of Dr. Charles McQueary
Science and Technology Directorate
Department of Homeland Security
Cybersecurity Research and Development
U.S. House of Representatives
Good morning Chairman Boehlert, Congressman Hall and members of
the committee. It is a pleasure for me to accept your invitation
to be with you today to discuss cybersecurity R&D. It is an
honor and great responsibility to lead the Department of Homeland
Security (DHS), Science and Technology Directorate's efforts to
meet the challenges of securing the technology supporting our
nation's information technology infrastructures, often termed
"cyber". An important mission of this Directorate is
to develop and deploy leading technologies and capabilities so
those who serve to secure the homeland can perform effectively
and efficiently - they are my customers. This Directorate will
respond then to the needs and requirements in this area from within
The threats to our
homeland are many. We must constantly monitor these threats and
assess our vulnerabilities to them; develop new or improved capabilities
to counter chemical, biological, radiological, nuclear, explosive
and cyber threats; and mitigate the effects of terrorists attacks
should they occur. The Science and Technology (S&T) Directorate's
program must also enhance all of the Department's missions, whether
or not they are focused on the threat of terrorism.
Throughout the initial
planning process for the S&T Directorate we have been guided
by current threat assessments, our understanding of capabilities
that exist today or that can be expected to appear in the near
term, and, importantly, by the priorities spelled out in the President's
National Strategies for Homeland Security, Physical Protection
of Critical Infrastructures and Key Assets and to Secure Cyberspace.
Thus Science and Technology's
key specific areas of emphasis are to:
1. Develop and deploy
state-of-the-art, high-performance, low-operating-cost systems
to prevent the illicit traffic of radiological / nuclear materials
and weapons into and within the United States.
2. Provide state-of-the-art, high-performance, low-operating-cost
systems to rapidly detect and mitigate the consequences of the
release of biological and chemical agents.
3. Provide state-of-the-art, high-performance, low-operating-cost
systems to detect and prevent illicit high explosives transit
into and within the United States.
4. Enhance missions of all Department operational units through
targeted research, development, test and evaluation, and systems
engineering and development.
5. Develop and provide capabilities for protecting cyber and
other critical infrastructures.
6. Develop capabilities to prevent technology-surprise by anticipating
7. Develop, coordinate and implement technical standards for
chemical, biological, radiological and nuclear countermeasures.
We have requested $803M
in FY04 to provide applied research, development, demonstrations,
and testing of products and systems that address these key areas
of emphasis. This directorate will implement its activities through
focused portfolios that address biological, chemical, radiological
and nuclear, and cyber threats; support the research and development
needs of the operational units of the Department; and receive
innovative input from private industry and academia as well as
national and Federal laboratories. In particular, the Homeland
Security Advanced Research Projects Agency (HSARPA) will have
an essential role in meeting the goals and objectives of the Department
and the Directorate across the range of the portfolios.
Allow me now to specifically
address the Science and Technology Directorate (S&T) response
to critical infrastructure protection concerns, including cybersecurity.
Consistent with law and policy, the operational assistance and
advisory role and responsibilities for certain elements of cybersecurity
resides with the Under Secretary for Information Analysis and
Infrastructure Protection (IAIP). The Undersecretary for S&T
carries the responsibility for ensuring that the necessary research,
development, test and evaluation (RDT&E) activities are carried
out to support the IAIP mission in cybersecurity. In practice,
the term "cybersecurity" is broadly defined within the
community. S&T uses "cybersecurity" to mean securing
the availability, integrity and confidentiality of those services
provided through technology such as hardware and software systems,
connected to public and private networks (i.e., voice, data and
Internet Protocol networks) that support the critical infrastructures.
Our concern with cybersecurity is essentially applied to the technology
that supports the infrastructures. To address cybersecurity concerns,
we recognize that R&D efforts are an element of a larger mosaic
that includes elements such as identification and mitigation of
the threat, industry partnership and compliance, and physical
Today there are many
cybersecurity R&D efforts already underway, and more yet to
be established, that address a range of cybersecurity issues.
These represent opportunities for S&T to leverage existing
work in order to address both those needs and technology gaps
for the Federal government and industry as important to securing
the Homeland. Federal gaps are identified through annual agency
and Inspector General reports required under the Federal Information
Security Management Act. Vulnerability assessments will also help
identify federal gaps. There is a wide array of technologies that
address many needs today not only in government laboratories,
but also throughout the commercial sector. However, the existence
of many hard and currently unsolved problems, and the changing
nature of the threat, will require an ongoing research effort.
We have started the
work of familiarization and coordination across the federal sector.
During the DHS transition and startup period, members of the transition
team began to participate in the Infosec Research Council. Membership
in this council includes DARPA, NIST and NSF; and it is our means
of coordinating with the community on this topic. In addition,
we have been in communication with the Office of Science and Technology
Policy, and will be participating in the interagency R&D coordination
activities of the National Science and Technology Council.
One of S&T's key
areas of emphasis is our role in establishing DHS technical standards,
which will establish DHS performance criteria for acceptable cyber-protection
technologies. Currently, there is a Memorandum of Understanding
presented for signature between DHS and the Technology Administration
at the Department of Commerce; this MOU is an agreement to work
together to develop common standards to support U.S. Industry
and DHS. We will work closely with NIST in this endeavor, and
have a person on staff detailed from NIST to address cybersecurity
programs and standards.
As I noted earlier,
it is this directorate's role to support the needs and requirements
of DHS, in particular those defined by the IAIP Directorate. The
Science and Technology directorate carries the responsibility
for ensuring that the necessary RDT&E activities are carried
out to support the IAIP mission in cybersecurity. To provide an
enduring resource to help meet our mission and responsibilities,
we intend to create a DHS R&D Cybersecurity Center.
The DHS Cybersecurity
R&D Center will team through partnership and cooperation with
NSF and NIST. This center will provide a DHS focus for R&D
activities and leverage the many cybersecurity RDT&E efforts
underway in the defense and intelligence, academic and private
laboratory communities. We see this as critical to coordinate
the resources and efforts across the government R&D community
to accelerate technical capabilities that address DHS priorities.
The center will have
five primary roles or functions, as follows:
- Promoting and coordinating
cybersecurity research, innovation, invention and evaluation
in support of the DHS mission needs. It will develop strategic
research and development programs, and create testing and evaluation
programs to address specific gaps in U.S. cybersecurity capabilities.
For example, a unique feature of the Center will be the utilization
of existing, or the development of new, test beds where cybersecurity
methods, tools, and approaches can be exercised in a controlled
environment and evaluated against common, accepted standards.
Developing the test beds and measurement-performance standards
will be an element of the center's program.
- Providing communication
and coordination among various public and private organizations
dealing with the many diverse aspects of cybersecurity. The
Center will foster national and international cooperation in
creating a robust and defensible cyber infrastructure.
- Supporting the operational
needs of the IAIP directorate relative to vulnerability assessments
and new tools and methods for enhancing cybersecurity.
- Cooperating with
NSF to foster educational programs and curriculum development
to help ensure the nation has the necessary human resources
who possess the requisite knowledge and skills to advance and
secure the nation's cyber infrastructure. This will be done
in conjunction with participating universities who will serve
as a nucleus for creating the next generation of scientists
Although much of the
S&T portfolio will be focused on very difficult problems requiring
extensive research, a portion of the program will be dedicated
to addressing nearer term problems in support of DHS mission requirements.
In addition to establishing the center through FY03 funding, S&T
will begin work on the following specific areas:
- Supporting the U.S.
Secret Service National Threat Assessment Center and CERT/Coordination
Center at Carnegie Mellon University on a comprehensive assessment
of Insider Threats and defense strategies.
- The need to identify
and mitigate the insider threat is critical to the physical
and cyber security plans of the critical infrastructures of
the United States.
- Reducing the ability
of inside actors to assist outside threats will provide increased
security to the critical infrastructures of this country.
- Conducting a feasibility
study for trace-back and geo-location of source attack
- The watch and
warning mission of the IAIP directorate requires the ability
to identify and track the source location of cyber attackers.
- This study will
determine the status of currently available trace-back and
geographical location technology, capability gaps, and potential
- Developing patch
verification technology in support of IAIP's patch management
efforts to accelerate the speed with which cyber-protection
software updates are evaluated, validated, and applied to civilian
- Computer network
attacks have historically exploited known, published vulnerabilities.
All of the infected systems were without the appropriate
patches in time to close the vulnerabilities and ensure
protection. As a result, there was significant economic
impact and resource availability issues to the private businesses
that participate in the critical infrastructure of this
- Many times the
failure to apply the patch was a result of time required
to test the patch against a duplicate of a critical system
to ensure there would be no negative impact on business
or government critical services. The goal of this project
is to provide an efficient, low cost solution to this problem.
- This study will
determine the feasibility of this technology and recommend
potential solutions for further RDT&E.
- Expanding development
of technologies for detecting covert threats that carry the
risk of creating major disruption to critical infrastructures
such as financial systems before they are discovered.
- Existing intrusion
and threat detection systems utilizing signature based identification
often provide false positives or large amounts of log data
so that their effectiveness has diminished in the overall
cybersecurity architecture. The benefits of the next-generation
intrusion detection system will identify and categorize
all intrusions regardless of the threat signature.
- This project
will begin research, development, test and evaluation on
next generation detection systems.
- Conducting a feasibility
study for the scalability and technology application of Secure
Border Gateway Protocol and Secure Domain Name Services.
- The Secure Border
Gateway Protocol and Secure Domain Name Services protocol
seek to secure two vulnerable protocols, on which the movement
of network traffic is depends.
- This study will
determine the feasibility and scalability of these protocols
on existing network infrastructure; and make any recommendations
on the need for further RDT&E if required.
We are therefore taking
steps in S&T to establish key relationships with the major
cybersecurity R&D organizations to provide a focus for DHS
technology innovation and capability development in a new Center,
and have defined initial projects in support of the Secret Service
and IAIP near term needs. As the IAIP Directorate begins to define
its long term goals and needs, we will leverage other federally
funded activities, academia, and private industry to provide solutions.
In closing, I would
like to thank the members of the Science Committee for the opportunity
to speak with you today about the Science and Technology concept
for addressing cybersecurity research and development. We will
work with diligence to partner with the R&D community to address
the needs and requirements of DHS, as well as those gaps that
exist between the many productive projects already developed.
S&T is determined to support the mission of DHS to protect
the critical infrastructures of this nation by working to secure
the technology that supports them.
Mr. Chairman and members
of the Committee, this concludes my prepared statement. I would
be pleased to address any questions you may have.