IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

Google Ads

Statement of Dr. Charles McQueary
Under Secretary
Science and Technology Directorate
Department of Homeland Security

May 14, 2003
Cybersecurity Research and Development
Science Committee
U.S. House of Representatives

Good morning Chairman Boehlert, Congressman Hall and members of the committee. It is a pleasure for me to accept your invitation to be with you today to discuss cybersecurity R&D. It is an honor and great responsibility to lead the Department of Homeland Security (DHS), Science and Technology Directorate's efforts to meet the challenges of securing the technology supporting our nation's information technology infrastructures, often termed "cyber". An important mission of this Directorate is to develop and deploy leading technologies and capabilities so those who serve to secure the homeland can perform effectively and efficiently - they are my customers. This Directorate will respond then to the needs and requirements in this area from within the department.

The threats to our homeland are many. We must constantly monitor these threats and assess our vulnerabilities to them; develop new or improved capabilities to counter chemical, biological, radiological, nuclear, explosive and cyber threats; and mitigate the effects of terrorists attacks should they occur. The Science and Technology (S&T) Directorate's program must also enhance all of the Department's missions, whether or not they are focused on the threat of terrorism.

Throughout the initial planning process for the S&T Directorate we have been guided by current threat assessments, our understanding of capabilities that exist today or that can be expected to appear in the near term, and, importantly, by the priorities spelled out in the President's National Strategies for Homeland Security, Physical Protection of Critical Infrastructures and Key Assets and to Secure Cyberspace.

Thus Science and Technology's key specific areas of emphasis are to:

1. Develop and deploy state-of-the-art, high-performance, low-operating-cost systems to prevent the illicit traffic of radiological / nuclear materials and weapons into and within the United States.
2. Provide state-of-the-art, high-performance, low-operating-cost systems to rapidly detect and mitigate the consequences of the release of biological and chemical agents.
3. Provide state-of-the-art, high-performance, low-operating-cost systems to detect and prevent illicit high explosives transit into and within the United States.
4. Enhance missions of all Department operational units through targeted research, development, test and evaluation, and systems engineering and development.
5. Develop and provide capabilities for protecting cyber and other critical infrastructures.
6. Develop capabilities to prevent technology-surprise by anticipating emerging threats.
7. Develop, coordinate and implement technical standards for chemical, biological, radiological and nuclear countermeasures.

We have requested $803M in FY04 to provide applied research, development, demonstrations, and testing of products and systems that address these key areas of emphasis. This directorate will implement its activities through focused portfolios that address biological, chemical, radiological and nuclear, and cyber threats; support the research and development needs of the operational units of the Department; and receive innovative input from private industry and academia as well as national and Federal laboratories. In particular, the Homeland Security Advanced Research Projects Agency (HSARPA) will have an essential role in meeting the goals and objectives of the Department and the Directorate across the range of the portfolios.

Allow me now to specifically address the Science and Technology Directorate (S&T) response to critical infrastructure protection concerns, including cybersecurity. Consistent with law and policy, the operational assistance and advisory role and responsibilities for certain elements of cybersecurity resides with the Under Secretary for Information Analysis and Infrastructure Protection (IAIP). The Undersecretary for S&T carries the responsibility for ensuring that the necessary research, development, test and evaluation (RDT&E) activities are carried out to support the IAIP mission in cybersecurity. In practice, the term "cybersecurity" is broadly defined within the community. S&T uses "cybersecurity" to mean securing the availability, integrity and confidentiality of those services provided through technology such as hardware and software systems, connected to public and private networks (i.e., voice, data and Internet Protocol networks) that support the critical infrastructures. Our concern with cybersecurity is essentially applied to the technology that supports the infrastructures. To address cybersecurity concerns, we recognize that R&D efforts are an element of a larger mosaic that includes elements such as identification and mitigation of the threat, industry partnership and compliance, and physical security.

Today there are many cybersecurity R&D efforts already underway, and more yet to be established, that address a range of cybersecurity issues. These represent opportunities for S&T to leverage existing work in order to address both those needs and technology gaps for the Federal government and industry as important to securing the Homeland. Federal gaps are identified through annual agency and Inspector General reports required under the Federal Information Security Management Act. Vulnerability assessments will also help identify federal gaps. There is a wide array of technologies that address many needs today not only in government laboratories, but also throughout the commercial sector. However, the existence of many hard and currently unsolved problems, and the changing nature of the threat, will require an ongoing research effort.

We have started the work of familiarization and coordination across the federal sector. During the DHS transition and startup period, members of the transition team began to participate in the Infosec Research Council. Membership in this council includes DARPA, NIST and NSF; and it is our means of coordinating with the community on this topic. In addition, we have been in communication with the Office of Science and Technology Policy, and will be participating in the interagency R&D coordination activities of the National Science and Technology Council.

One of S&T's key areas of emphasis is our role in establishing DHS technical standards, which will establish DHS performance criteria for acceptable cyber-protection technologies. Currently, there is a Memorandum of Understanding presented for signature between DHS and the Technology Administration at the Department of Commerce; this MOU is an agreement to work together to develop common standards to support U.S. Industry and DHS. We will work closely with NIST in this endeavor, and have a person on staff detailed from NIST to address cybersecurity programs and standards.

As I noted earlier, it is this directorate's role to support the needs and requirements of DHS, in particular those defined by the IAIP Directorate. The Science and Technology directorate carries the responsibility for ensuring that the necessary RDT&E activities are carried out to support the IAIP mission in cybersecurity. To provide an enduring resource to help meet our mission and responsibilities, we intend to create a DHS R&D Cybersecurity Center.

The DHS Cybersecurity R&D Center will team through partnership and cooperation with NSF and NIST. This center will provide a DHS focus for R&D activities and leverage the many cybersecurity RDT&E efforts underway in the defense and intelligence, academic and private laboratory communities. We see this as critical to coordinate the resources and efforts across the government R&D community to accelerate technical capabilities that address DHS priorities.

The center will have five primary roles or functions, as follows:

  • Promoting and coordinating cybersecurity research, innovation, invention and evaluation in support of the DHS mission needs. It will develop strategic research and development programs, and create testing and evaluation programs to address specific gaps in U.S. cybersecurity capabilities. For example, a unique feature of the Center will be the utilization of existing, or the development of new, test beds where cybersecurity methods, tools, and approaches can be exercised in a controlled environment and evaluated against common, accepted standards. Developing the test beds and measurement-performance standards will be an element of the center's program.

  • Providing communication and coordination among various public and private organizations dealing with the many diverse aspects of cybersecurity. The Center will foster national and international cooperation in creating a robust and defensible cyber infrastructure.

  • Supporting the operational needs of the IAIP directorate relative to vulnerability assessments and new tools and methods for enhancing cybersecurity.

  • Cooperating with NSF to foster educational programs and curriculum development to help ensure the nation has the necessary human resources who possess the requisite knowledge and skills to advance and secure the nation's cyber infrastructure. This will be done in conjunction with participating universities who will serve as a nucleus for creating the next generation of scientists and engineers.

Although much of the S&T portfolio will be focused on very difficult problems requiring extensive research, a portion of the program will be dedicated to addressing nearer term problems in support of DHS mission requirements. In addition to establishing the center through FY03 funding, S&T will begin work on the following specific areas:

  • Supporting the U.S. Secret Service National Threat Assessment Center and CERT/Coordination Center at Carnegie Mellon University on a comprehensive assessment of Insider Threats and defense strategies.

    • The need to identify and mitigate the insider threat is critical to the physical and cyber security plans of the critical infrastructures of the United States.
    • Reducing the ability of inside actors to assist outside threats will provide increased security to the critical infrastructures of this country.

  • Conducting a feasibility study for trace-back and geo-location of source attack

    • The watch and warning mission of the IAIP directorate requires the ability to identify and track the source location of cyber attackers.
    • This study will determine the status of currently available trace-back and geographical location technology, capability gaps, and potential policy implications.

  • Developing patch verification technology in support of IAIP's patch management efforts to accelerate the speed with which cyber-protection software updates are evaluated, validated, and applied to civilian organizations.

    • Computer network attacks have historically exploited known, published vulnerabilities. All of the infected systems were without the appropriate patches in time to close the vulnerabilities and ensure protection. As a result, there was significant economic impact and resource availability issues to the private businesses that participate in the critical infrastructure of this country.
    • Many times the failure to apply the patch was a result of time required to test the patch against a duplicate of a critical system to ensure there would be no negative impact on business or government critical services. The goal of this project is to provide an efficient, low cost solution to this problem.
    • This study will determine the feasibility of this technology and recommend potential solutions for further RDT&E.

  • Expanding development of technologies for detecting covert threats that carry the risk of creating major disruption to critical infrastructures such as financial systems before they are discovered.

    • Existing intrusion and threat detection systems utilizing signature based identification often provide false positives or large amounts of log data so that their effectiveness has diminished in the overall cybersecurity architecture. The benefits of the next-generation intrusion detection system will identify and categorize all intrusions regardless of the threat signature.
    • This project will begin research, development, test and evaluation on next generation detection systems.

  • Conducting a feasibility study for the scalability and technology application of Secure Border Gateway Protocol and Secure Domain Name Services.

    • The Secure Border Gateway Protocol and Secure Domain Name Services protocol seek to secure two vulnerable protocols, on which the movement of network traffic is depends.
    • This study will determine the feasibility and scalability of these protocols on existing network infrastructure; and make any recommendations on the need for further RDT&E if required.

We are therefore taking steps in S&T to establish key relationships with the major cybersecurity R&D organizations to provide a focus for DHS technology innovation and capability development in a new Center, and have defined initial projects in support of the Secret Service and IAIP near term needs. As the IAIP Directorate begins to define its long term goals and needs, we will leverage other federally funded activities, academia, and private industry to provide solutions.

In closing, I would like to thank the members of the Science Committee for the opportunity to speak with you today about the Science and Technology concept for addressing cybersecurity research and development. We will work with diligence to partner with the R&D community to address the needs and requirements of DHS, as well as those gaps that exist between the many productive projects already developed. S&T is determined to support the mission of DHS to protect the critical infrastructures of this nation by working to secure the technology that supports them.

Mr. Chairman and members of the Committee, this concludes my prepared statement. I would be pleased to address any questions you may have.

IWS Mailing Lists

Mailing Lists Overview