DHS launching $40 million research initiative on cyber-security
The Department of Homeland Security (DHS) is looking for a few good proposals on cyber-security. In a Broad Agency Announcement (BAA) released on Jan. 26, DHS revealed it has $40 million to fund research and development projects in 14 cyber-security areas.
"Cyber attacks are increasing in frequency and impact," the BAA explained. "Even though these attacks have not yet had a significant impact on our Nation’s critical infrastructures, they have demonstrated that extensive vulnerabilities exist in information systems and networks, with the potential for serious damage."
"The effects of a successful cyber attack might include: serious consequences for major economic and industrial sectors, threats to infrastructure elements such as electric power, and disruption of the response and communications capabilities of first responders," it added.
Registration for submitting white papers for the initiative closed Feb. 16. Papers from registrants need to be submitted by March 1 with the DHS Homeland Security Advanced Research Projects Agency (HSARPA). Authors of white papers that DHS deems "of particular value" will be asked to submit proposals to the agency by May 26.
The 14 technical areas in which DHS is seeking white papers are:
- Software assurance, with a focus on new tools and techniques for software analysis and applying new and existing capabilities in test and evaluation activities;
- Enterprise-level security metrics, with the goal of developing security metrics and supporting tools and techniques to make them practical and useful as decision aids;
- Usable security, with projects in this area focusing on making security measures more palatable to users, and to remove their stigma as a hindrance to productivity;
- Insider threats, with emphasis on areas such as monitoring, detection, deterrence, protection, prediction and reaction;
- Secure, resilient systems and networks, with a stress on system survivability in the face of attacks, failures and accidents;
- Internet attack modeling, with an accent on predicting the effects of cyber attacks on federal government and critical infrastructure;
- Network mapping and measurement, aimed at protecting key infrastructure through technologies such as geographic mapping of Internet resources to GPS locations, mapping ISP peering relationships and detecting and mitigating attacks on routing infrastructure;
- Incident response communities, with emphasis on what makes a person a good member of a cyber-security incident response team;
- Cyber economics, with a focus on costs and benefits of relative concepts of security and reliability in an unavoidably insecure world;
- Digital provenance, with an accent on identifying, authenticating and managing electronic information;
- Hardware-enabled trust, which includes topics such as making hardware that won't execute malware, won't leak information and will be resilient in the face of attack or failure;
- Moving-target defenses, with stress on making systems less static in their configurations, so they'll be more difficult to compromise by intruders;
- Nature-inspired cyber health, with a focus on smarter network components that have a greater awareness of what's going on around them;
- Creation of a Software Assurance MarketPlace (SWAMP) which will offer a software assurance facility and services for application researchers and developers.