Lawrence Livermore National Laboratory

Rethinking Cyber R&D for

Compromised Environments

Jim Brase Lawrence Livermore National Laboratory

Lawrence Livermore National Laboratory

High Performance

Computing

2

Intelligence and Network

Analysis

Chemistry and Materials

Earth and Atmospheric

Science

Nuclear Weapons Science and

Engineering

Laser Science and

Technology

Lawrence Livermore National Laboratory 3

The rapidly evolving Information network environment •No such thing as a perimeter – mobility and cloud – your network is

everywhere •Convergence and proliferation increase attack paths •Growing adversary capabilities – polymorphism, persistence, …

Lawrence Livermore National Laboratory 4

Deterrence is limited •Growing cost asymmetries •Limited attribution – lack of

identity

Prevention is limited •No path to defect-free systems •Global hardware and software

supply chains

Capable adversaries are and will be in our systems and networks

Lawrence Livermore National Laboratory 5

To do this we need new

capabilities

• Situational awareness – Know

the network and its activities at

full-scale and in real-time

• Predict network behaviors - how

the mission will interact with the

network and how defensive

activities will affect it

• Adapt protection and response

for the specific activity,

environment, and threat

resilience

Lawrence Livermore National Laboratory

Developing a new R&D roadmap for mission assurance in

compromised environments

Situational awareness through machine

learning and graph analytics

High-fidelity mission simulation at full-

scale

• Using supercomputers to analyze mission

risk

• How does mission performance degrade if

the network is compromised?

• Predicting the security properties of

complex network systems at full scale

• Cyber situational awareness at scale

• Rapid, continuous, low-impact network

mapping

• Behavioral anomalies in high-speed streams

• Move from perimeter awareness to

awareness over the full network

Thousands of simultaneous real-time

behavioral models

• Real-time active defense measures –

Adapting defenses in real-time to match the

current threat and environment

Lawrence Livermore National Laboratory

Operations are informing the science – but the transition from science back to operations is critical

The DOE/NNSA Labs are working

together to develop government

partnerships to transition R&D in

• Network situational awareness •Low-impact network mapping

•Multisource network characterization

•Real-time anomaly detection

• Predictive network analysis • Simulation for mission risk analysis

• Rapid reverse engineering tools

• Malware fingerprinting and attribution

Lawrence Livermore National Laboratory

Trusted Information

Sharing

Research & Development

Incubation

Expanding the set of

innovators • Access to resources

– computation, data,

tools

• Enable broad

participation in

development

• Managed by UC

Berkeley

Enabling secure

operations • Secure, authenticated

threat information

sharing

• Sharing product and

best practices

experience

Building R&D foundations • Roadmaps for R&D and policy

• Foundational R&D projects –

behavioral analytics, simulation,

vulnerability analysis

Education and outreach • Education and outreach

programs transition concepts

into practice

• Workshops on technology-

policy integration

Education