Cyber is a Global Team Sport
International partners explore cybersecurity solutions.
U.S. Department of Homeland Security Science and Technology Directorate officials are helping other nations create cyber testbeds that can be linked, forming one large, international virtual laboratory for cyber systems. In addition, they already have in place bilateral agreements with a number of countries and are in discussions with France, Spain, Germany, Mexico and South Korea, which ultimately could expand international cooperation on cybersecurity research and development.
“We’ve used the phrase team sport. Cyber is a global team sport. It’s all about building partnerships and doing collaborative work to try to solve some of the problems we have in cybersecurity,” says Doug Maughan, who directs the Science and Technology (S&T) Directorate’s Cybersecurity Division.
The directorate has bilateral agreements with 13 countries. The agreements cover a range of technological areas, including chemical and biological detection, counter-explosives, border protection, maritime surveillance, cyber, first responders support and resilient systems. They essentially allow two countries to collaborate to develop and deploy technologies. For example, the United Kingdom can invest in a technology being developed in the United States or vice versa. Or, researchers in both countries can work together to develop a system.
The Cybersecurity Division currently is working on projects with nine of the 13 nations and is holding discussions with two more, New Zealand and Spain. It has more than 30 ongoing projects with Australia, Canada, the European Union, Israel, Singapore, Sweden, the Netherlands, New Zealand and the United Kingdom. The division also is working with Japan and South Korea, which have similar agreements in place through the U.S. State Department.
The Defense Technology Experimental Research (DETER) testbed is one project drawing a lot of international attention. Built in partnership with the National Science Foundation, DETER provides the necessary infrastructure networks, tools, methodologies and processes to support testing of emerging and advanced security technologies. The testbed is freely available and has more than 3,000 users in 25 countries.
“The idea behind DETER is that we want researchers doing experiments in cybersecurity, testing new ideas. We don’t want them doing that on the open Internet,” Maughan explains. The last thing officials need is a headline reading “Researcher Funded by DHS Takes Down the Internet,” he quips.
“This is an emulation and simulation environment, with even some live fire, where people can run their new ideas and new tests. It’s a 600-node infrastructure. It can be virtualized and people can do all kinds of security experiments on this testbed. It’s not as big as the Internet, but it tries to mimic the Internet in all the ways that we can,” he elaborates.
Now, Maughan’s team is working to expand DETER into an international capability. “Last year, we open-sourced the base code, and we are now working with Canada, Israel, the United Kingdom and Singapore to try to help them—using our DETER code—to stand up their own national research testbeds,” Maughan offers. “If we have systems in other countries, we can now federate these technologies together and have a testbed that is much larger than just the testbed we now have here in the United States.”
Canada has provided about $1 million in funding for the project and could have the testbed completed this year, Maughan estimates. The United Kingdom and Singapore may not be far behind. “It just depends on the priorities in their countries and their resources. We’re not providing resources to them other than giving them the code base from the DETER project,” Maughan points out.
Meanwhile, Japan partners with Cybersecurity Division officials on the Protected Repository for the Defense of Infrastructure Against Cyber Threats (PREDICT) system, which is intended to provide insights into cyber attack phenomena occurring across the Internet, as well as intelligence on the health of the Internet, including outage detection. PREDICT was initiated to assist technology developers and evaluators in need of real-world data to test the effectiveness of their technologies.
Additionally, the division works with the Netherlands Forensics Institute, which Maughan describes as a quasi-governmental organization. “In forensics, the Netherlands is the best in the world. They’re better than us,” he declares.
The Cybersecurity Division decided to fund malware analysis and memory analysis work at the institute after Secret Service officials visited the Netherlands and were impressed with what they saw. The investment satisfies requirements for the Cybersecurity for Law Enforcement program. “The deliverables will be handed back to us, and we will make them available to our law enforcement partners at the Secret Service and Immigration and Customs Enforcement,” he notes. “They were interested in having us fund the development of this work in the Netherlands because the Netherlands is ahead of us. We didn’t have anything going on, so rather than start from scratch, we’ll put money on the project in the Netherlands and get the technology quicker. That was initiated in 2014, and we expect the project to finish by the end of this year.”
The United Kingdom is the closest cybersecurity partner, Maughan indicates. “In our November meetings with the U.K., there was some discussion about adding new work to our Cybersecurity for Law Enforcement program. They just stood up, in their reorganization of the U.K. government, a new National Crime Agency [NCA]. It’s a consolidation of a lot of their federal and regional law enforcement agencies that they’re trying to coordinate and consolidate. We’re starting to work with the NCA and are looking at some long-term projects to support the law enforcement community,” he says.
Australia is another solid partner. The Cybersecurity Division funded about $1.25 million for the development of a routing security technology known as the Border Gateway Protocol Monitor (BGPmon) at Colorado State University and the University of Oregon. The Australians wanted BGPmon for their Computer Emergency Response Team and received an early version last year. “They’ve provided us some feedback, and this round they’ve come back and added about $160,000 where they want some additional capabilities added into this technology. It’s a win-win for both countries,” Maughan declares.
While all of the agreements are bilateral, some projects take on a multilateral flavor. DETER is one example, but there are others. “In several instances, we’ve ended up with two countries expressing interest in the same project. We have several where it’s us and Canada and Sweden or us and the Netherlands and Sweden. They might not be quite truly multilateral, but they have turned out to be multinational,” he states.
In addition, officials just recently initiated the first project with New Zealand. The S&T Directorate already has an agreement in place with Germany, but the two have not yet begun a cybersecurity project. “They have a different way of doing their government research, and it makes it a little bit difficult for us because of the policies for government-to-government participation. Often, their government organizations hand the execution and management of research to nongovernmental university research centers, and our lawyers don’t like that arrangement,” Maughan reveals.
The possibility of a partnership with Spain and Mexico appears more promising. “Spain has had a big turnaround in their economic activity, and they see cybersecurity as a real future for them,” Maughan states. The first meeting with Spain should occur by the end of April.
“Mexico, too, is now all of sudden waking up to cybersecurity. We’ve only had one conversation with them,” he adds. Maughan also reveals he met with officials from the French embassy in late 2014, but the Cybersecurity Division does not yet have an agreement in place. The S&T Directorate does, however.
On average, Maughan’s team meets with their international counterparts about once a month to review progress and discuss other potential areas of participation. They were scheduled to meet with New Zealand in February and should meet with their Dutch partners next month, followed by Australia in May and Israel in June. “This allows us to help them accelerate the stand up of their research and development activities in cybersecurity. It’s also my belief that in the United States we don’t have all the best ideas either. This allows us to work with other governments to find the best ideas. It doesn’t matter where they’re coming from. We’re really just trying to find the best solutions,” he says.