be used by the SSG in its assessment of future needs and directions in Federal cybersecurity research and development. Comments are to be submitted to cybersecurity@nitrd.gov, by January 11, 2013.

DHS Science and Technology Directorate Awards 34 Contracts for Cyber Security Research and Development

The Department of Homeland Security Science and Technology Directorate (DHS S&T) has awarded 34 contracts to 29 academic and research organizations for research and development of solutions to cyber security challenges.

The contracts were awarded by the DHS S&T Cyber Security Division (CSD) under Broad Agency Announcement (BAA) 11-02 which solicited proposals in 14 technical topic areas aimed at improving security in federal networks and across the Internet while developing new and enhanced technologies for detecting, preventing and responding to cyber attacks on the nation’s critical information infrastructure. The goal is to develop knowledge products and deployable security solutions that advance the understanding of cyber risks, as directed by the President in the National Strategy to Secure Cyberspace. The full press release can be found here.

CSD 2012 Principal Investigators’ Meeting

In early October 2012, CSD gathered its’ research performers of the 34 funded projects awarded under BAA 11-02, as well as their international co-funding partners, for a kickoff meeting where they were able to discuss how all of the collective work being performed will come together over the lifespan of each project’s research, development and technology transition to significantly advance cyber security. Presentations from the meeting can be found here.

LOGIIC Receives Homeland Security Award

The Automation Federation announces that the U.S. Department of Homeland Security Science & Technology (DHS S&T) Directorate has recognized the work of the Linking the Oil & Gas Industry to Improve Cybersecurity (LOGIIC) consortium, granting it the department’s Under Secretary’s Award for Outstanding Collaboration in Science and Technology. The award is presented to organizations that work across boundaries to deliver better service, value and outcomes for customers, stakeholders and communities.

DHS Makes Available Free Open-source Cybersecurity Software for Government Agencies

The DHS Science and Technology Directorate (S&T) announced on July 19 the validation and availability of an open-source cybersecurity tool for securing information that is shared across the Internet. Government agencies required to use cryptographic software validated to Federal Information Processing Standards (FIPS), will now have access to Open Secure Socket Layer (OpenSSL v2.0), a free, publicly available security software that meets federal security guidelines. “OpenSSL is a widely-used component in many software security applications,” said Luke Berndt, DHS program manager for the Homeland Open Security Technology (HOST) program. The mission of the HOST program is to identify viable and sustainable open source solutions that support national cybersecurity objectives. “With this program available for government use, the nation’s critical online information will be safer while the government will find greater cost savings.”

The National Institute of Standards and Technology validated the Open SSL using the FIPS 140-2 security standard for testing cryptographic modules. This validation is required for cryptography used to protect sensitive or valuable data within the federal government. The validation process was funded by DHS S&T and other government agency and private sector partners.

“DHS S&T’s investment in the validation process for OpenSSL will help government users access the latest security software, and allow software developers to integrate OpenSSL into the products they offer to government clients,” said Berndt. “This collaborative effort is a great example of how government and industry can both benefit from the use of open source software.”

More information about the new FIPS 140-2 validated OpenSSL module is available at http://openssl.org.

Department of Homeland Security Releases Blueprint for a Secure Cyber Future

On December 12, 2011, Department of Homeland Security Secretary Janet Napolitano announced the release of the Blueprint for a Secure Cyber Future: The Cybersecurity Strategy for the Homeland Security Enterprise. See her blog post at blog.dhs.gov.

OSTP Releases Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program Document

On December 6, 2011, Office of Science and Technology Policy (OSTP) released the “Trustworthy Cyberspace: Strategic Plan for Federal Cybersecurity Research and Development Program” document. This document serves as a road map to ensure long-term reliability and trustworthiness of the digital communications network that is increasingly at the heart of American economic growth and global competitiveness.

DHS S&T Cyber Security Receives National Cybersecurity Innovation Award

On October 11, 2011, the Cyber Security Division (CSD) of the DHS Science and Technology Directorate(S&T) received a National Cybersecurity Innovation Award at the Sans Institute’s Second Annual National Cybersecurity Innovation Conference for the Domain Name System Security Extensions (DNSSEC) project. DNSSEC technology protects the public by ensuring that websites visited are the real deal and not imposters. Phony websites aim to steal users’ log-in names, passwords, and money, and DNSSEC technology helps prevent such thefts by blocking bogus page elements and flagging pages whose DNS identity has been hijacked.

In the award category Building a Federal Cybersecurity Research Program that Results in Substantial Cyber Risk Reduction, S&T Cyber Security was recognized for its innovation in promoting “[r]esearch that pays off through a process that continually calls upon researchers to focus on work that can result in real products and real risk reduction.” Moreover, the award, presented by United States Cybersecurity Coordinator Howard Schmidt, noted that the CSD’s approach “has forced the R&D community to think beyond the theoretical to consider a more practical horizon.” S&T’s DNSSEC project is managed by Edward Rhyne.

Cyber Security HOST Project Receives Open Source for America Award

On October 11, 2011, at FedTalks 2011, it was announced that the S&T Cyber Security Division’s Homeland Open Security Technology (HOST) project had been awarded the Open Source for America (OSFA) 2011 Government Deployment Open Source Award. The OSFA Awards recognize projects, individuals, and deployments that support OSFA’s mission to educate decision makers in the federal government about the advantages of using free and open-source software, encourage federal agencies to give equal priority to procuring free and open-source software in all of their procurement decisions, and provide an effective voice to the federal government on behalf of the open-source software community, private industry, academia, and other nonprofits.

Managed by CSD’s Luke Berndt, the S&T HOST project is bringing together technology leaders from across government and developing advanced open source security solutions that address their prioritized gaps. The development of the open source intrusion detection system, Suricata, was sponsored through this project and is now being sustainably maintained by industry through a non-profit foundation. The HOST project is piloting this technology within the government and working to identify best practices and other priority areas for future development. HOST is also openly promoting the adoption of open source solutions at every level of government.

President Barack Obama declares October National Cybersecurity Awareness Month

On October 3, 2011, President Obama issued a proclamation declaring October National Cybersecurity Awareness Month. The proclamation describes the National Strategy for Trusted Identities in Cyberspace, and calls upon the people of the United States to recognize the importance of cybersecurity and to observe October with activities, events, and trainings that will enhance our national security and resilience.

Georgia Tech to Lead $10M Open-Source Homeland Security Initiative

The U.S. Department of Homeland Security (DHS) Science and Technology (S&T) Directorate has named the Georgia Tech Research Institute (GTRI) to lead implementation efforts for the five-year, $10 million Homeland Open Security Technology (HOST) program. The HOST program will investigate open source and open cyber security methods, models and technologies, and identify viable and sustainable approaches that support national cyber security objectives. This was noted by Government Computer News, InnovationNewsDaily, PC Magazine, and other media.

Administration Announces International Strategy for Cyberspace

On May 16, 2011, the Obama Administration announced the United States’ first, comprehensive International Strategy for Cyberspace. Howard Schmidt, the White House Cybersecurity Coordinator, said that the International Strategy is a historic policy document for the 21st Century — one that explains, for audiences at home and abroad, what the U.S. stands for internationally in cyberspace, and how we plan to build prosperity, enhance security, and safeguard openness in our increasingly networked world. The International Strategy lays out the President’s vision for the future of the Internet, and sets an agenda for partnering with other nations and peoples to achieve that vision.

Administration Releases Strategy to Protect Online Consumers and Support Innovation

On April 15, 2011, the Obama Administration released the National Strategy for Trusted Identities in Cyberspace (NSTIC), which seeks to better protect consumers from fraud and identity theft, enhance individuals’ privacy, and foster economic growth by enabling industry both to move more services online and to create innovative new services. The NSTIC aims to make online transactions more trustworthy, thereby giving businesses and consumers more confidence in conducting business online.