What research does DHS S&T want?
I’m heading up for bidders’ conference for the DHS Science & Technology (S&T) control system security research opportunity in DC tomorrow. It will be interesting to see if they provide any more detail than in the announcement on the applied research they would like to see.
Any great ideas out there?
UPDATE at the event:
About 160 people here at the event chasing $4.5M in research money. I have been so focused on the control systems security world that I didn’t even consider that it is a small percentage of what DHS worries about related to cyber security. Of the nine technical topic areas (TTA to throw another USG acronym out there), only one is specifically related to control systems and two others are closely related. Of course, since IT impacts control systems all areas will have some impact.
- TTA 1 - Detecting and Mitigating Botnets (more interesting given what happened to Estonia. What about a botnet aimed at the bulk electric asset owners?)
- TTA 2 - Composable and Scalable Secure Systems (how do a set of secure of secure devices create a secure and highly available system?)
- TTA 3 - Cyber Security Metrics (what is the risk? a big problem in the control system community, but the TTA is much broader)
- TTA 4 - Network Data Visualization
- TTA 5 - Internet Topography
- TTA 6 - Routing Security Management Tool (Secure alternatives to BGP for Internet routing)
- TTA 7 - Process Control Security (Obviously TTA 7 is aimed at control system. There are two sub-topics: Secure and Reliable Wireless and Real-Time Security Event Assessment and Mitigation.)
- TTA 8 - Data Anonymization (Big issue in information sharing in control systems)
- TTA 9 - Insider Threat Detection and Mitigation (A sophisticated attack designed to misuse or mislead a control system would require specialized knowledge so insiders are one of the serious threat agents.)
UPDATE - It appears likely that more than $4.5M will be available, but it is all based on future year funding which is not yet determined. FY 2008 is not far away so this could go up before the first awards under this BAA.
Author: Dale Peterson
Posted: May 31st, 2007 under DHS.
Comments: 4
Comments
Comment from Jake Brodsky
Time: May 30, 2007, 11:07 pm
Dale, I had to dig a bit to figure out which one of these things it was (BAA-07-09).
I really don’t know what to propose to them. The first hurdle is to figure out how much they actually understand about the subject. I can envision spending money to validate various protocols for security (AGA-12, Authenticated DNP3, etc.). I can also envision spending money to perform Achilles security sweeps on popular control systems gear and to report the results confidentially to the Feds (and possibly to the manufacturer as well).
I can also envision spending money to write up a security guide for control systems use of various OSs out there.
There. That’s a bit of fodder off the top of my head. You’re welcome to use or discard any of it however you like. Good Luck!
Comment from Kevin McGrath
Time: June 11, 2007, 3:53 pm
“Cyber Security Metrics (what is the risk? a big problem in the control system community”
If they’re throwing money around then I think doing anything to give us a real good look at the current risk environment and something to monitor risks going forward, whould be a real nice thing to have, IMHO
Comment from David
Time: June 18, 2007, 1:38 pm
SBIR
http://www.sbir.dhs.gov/SolicitationDownload.asp#3
SB research project that is looking for secure wireless in control systems.
David
Comment from David
Time: June 18, 2007, 1:38 pm
SBIR
http://www.sbir.dhs.gov/SolicitationDownload.asp#5
SB research project that is looking for secure wireless in control systems.
David
Write a comment