Transcription
FEB 2020CYBERSECURITY & INFRASTRUCTURE SECURITY ISA Strategic IntentiCISA Strategic Intent
Chief Technology OfficerCISA Colleagues and Partners,As a relatively new agency, CISA has the opportunity to stand up a straightforward, repeatable,and transparent technology investment strategy. Our annual Strategic Technology Roadmap (STR)aims to do just that and I’m hopeful this Overview publication allows you to grasp where we areheaded with STR Version 2 (STRv2). Over the next few pages, we’ll discuss technology capabilitiesin development, desired future capabilities, and provide a forecast of the technologies CISA willlook to investing in beyond 2025.CISA’s mission is to lead the national effort in understanding and managing cyber and physicalrisk. Guiding CISA technology investment towards the right mix of technology capabilities tobest serve this mission is an evolving challenge. The STR serves as an annual touchstone forthis challenge by identifying the technologies receiving current investments and revealing theopportunity areas for future growth.On an annual basis, the STR examines how CISA defends today and secures tomorrow. Tounderstand how we defend today, the STR provides:1A detailed look of all capability deployments and enhancements (CD&Es) planned by CISAlevel 1 acquisition programs;2An integrated view across program roadmaps; and3Bridging terminology for the cross-program CD&Es where nuances in program lexiconmake it difficult to understand capability similarities and differences.STRv2 reveals to CISA and our partners the technology demand areas not being met by ourinvestment through 2024. It does this by comparing current and near-term CISA technologyinvestment with an analysis of technical security assessments produced by CISA and ourgovernment and industry partners. STRv2 identifies 14 new demand areas, 11 of which alignto 27 candidate active R&D projects. The three unmet technology demand areas representopportunities for collaboration with our colleagues and partners to fulfill those technology needs.Looking to the future —the “securing tomorrow” element of our mission—we wrap up STRv2with our projections of what capabilities CISA may have equities in developing beyond the 2025horizon. Though some may sound like science fiction, the potential for their actualization is thereand CISA needs to be ready to embrace their development. We welcome collaboration effortsfrom our colleagues and partners on these exciting future possibilities.Brian GattoniCISA Chief Technology OfficerCISA Strategic Technology Roadmap Overview1CISA Strategic Technology Roadmap Overview
INTRODUCTIONThis overview lays out the purpose of the 100 page CISA Strategic TechnologyRoadmap (STR) publication. Specifically, it identifies the priorities of STR version2, 2020-2024 (STRv2) for organizations who are planning to develop candidatetechnologies to meet CISA capability demands. Additionally, it provides a highlevel summary of STRv2—a publication that is critical to informing programs andharmonizing the CISA technology investment within the 2020 to 2024 timeframe.The STR—created in alignment with key CISA strategic planning documents—guidesCISA technology investment toward achieving the agency’s tailored capability goals ofaligning and integrating our technology. This overview provides high-level summaries ofthe STR’s four sections:CAPABILITY ROADMAPSCAPABILITY DEMANDSPresents an integrated view—across CISAlevel 1 acquisition program roadmaps—thatsurveys the 93 CISA capability deploymentsand enhancements (CD&Es)—either currently under development or planned for thenext five years. It places the 93 CD&Es into8 topic categories and maps them to the 5NIST cybersecurity framework functions.Identifies new capability demands not already addressed by CD&Es in the CapabilityRoadmaps section. CISA identified thesecapability demands via analysis of 330technical security assessments produced byCISA; federal, state, local, tribal, and territorial (FSLTT) partners; and private industry. Itcategorizes the new capability demands into14 demand areas, which in turn map to 4user domains and 5 capability categories.CAPABILITY FORECASTINGBEYOND 2025:TECHNOLOGY SPECULATIONAligns the newly identified capabilitydemands to active R&D projects. ForSTRv2, CISA selected 27 candidate projectsbased on specific criteria. These candidateprojects had intersects with all but 3 of the14 capability demand areas. These threegaps between capability demands and R&Dprojects can inform organizations of newprojects that may need to be created toaddress CISA equities.CISA Strategic Technology Roadmap OverviewLooks beyond the 5-year planning cycle atthe relationships between current marketleading technologies, emerging technologies or those technologies with potentialfor capturing significant market share orcreating new markets, and projects in theR&D pipeline. In STRv2, this section focuseson two broad technology areas, each ofwhich are composed of many independentlyevolving technologies: Mesh of Things andproduction quantum computing.3CISA Strategic Technology Roadmap Overview
AT A GLANCE:CISA TECHNOLOGYINVESTMENTAs stated in the CISA Strategic Intent, CISA’s mission is to lead the national effort to understand andmanage cyber and physical risk to our critical infrastructure. To support CISA’s “defend today, securetomorrow” risk management mission, the CISA STR focuses on CISA investment in both current andfuture technology capabilities.Specifically, it examines security and vulnerability assessments related to current capabilities to identifygaps, which—along with an examination of emerging technologies—help determine the demand forfuture capabilities (both near- and long-term). It then aligns those capability demands with candidatetechnologies.TIMELINE AND FEEDBACK LOOPBeginning yearly in January, the STR follows anannual publication cycle with delivery planned for earlyDecember each year. Throughout the year, the CISAChief Technology Officer (CTO) team builds the STR byanalyzing and integrating CISA security and vulnerabilityassessments and roadmaps of current CISAacquisition programs.The STR aligns with CISA’s planning, programming,and budgeting execution (PPBE) cycle and the currentSTR serves as a foundational input to CISA strategicplanning documents each year, including: program decision options (PDOs) the resource allocation plan (RAP), which detailsCISA’s program funding the annual operating plans (AOPs) of each CISAdivisionIn turn, the output from strategic planning documents—as well as budget allocation from the PPBE process—feed into program plans, which provide input into futurereleases of the STR. This feedback loop supportsa holistic planning cycle that aims to increase theeffectiveness of the technologies necessary to fulfill theCISA mission.CISA Strategic Technology Roadmap Overview4CISA Strategic Technology Roadmap OverviewCISA Strategic Technology Roadmap Overview5CISA Strategic Technology Roadmap Overview
INFORMATION SHARINGNETWORK SECURITY& INFRASTRUCTUREMANAGEMENTSTR & OYMENTS &ENHANCEMENTSSTRv2 identified 93 CD&Es—currently in development or plannedfor development within the nextfive years—that mapped to the STRCD&E categories. Additionally, STRv2categorizes the 93 CD&Es into oneor more of the Identify, Protect,Detect, and Respond NISTCSF functions.2PREVENTION & DETECTIONOne of the goals of the STR is to provideprogram managers with an integrated viewacross CISA acquisition programs and to imparta comprehensive understanding of CISA’sinvestment in capability deployments andenhancements (CD&Es). This integrated viewalso serves as a means to inform technologyresearchers, systems developers, and decisionmakers on short to mid-term program activities.APPLICABLENIST CYBERSECURITYFRAMEWORK FUNCTIONSIDENTITY & ACCESSMANAGEMENTIDENTIFYPROTECTDATA PROTECTIONMANAGEMENTIn general, the STR identifies CD&Es throughsurveying CISA acquisition programs and mapseach CD&E to one of the eight STR capabilitycategories:DETECTRESPONDASSET DISCOVERY,CONFIGURATION, &PROTECTION OTECTDSPONREFYREVERCOD ETECTSTR ALIGNMENTWITH NISTThe STR also categorizes each CD&E currently in development—orplanned for development within the next five years—under one ormore of the five National Institute of Standards and Technology (NIST)Cybersecurity Framework (CSF) functions: Identify Detect Protect Respond Recover11The STR only maps the capabilities in the program pipeline for deployment or enhancement; it doesnot map existing systems capabilities such as those that align to the NIST CSF Recover function.CISA Strategic Technology Roadmap Overview6CISA Strategic Technology Roadmap Overview2Although existing CD&Es may fall into the Recover function none of the STRv2 CD&Es currently indevelopment—or planned for development within the next five years—maps to this NIST CSF function.CISA Strategic Technology Roadmap Overview7CISA Strategic Technology Roadmap Overview
Through analyzing 330 technical security assessments —from CISA, FSLTT, partners, and private industry—as well asongoing research, CISA was able to identify new capabilitydemands. Importantly, these new capability demandsare opportunities to build upon planned CD&Es with newtechnologies and to enhance the existing CISA MissionEnvironment (CME). These capability demands span thetechnology domains of Common Defensive Cyber Technologies,Common Defensive Cyber Operations Technologies, andUnique SLTT and Sector Partners Technologies.STRv2CAPABILITYDEMANDSSTRv2 categorizes the new capability demands into 14demand areas—7 derived from technical security assessmentsand 7 from ongoing research and development (R&D) efforts.The 14 demand areas, in turn, map to 4 user domains and 6capability categories:1CAPABILITY DEMANDAREAS GAPSCOMMON DEFENSIVECYBER TECHNOLOGIES(.GOV, SLTT, ANDSECTOR PARTNERS)1.1PREVENTION AND DETECTION1.1.11.1.21.1.3Deception TechnologiesSoftware Assurance and Vulnerability MgtData Protection1.2ANALYTICS1.2.1ML – Large-Scale AnalyticsSTRv2CAPABILITYFORECASTINGCOMMON DEFENSIVECYBER OPSTECHNOLOGIESUNIQUE SLTT& SECTOR PARTNERSTECHNOLOGIES2.1NETWORK SECURITY ANDINFRASTRUCTURE MGT2.1.12.1.22.1.32.1.42.1.52.1.6ML – SOARNetwork Systems SecurityAuthoritative Time SourceCaller ID SpoofingMobile Device SecurityPasswordless Authentication3.1NETWORK SECURITY ANDINFRASTRUCTURE MGT3.1.1Non-IP Based ICS/SCADA ProtocolMonitoringICS Patching3.1.2SOAR technologies enable organizations toautomate IT security actions–such as loggathering, quarantining a file, hashing a file, orrunning an analytic. Organizations can then linkthese actions as well as non-security-specificactions together to execute security processes.has the potential to disrupt the basicfunctionality of private and public IT ecosystems; expands capabilities that may align with existing,planned, or future organizational functions; is not yet commercially available, meaning it isat some stage of formal R&D; and has the potential to counter known andunrealized/early pipeline adversary capabilitiesML can augment SOAR capabilities byautomating repetitive tasks. Incorporating MLinto SOAR can also allow the automation ofhistorical courses of action (COAs) taken bysecurity analysts. Automating these can freeup analysts’ time that would otherwise be useddetermining the most appropriate COAs forgiven incidents.The value of ML and SOAR to an organization isin these technologies enabling staff to focus onhigher priority or strategic efforts.Using this criteria, CISA was able to identify 27candidate projects from DHS S&T and the DefenseAdvanced Research Projects Agency.CISA was able to align candidate projects to all but 3of the 14 capability demand areas:1. Machine Learning (ML) and SecurityOrchestration, Automation, and Response(SOAR)4COMMUNICATIONSCISA Strategic Technology Roadmap OverviewML AND SOARThe R&D project:(.GOV, SLTT, ANDSECTOR PARTNERS)31.In STRv2, CISA aligned 11 of the 14 STRv2capability demand areas to relevant, active R&Dprojects—both internal to DHS, in the DHS Scienceand Technology (S&T) directorate, and external.CISA used the following criteria to make selections:. 2These three gaps between capabilitydemands and R&D projects can informorganizations of new projects thatmay need to be created to addressCISA equities.84.1NATIONAL SECURITY/EMERGENCY PREPAREDNESS(NS/EP) COMMUNICATIONS4.1.1Next Generation Network Priority Services(NGN-PS) for IP-Based Environment(Transition to IP-Based Communications)4.2EMERGENCY COMMUNICATIONS4.1.1CAD InteroperabilityCISA Strategic Technology Roadmap Overview2. Next Generation Network Priority Services(NGN-PS) for IP-Based Environment#3. Computer-aided dispatch (CAD) InteroperabilityCISA Strategic Technology Roadmap Overview9CISA Strategic Technology Roadmap Overview
2.NGN-PS FORIP-BASEDENVIRONMENTNote: as the roadmap for the CISA level 1 acquisition program, NextGeneration Network Priority Services (NGN-PS) was unavailable duringSTRv2 development, the CISA CTO team analyzed NGN-PS artifacts toderive capability demands.3 The network must be able to uniquely identify priority user trafficand associate the authorized level of priority to that traffic. The network must have prioritization means to apply to theidentified traffic.For cases where networks interconnect, traffic prioritizationindicators must be securely passed to interconnected networks fordownstream prioritization.i tybileraropednteasDIP-BCAo I onsAn t atiADi ti o i cSCns unS/ gTraommIC ri nCed itoas onPB lMr cen-I coouN o tooeSPrT imveatiThe priority user must be authenticated and authorized to receivepriority treatment.ri tthoCISA collaborates with the public and privatesectors to ensure the public safety and nationalsecurity and emergency preparedness (NS/EP)communications community has access to prioritytelecommunication
Chief Technology Officer CISA Colleagues and Partners, As a relatively new agency, CISA has the opportunity to stand up a straightforward, repeatable, and transparent technology investment strategy. Our annual Strategic Technology Roadmap (STR) aims to do just that and I’m hopeful this Overview publication allows you to grasp where we are
