Federated Security combines several aspects of the former Moving Target Defense (MTD) and Security for Cloud-based Systems projects with the goal of improving cyber-defensive capabilities through the use of cyber intelligence sharing and incorporating various defensive technologies into federations of enterprises. These federations are comprised of various organizations who have voluntarily agreed to join their organization’s network into a defensive federation with other participants, with the goal being to mutually enhance each federation member’s security posture. Federation participants may include but are not limited to government agencies, critical infrastructure owners and operators, national labs, and research & development organizations. Incorporated technologies may use MTD principles to provide capabilities that dynamically shift the attack surface, making it more difficult for hackers to strike.
The static nature of current enterprise systems provides hackers an incredible advantage, allowing them to take their time and plan attacks at their leisure. The previously funded MTD effort sought to develop game-changing capabilities that control change across multiple system dimensions to increase uncertainty and complexity for attackers. The Federated Security project seeks to incorporate MTD technologies into federated environments of enterprises dedicated to enhancing security. Federated Security project efforts address the 2014 DHS Quadrennial Homeland Security Review mission to Safeguard and Secure Cyberspace, the Science and Technology Directorate (S&T)’s Visionary Goal of a Trusted Cyber Future, and the Deter and Adapt Defensive Elements of the 2016 Federal Cybersecurity R&D Strategy Plan (PDF, 52 pages, 950.39 KB).
Many of the technologies incorporated into Federated Security environments operate under the assumption that perfect security is unattainable and the focus should be on enabling continued safe operation in the face of compromise. This project seeks to create an architecture that integrates a wide range of defenses across a diverse array of member organizations that have agreed to participate in a federation where they can collaborate for security purposes but still maintain control and autonomy over their own networks. In these environments, member organizations define the policies under which they agree to membership and the construction and maintenance of each federation is performed automatically by the infrastructure. The development of these federations also provides an opportunity to test various MTD and other defensive technologies that have been developed using S&T funding and demonstrate they can enhance security and provide much-needed protections against known and novel attacks at various levels.
Florida Institute of Technology (FIT): Federated Command and Control Infrastructure for Adaptive Computer Network Security
FIT’s Federated Command and Control (FC2) project’s goal is to improve enterprise-level, cyber-defensive capabilities by automatically enabling contextual and policy-controlled sharing of cyber intelligence and cyber operations. FC2 provides this capability by automatically creating and maintaining federations of enterprises based on their contextual interests or operational domains. FC2 federations provide a seamless and policy-controlled automated way of information sharing, including sharing of threat indicators and defensive maneuvers.
Intelligent Automation Inc. (IAI): Self-shielding Dynamic Network Architecture (SDNA) Federations and Enclave Deployment
IAI is working to integrate its Self-Shielding Dynamic Network Architecture (SDNA)—a network layer MTD—with FIT’s FC2 framework. The resulting technology will be a SDNA-FC2 prototype system that has the potential to protect global cyber-operations. The combined technologies will provide a new set of advanced defense capabilities that will enable runtime obfuscation of segments in the protected network with a fully automated or human-assisted decision engine defining the mission requirements and security objectives.
HRL Laboratories: Cloud-COP
HRL has developed protocols and software that implement resilient and scalable secure multi-party computation (MPC). It now is working to demonstrate how Cloud-COP and the underlying implementation of MPC can be applied to the Application Programming Interfaces (API) of existing distributed systems to strengthen resilience and security in several API application domain. HRL also is integrating this work into FIT’s FC2 framework as a use-case demonstrating how its MPC can improve resilience and security of distributed systems.
S&T Snapshot: S&T Explores a More Dynamic Cybersecurity Approach, August 21, 2018