Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

9/10/2014
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Sandia cyber-testing contributes to DHS Transition to Practice

Innovative program will help Labs' cybersecurity portfolio grow

The innovative TTP program, spearheaded by the department’s Science and Technology Directorate (S&T), helps move federally funded cybersecurity technologies into broader use. Getting research discoveries and new technologies over the so-called “valley of death” — the gap between early, promising research on one side and technology that’s in use on the other — is a dire need in the national lab community.

“Moving technologies from the laboratory into actual practice is difficult,” said Steve Hurd, a cybersecurity researcher who helps lead Sandia’s TTP efforts. He said one major reason is that technologies that seem to work in the lab might need fine-tuning or further upgrades in the field.
“So TTP is an inventive attempt to help all the labs improve in this area,” Hurd continued. “It’s paying dividends already by opening doors that will get new innovative cyber defense technologies from Sandia and other laboratories into the hands of industry, academia and other research institutions that can really use them.”

TTP’s methodology is straightforward. Department of Homeland Security's Mike Pozmantier, the program manager for TTP in the S&T Cyber Security Division, conducts events across the country each year that feature cyber technologies developed at Department of Energy (DOE) and Department of Defense (DoD) laboratories and selected for evaluation by DHS. The events are targeted to specific sectors and audiences, including those in the federal government and the high-tech, energy, financial and critical infrastructure sectors.

The goal is to generate interest, initiate conversations and build relationships and business partnerships that get important cyber technologies, including some developed at Sandia, into practice. That could be accomplished through pilot programs with industry, licensing or spinning off of technologies into startup companies through venture capital funding.
To support this process, selected technologies go through testing and evaluation to assess whether they’re ready for a practical pilot test or commercialization. Technology providers also get help readying their technologies for market.

Sandia has key testing and evaluation role
In addition to considering Sandia-developed cyber technologies for transition, DHS uses Sandia’s cybersecurity expertise to test and evaluate TTP technologies developed by other DOE and DoD labs.

“Our main goal is to help make the technologies easier and more cost-effective for end users to adopt, ultimately leading to more effective protection of digital systems,” said Hurd. “We try to discover the areas in the technology that need improvement, then provide specific feedback to the developers.”

Sandia tests in realistic environments, using a wide range of tools, including dynamic testing of executable files in software and the adversarial-based red-teaming, something that Sandia has excelled at for years. “Red teaming” refers to assessments that help customers acquire an independent, objective view of their technologies' weaknesses from the perspectives of a wide variety of potential adversaries.

Sandia is employing two unique capabilities as part of the TTP test and evaluation effort, said project manager Susanna Gordon.

“Our Forensics Analysis Repository for Malware, or FARM, provides a large number of analyzed malware samples that we are using to test technologies intended for enhanced malware analysis,” said Gordon. For technologies intended to run on enterprise-scale networks, Sandia’s researchers are conducting tests using the labs’ Emulytics platforms, which can efficiently emulate and analyze representative enterprise-scale networks, greatly reducing the cost of running at-scale testing.

The test and evaluation team also examines implementation costs and looks for new problems or risks associated with each technology it evaluates.

“Maybe the product successfully addresses some problem. But, to use an analogy, Sandia knows from experience that adding new computer security is not like building another fence,” Gordon said. “What is intended to add additional security to a computer can actually be counterproductive and break the existing security system. Those things have to be considered very carefully.”

Long-lasting value
In TTP’s kickoff year, three cyber technologies were selected from Oak Ridge National Laboratory, two from Pacific Northwest National Laboratory, and one each from Sandia, Lawrence Livermore and Los Alamos labs. When TTP expanded its reach to DoD labs in its second year, two Sandia technologies, SecuritySeal and WeaselBoard, were selected. Now, in its third year, the TTP program again selected two Sandia technologies, the Sandia Cyber Omni Tracker and Network Randomization Tool for Integrated Computer Solutions.

Sandia’s CodeSeal, a year-one TTP-selected technology, is a program that protects critical software from malware and a variety of security gaps. CodeSeal is gaining industry interest from Vir2us, a Bay Area computer security company, and may soon see real-world use scenario at the DOE GridSTAR Center in Philadelphia. The plan, says Sandia business development specialist Craig Smith, is to bring CodeSeal to GridSTAR — embedded into Vir2us’s security suite program, Citadel — to execute on the grid, an activity expected to lead to useful validation data for CodeSeal.

“With successful validation of CodeSeal, we see the opportunity to integrate CodeSeal into Citadel, enhancing Vir2us’s already-impressive lineup of security systems,” said Smith.

“As a Federally Funded Research and Development Center, one of our main objectives is to partner with DHS to improve the nation’s cybersecurity posture in whatever capacity we can best serve,” Hurd said. “We know that any good cyber technology will benefit the entire community, no matter which lab has developed it, and we are pleased to draw on Sandia’s broad and deep cybersecurity expertise to develop new technologies and also to make those of the entire community stronger.”

Sandia National Laboratories is a multi-program laboratory operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corp., for the U.S. Department of Energy’s National Nuclear Security Administration. With main facilities in Albuquerque, N.M., and Livermore, Calif., Sandia has major R&D responsibilities in national security, energy and environmental technologies and economic competitiveness.

Sandia news media contact: Mike Janes, [email protected], (925) 294-2447

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6852
PUBLISHED: 2019-11-20
A CWE-200: Information Exposure vulnerability exists in Modicon Controllers (M340 CPUs, M340 communication modules, Premium CPUs, Premium communication modules, Quantum CPUs, Quantum communication modules - see security notification for specific versions), which could cause the disclosure of FTP har...
CVE-2019-6853
PUBLISHED: 2019-11-20
A CWE-79: Failure to Preserve Web Page Structure vulnerability exists in Andover Continuum (models 9680, 5740 and 5720, bCX4040, bCX9640, 9900, 9940, 9924 and 9702) , which could enable a successful Cross-site Scripting (XSS attack) when using the products web server.
CVE-2013-2092
PUBLISHED: 2019-11-20
Cross-site Scripting (XSS) in Dolibarr ERP/CRM 3.3.1 allows remote attackers to inject arbitrary web script or HTML in functions.lib.php.
CVE-2013-2093
PUBLISHED: 2019-11-20
Dolibarr ERP/CRM 3.3.1 does not properly validate user input in viewimage.php and barcode.lib.php which allows remote attackers to execute arbitrary commands.
CVE-2015-3166
PUBLISHED: 2019-11-20
The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as d...