Upload
afcea-international
View
1.146
Download
0
Tags:
Embed Size (px)
DESCRIPTION
2011 USSTRATCOM Cyber and Space Symposium Session Seven: Panel: Alternative Futures for Cyber and Space Panelist: Mr. James M. Brase Deputy Program Director for Intelligence Office of Strategic Outcomes Lawrence Livermore National Laboratory
Citation preview
Lawrence Livermore National Laboratory
Rethinking Cyber R&D for
Compromised Environments
Jim Brase Lawrence Livermore National Laboratory
Lawrence Livermore National Laboratory
High Performance
Computing
2
Intelligence and Network
Analysis
Chemistry and Materials
Earth and Atmospheric
Science
Nuclear Weapons Science and
Engineering
Laser Science and
Technology
Lawrence Livermore National Laboratory 3
The rapidly evolving Information network environment •No such thing as a perimeter – mobility and cloud – your network is
everywhere •Convergence and proliferation increase attack paths •Growing adversary capabilities – polymorphism, persistence, …
Lawrence Livermore National Laboratory 4
Deterrence is limited •Growing cost asymmetries •Limited attribution – lack of
identity
Prevention is limited •No path to defect-free systems •Global hardware and software
supply chains
Capable adversaries are and will be in our systems and networks
Lawrence Livermore National Laboratory 5
To do this we need new
capabilities
• Situational awareness – Know
the network and its activities at
full-scale and in real-time
• Predict network behaviors - how
the mission will interact with the
network and how defensive
activities will affect it
• Adapt protection and response
for the specific activity,
environment, and threat
resilience
Lawrence Livermore National Laboratory
Developing a new R&D roadmap for mission assurance in
compromised environments
Situational awareness through machine
learning and graph analytics
High-fidelity mission simulation at full-
scale
• Using supercomputers to analyze mission
risk
• How does mission performance degrade if
the network is compromised?
• Predicting the security properties of
complex network systems at full scale
• Cyber situational awareness at scale
• Rapid, continuous, low-impact network
mapping
• Behavioral anomalies in high-speed streams
• Move from perimeter awareness to
awareness over the full network
Thousands of simultaneous real-time
behavioral models
• Real-time active defense measures –
Adapting defenses in real-time to match the
current threat and environment
Lawrence Livermore National Laboratory
Operations are informing the science – but the transition from science back to operations is critical
The DOE/NNSA Labs are working
together to develop government
partnerships to transition R&D in
• Network situational awareness •Low-impact network mapping
•Multisource network characterization
•Real-time anomaly detection
• Predictive network analysis • Simulation for mission risk analysis
• Rapid reverse engineering tools
• Malware fingerprinting and attribution
Lawrence Livermore National Laboratory
Trusted Information
Sharing
Research & Development
Incubation
Expanding the set of
innovators • Access to resources
– computation, data,
tools
• Enable broad
participation in
development
• Managed by UC
Berkeley
Enabling secure
operations • Secure, authenticated
threat information
sharing
• Sharing product and
best practices
experience
Building R&D foundations • Roadmaps for R&D and policy
• Foundational R&D projects –
behavioral analytics, simulation,
vulnerability analysis
Education and outreach • Education and outreach
programs transition concepts
into practice
• Workshops on technology-
policy integration
Education