WASHINGTON— Five research organizations were awarded separate contracts totaling $11,511,565 to develop new methods to identify and attribute Network/Internet-scale Disruptive Events (NIDEs), the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced today.
Disrupted internet connectivity may significantly impact critical infrastructure systems, such as energy and water systems, the finance sector, commerce, and public safety and emergency communications systems, as well as other essential systems on which society is dependent. Despite the impact of NIDEs, there is a lack of any rigorous understanding of internet outages or sufficient tools for their systemic and timely identification.
“Successfully defending critical infrastructure systems requires providing owners and operators the capabilities to monitor, identify and defend against network/internet disruptive events,” said William N. Bryan, Senior Official Performing the Duties of the Under Secretary for Science and Technology. “These research and development efforts will significantly enhance our ability to spot and thwart attacks on the nation’s critical systems.”
S&T’s newly established Predict, Assess Risk, Identify (and Mitigate) Disruptive Internet-scale Network Events (PARIDINE) project is working to develop innovative technologies that will provide systems and capabilities to identify, classify, and report NIDES. The research will also provide attribution for NIDEs, including a measure of the confidence. This project already has several potential customers including the Federal Communications Commission and DHS’ National Protection and Programs Directorate’s Office of Emergency Communications.
“Each of the selected organizations have proposed innovative approaches that will significantly advance the ability of network defenders to detect NIDEs and take steps to mitigate the impact of the attacks,” said S&T Program Manager Dr. Ann Cox. “Once launched, these solutions will help tilt the playing field in the favor of network defenders.”
Five organizations were selected under the PARIDINE solicitation:
- Center for Applied Internet Data Analysis (CAIDA), University of California, San Diego, $3,000,000 for Internet Outage Detection and Analysis -Next Phase (IODA-NP): Multi-source Real-time Detection of Macroscopic Internet Connectivity Disruption—CAIDA will work to define a rigorous framework to perform near real-time monitoring of the internet for NIDEs. Additionally, IODA-NP’s real world capabilities and limitations will identify and evaluate application-programming interfaces (APIs) to facilitate integration with various systems.
- SecureLogix, San Antonio, Texas, $1,876,247 for NIDE Detection in Public Safety and Communication Networks—SecureLogix’s effort will focus on making the nation’s 911 and other public safety and emergency communications systems more secure from NIDEs—an area in which little research has been previously conducted. This effort will identify a taxonomy of NIDEs that affect 911 and public safety, define additional NIDEs that affect all communication systems and define analysis methodologies based on the capabilities of existing sensors that can detect high-level and detailed NIDEs. The research also will identify the major types of NIDEs at an individual Public Safety Answering Point as well as at the regional and national levels. Major types of NIDEs include cellular jamming, network failures and telephony denial of service attacks—all of which can be difficult to differentiate from legitimate call floods prompted by natural disasters and other wide-scale emergency-response events.
- Two Six Labs, Arlington, Virginia, $3,220,125 for Attribution and Research of Characteristics Underlying Disruptive Event Scenarios (ARCUS) —Two Six Labs will develop a framework to detect NIDEs within a network or system. The effort will take a novel approach to the identification and attribution of NIDEs and how they may impact the performance and security of critical infrastructure, with a focus on three types of NIDEs that separately impact entire Classless Inter-Domain Routing, financial systems and transportation systems. It also will take a rigorous approach to answering policy-relevant questions about NIDEs and their broader effects on national security, the economy and society.
- University of Southern California Information Sciences Institute (USC-ISI), Los Angeles, California, $2,842,232 for Detecting, Interpreting, and Validating from Outside, In, and Control, Disruptive Events—USC-ISI is working to develop root-cause attribution of NIDEs through an understanding of multiple levels of the network stack. The effort will initiate new NIDE detection methods and systems that would operate at the routing, network and application layers. The goal is to develop open-source tools that generate information about NIDEs, datasets that summarizes historical events, and services for both APIs and websites that allow others to programmatically and interactively work with this data.
- The University of Waikato, Hamilton, New Zealand, $672,961 for Recording Router Reboots for Rating Reliability and Reachability—The University of Waikato will develop a system for internet-scale monitoring of router-reboots and their impact on Border Gateway Protocol routing and reachability. This effort will develop a method to conduct internet measurement and analysis for cybersecurity assessments quantifying and reporting the dependence of inter-domain routing on individual routers and employ an active probing technique. The effort encompasses applied research, software development, operations and maintenance, and development of an API that will allow third-party analyses.
S&T’s cybersecurity mission is to enhance the security and resilience of the nation’s critical information infrastructure and the internet by developing and delivering new technologies, tools, solutions and techniques to defend against cyberattacks. S&T’s cybersecurity R&D program conducts and supports technology transitions and leads and coordinates R&D among the cybersecurity community, which includes DHS components, government agencies, the private sector and international partners. For more information about S&T’s cybersecurity initiatives, visit https://www.dhs.gov/cyber-research.