U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Archived Content

In an effort to keep DHS.gov current, the archive contains outdated information that may not reflect current policy or programs.

Moving Target Defense

In the current environment, information technology systems are built to operate in a relatively static configuration. For example, addresses, names, software stacks, networks and various configuration parameters remain more or less the same over long periods of time. This static approach is a legacy of information technology systems designed for simplicity in a time when malicious exploitation of system vulnerabilities was not a concern. 

Motivation

However, the static nature of these systems provides the attacker with an incredible advantage, as adversaries are able to take their time and plan attacks at their leisure.  To counter this threat, CSD funds the Moving Target Defense (MTD) project, which seeks to develop game-changing capabilities that dynamically shift the attack surface, making it more difficult for attackers to strike.  The MTD project also seeks to develop resilient hardware that can continue to function while under attack.

"The Conjurer," painted by Hieronymus Bosch.
Many of the concepts of MTD are perfectly illustrated by the "shell game," also known as "Thimblerig," "Three Shells and a Pea," and the "Old Army Game."  This is a game dating back to Ancient Greece in which a target (usually a pea or ball) is hidden under one of three shells or cups. The object of the game is to find the target after the shells have been moved.

Approach

Moving Target Defense (MTD) is the concept of controlling change across multiple system dimensions in order to increase uncertainty and apparent complexity for attackers, reduce their window of opportunity and increase the costs of their probing and attack efforts. MTD assumes that perfect security is unattainable. Given that starting point, and the assumption that all systems are compromised, research in MTD focuses on enabling the continued safe operation in a compromised environment and to have systems that are defensible rather than perfectly secure.

“[MTD] Enables us to create, analyze, evaluate, and deploy mechanisms and strategies that are diverse and that continually shift and change over time to increase complexity and cost for attackers, limit the exposure of vulnerabilities and opportunities for attack, and increase system resiliency.” – Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program published by the Executive Office of the President, National Science and Technology Council, December 2011

Contact

Program Manager: Edward Rhyne

Email: SandT-Cyber-Liaison@hq.dhs.gov

Performers

Prime: Florida Institute of Technology (FIT) - Federated Command and Control (FC2)

Prime: Carnegie Mellon University Software Engineering Institute (CMU/SEI) - Moving Target Reference Implementation

Prime: Def-Logix - Hardware Enabled Zero Day Protection (HEZDP)

Prime: IBM - Hardware Support for Malware Defense and End-to-End Trust

Prime: Princeton University - Newcache

Last Updated: 01/23/2023
Was this page helpful?
This page was not helpful because the content