PIV-I/FRAC Technology Transition Work Group (TTWG)Interagency Advisory Board (IAB)

18 May 2011

Karyn Higa-SmithProgram ManagerCyber Security DivisionHomeland Security Advanced Research Projects Agency (HSARPA)Karyn.Higa-Smith@dhs.gov202.254.5335

Department of Homeland Security Organizational Chart

DHS S&T MissionStrengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise

Cyber Security Division DHS S&T continues with an aggressive cyber security

research agendaWorking with the community to solve the cyber

security problems of our current (and future) infrastructureOutreach to communities outside of the Federal

government, i.e., building public-private partnerships is essential

Working with academe and industry to improve research tools and datasets

Looking at future R&D agendas with the most impact for the nation, including education

Need to continue strong emphasis on technology transfer and experimental deployments

For more information, visithttp://www.cyber.st.dhs.gov

S&T IdM and Data Privacy Program Focus on research requirements to support the homeland

security enterprise mission

The Identity Management Testbed:

R&D, SME & Engineering Support: Technical Risk Mitigation, T&E, validation of technologies and approaches

Exploration of architectural approaches to Identity and Access Management; working interoperability seams

Data Privacy Technologies

Exploring standards, best practices, and usability

Collaborating across communities (State and Local; Public and Private Sectors) requirements

Working with industry and Commercial off-the-shelf vendors

For more information, visithttp://www.cyber.st.dhs.gov

Personal Identity Verification-Interoperability/First Responder Authentication Credential (PIV-I/FRAC) Technology Transition Work Group (TTWG)

December 2009: first quarterly meeting; signed charterFEMA and S&T partnered to support State and Local Emergency Response OfficialsFocus: Public Safety, Standard Credential, Interoperability & Trust, Innovation

TTWG UpdateBackground TTWG Charter TTWG Support Case Study Report

S&T funded work IdM TestbedSBIRPrivacy, Secure ISResearch MOU

Technology Transition Working GroupDHS Membership

CharterScience and

Technology (S&T), Federal Emergency

Management Agency (FEMA),

Screening Coordinating Office (SCO), and

National Protection and Programs (NPPD)-Infrastructure Protection (IP)

State, Local, Region

Local and State Participants Colorado Maryland Virginia District of Columbia Missouri Southwest Texas Pennsylvania Chester County, PA Pittsburgh, PAWest Virginia Hawaii Illinois

PIV-I/FRAC Technology Transition Work Group

FEMA and S&T PartnershipMeeting quarterly

since Dec 2009 Federal, state,

local, public, private collaboration and providing status on PIV-I

Gathering capability requirements

S&T IdM and MLS Support to TTWG RDT&E support: Supporting the state and local

participants with standards, policies, interoperability, innovative approaches and technologies, evaluating cost inhibitors, …

Sponsorship of quarterly meetings

Baseline the credentialing progress within each of the members (case study report)

Gathering requirements and technology gaps

Conducting pilots, proof-of-concept, lab demonstrations, and transition to operations

S&T Officially Published: (http://www.safecomprogram.gov/SAFECOM/library/interoperabilitycasestudies/1624_movingtowards.htm) -or-(https://www.cyber.st.dhs.gov/resources.html)

Credentialing Challenges Multiple stove-piped

credentials Multi-jurisdictional response

to large-scale disasters Lack of trust and

interoperability Too many credentials! Insecure/isolated physical

and logical access

Case Study ReportCase Study

Fusion Center: Secure Information Sharing

S&T Funded Pilots and Proof-of-Concept Demonstrations

Based on TTWG requirements State, Local/Region, Fusion

Center, CIKR Privacy Policies

Policy-Based Decision Engine

Secure Collaboration Across Jurisdictions

Interoperability pilot PACS & LACS integration BAE/GFIPM SAML and SPML

S&T Research, Development, Test, & Evaluation

S&T Identity Management Test BedTest bed RDT&E capabilities: Simulate Attribute

Repositories Dynamic Attribute

Repository Virtualization (Meta Directory)

SAML 2.0 Attribute Authority

Identity and Attribute Exchange (BAE based)

(Note: Based on TTWG and NSTIC requirements)

User attribute retrieval standard for federal agencies

SAML 2.0 Profile for BAE developed by a joint DHS S&T & DOD DMDC-West Team

Results of POC incorporated into the Federal IdM Segment Architecture

Proof of Concept implementation in Testbed

Backend Attribute Exchange Pilot

DSCA Secure Information Sharing Pilot

Service Provisioning Markup Language (SPML) S&T is conducting a

pilot using the FEMA and State and Local use-case

Ability to exchange single records & multiple records in batch mode

Potential Operations “Give me a list of all

F/ERO’s with Attribute X, Y, and Z”

“Give me all the ESF/NIPP attributes of User X”

“Give me any changes you have since time/date X”

BAE and GFIPM Interoperability Test

FRAMEWORK for FERO Attributes S&T funding NIST to develop a standard

Credential Information Model and a Framework for A&A (S&T Standards Division: Bert Coursey and Peter Shebell)

For Mutual Aid Emergency Response Officials Developed 155 fine-grained XML

Schemas for Job Titles; Emergency Support Function (ESF) Job Categories

Developed a NIEM compliant course-grained XML Schemas for ESF job description

Need input from TTWG and others

White House blog: R&D MOU

“The goal of the agreement is to speed the commercialization of cybersecurity research innovations that support our Nation’s critical infrastructures.”

White House facilitated MOU signed between S&T, NIST, and the Financial Sector to conduct R&D for public-private sectors

http://www.whitehouse.gov/blog/2010/12/06/partnership-cybersecurity-innovation

S&T Cyber Security Contact Information Doug Maughan

S&T Cyber Security Division DirectorDouglas.Maughan@DHS.gov202.254.6145

Karyn Higa-SmithS&T Cyber Security Division Program Manager Karyn.Higa-Smith@DHS.gov202.254.5335

Megan MahleS&T Cyber Security Division Support ContractorMegan.Mahle@associates.DHS.gov202.254.2245