DHS To Invest $40 Million On Cybersecurity Research

Inside DHS' Classified Cyber-Coordination Headquarters

Insider threats, botnets and malware, and research to support the Comprehensive National Cyber Initiative (CNCI) are among areas of cybersecurity investment the Department of Homeland Security (DHS) will make in fiscal year 2011.

The DHS Science and Technology Homeland Security Advanced Research Projects Agency (HSARPA) is seeking proposals on 14 areas of cybersecurity research it plans to focus on this year, five of which will contribute to the CNCI, a series of efforts to provide front-line defense against cybersecurity threats, according to a Broad Agency Announcement posted on FedBizOpps.gov. The total value of the acquisition is $40 million.

The DHS has been investing in cybersecurity for a couple of years through HSARPA, and this year shows the agency focusing on both traditional methods of security such as software assurance, enterprise-level security metrics, and network resiliency, as well as more forward-thinking areas of exploration such as making security more user-friendly to worker productivity and network mapping and measurement.

Topics also include areas that became critical security concerns for the government last year, such as insider threats -- highlighted by the Wikileaks scandal -- and creating modeling and analysis capabilities to predict the effects of cyberattacks such as botnets and malware on federal government and other critical infrastructure, interest in which intensified after the discovery of last year's Stuxnet worm.

The technology areas HSARPA will focus on to support CNCI also represent an interest in responding to more contemporary security threats to ensure security being developed can meet future threats.

"The vision of the CNCI research community over the next 10 years is to 'transform the cyber-infrastructure to be resistant to attack so that critical national interests are protected from catastrophic damage and our society can confidently adopt new technological advances,'" HSARPA said in its RFP. "The only long-term solution to the vulnerabilities of today's networking and information technologies is to ensure that future generations of these technologies are designed with security built in from the ground up."

Topics of interest the agency will invest in to support this goal include cyber economics, the financial incentive for hackers to commit cyberattacks; digital provenance, which focuses on the journey of data from origin to consumer; and hardware-enabled trust, which aims to provide more security in computing hardware than exists today.

Other contemporary and future security technologies HSARPA seeks input on include moving-target defense, which goes beyond security for static technology; nature-inspired cyber health, which encourages systems to be aware of and respond to threats inherently; and a software assurance marketplace to create new methods, services, and capabilities in build, test, and analysis phases of software development.

Those interested in submitting ideas have until Feb. 14 to register white papers online, and March 1 to submit white papers. The DHS will take proposals from organizations that submit approved white papers by May 26.