A team of researchers from the Harris Institute for Assured Information (HIAI) presented at the the Department of Homeland Security's 2017 Cyber Security R&D Showcase and Technical Workshop, July 11-13 in Washington, D.C. Led by Marco Carvalho, Ph.D., the HIAI team in attendance included Professor Thomas Eskridge, Ph.D. and Research Associates Troy Toggweiler and Evan Stoner. Their work, entitled A Federated Command and Control Infrastructure (FC2), aims to enable the semi-automated federation of multiple cyber command-and-control infrastructures, allowing organizations to share information about observed attacks and defensive maneuvers.
Extending Florida Tech’s MIRA agent infrastructure, the FC2 effort is realized in two primary components: a Federation Service to handle federation lifecycle and communication, and a Point of Presence (POP) Agent to handle communication with the enclave and policy enforcement. These components allow multiple organizations—such as businesses or government agencies—to share information about suspicious network activity and work together to block any cyber-attacks. All of the information sharing is controlled by policies configured in each organization's POP, ensuring data is shared only with approved parties.
In the showcase, Florida Tech demonstrated a scenario consisting of four enclaves representing emergency operations centers in Central Florida, each running various sensors and defenses. When an attack happens, it is possible that certain networks are better equipped to defend against them than others. FC2 allows these enclaves to share attack data and defensive information within the federation to help others block the attack. With the FC2 system, enclaves are better protected as they are able to rely on their own knowledge, as well as the knowledge of other participating members. The federated, collaborative environment means better situational awareness and defensive postures for all involved, when compared to their capabilities independently.
The R&D Showcase and Technical Workshop is the federal government’s largest cybersecurity R&D conference, featuring more than 115 presentations spotlighting a combined $250 million of federal funded cybersecurity research and development. Fifteen research areas—including data privacy, distributed denial of service defense, modeling of internet attacks, and insider threat—were spotlighted during the three-day event. The conference is sponsored by the Cyber Security Division (CSD) of the DHS Science and Technology Directorate (S&T) Homeland Security Advanced Research Projects Agency.