piv-i/frac technology transition work group (ttwg) · piv-i/frac technology transition work group...
TRANSCRIPT
PIV-I/FRAC Technology Transition Work Group (TTWG)Interagency Advisory Board (IAB)
18 May 2011
Karyn Higa-SmithProgram ManagerCyber Security DivisionHomeland Security Advanced Research Projects Agency (HSARPA)[email protected]
DHS S&T MissionStrengthen America’s security and resiliency by providing knowledge products and innovative technology solutions for the Homeland Security Enterprise
Cyber Security Division DHS S&T continues with an aggressive cyber security
research agendaWorking with the community to solve the cyber
security problems of our current (and future) infrastructureOutreach to communities outside of the Federal
government, i.e., building public-private partnerships is essential
Working with academe and industry to improve research tools and datasets
Looking at future R&D agendas with the most impact for the nation, including education
Need to continue strong emphasis on technology transfer and experimental deployments
For more information, visithttp://www.cyber.st.dhs.gov
S&T IdM and Data Privacy Program Focus on research requirements to support the homeland
security enterprise mission
The Identity Management Testbed:
R&D, SME & Engineering Support: Technical Risk Mitigation, T&E, validation of technologies and approaches
Exploration of architectural approaches to Identity and Access Management; working interoperability seams
Data Privacy Technologies
Exploring standards, best practices, and usability
Collaborating across communities (State and Local; Public and Private Sectors) requirements
Working with industry and Commercial off-the-shelf vendors
For more information, visithttp://www.cyber.st.dhs.gov
Personal Identity Verification-Interoperability/First Responder Authentication Credential (PIV-I/FRAC) Technology Transition Work Group (TTWG)
December 2009: first quarterly meeting; signed charterFEMA and S&T partnered to support State and Local Emergency Response OfficialsFocus: Public Safety, Standard Credential, Interoperability & Trust, Innovation
TTWG UpdateBackground TTWG Charter TTWG Support Case Study Report
S&T funded work IdM TestbedSBIRPrivacy, Secure ISResearch MOU
Technology Transition Working GroupDHS Membership
CharterScience and
Technology (S&T), Federal Emergency
Management Agency (FEMA),
Screening Coordinating Office (SCO), and
National Protection and Programs (NPPD)-Infrastructure Protection (IP)
State, Local, Region
Local and State Participants Colorado Maryland Virginia District of Columbia Missouri Southwest Texas Pennsylvania Chester County, PA Pittsburgh, PAWest Virginia Hawaii Illinois
PIV-I/FRAC Technology Transition Work Group
FEMA and S&T PartnershipMeeting quarterly
since Dec 2009 Federal, state,
local, public, private collaboration and providing status on PIV-I
Gathering capability requirements
S&T IdM and MLS Support to TTWG RDT&E support: Supporting the state and local
participants with standards, policies, interoperability, innovative approaches and technologies, evaluating cost inhibitors, …
Sponsorship of quarterly meetings
Baseline the credentialing progress within each of the members (case study report)
Gathering requirements and technology gaps
Conducting pilots, proof-of-concept, lab demonstrations, and transition to operations
S&T Officially Published: (http://www.safecomprogram.gov/SAFECOM/library/interoperabilitycasestudies/1624_movingtowards.htm) -or-(https://www.cyber.st.dhs.gov/resources.html)
Credentialing Challenges Multiple stove-piped
credentials Multi-jurisdictional response
to large-scale disasters Lack of trust and
interoperability Too many credentials! Insecure/isolated physical
and logical access
Case Study ReportCase Study
Fusion Center: Secure Information Sharing
S&T Funded Pilots and Proof-of-Concept Demonstrations
Based on TTWG requirements State, Local/Region, Fusion
Center, CIKR Privacy Policies
Policy-Based Decision Engine
Secure Collaboration Across Jurisdictions
Interoperability pilot PACS & LACS integration BAE/GFIPM SAML and SPML
S&T Research, Development, Test, & Evaluation
S&T Identity Management Test BedTest bed RDT&E capabilities: Simulate Attribute
Repositories Dynamic Attribute
Repository Virtualization (Meta Directory)
SAML 2.0 Attribute Authority
Identity and Attribute Exchange (BAE based)
(Note: Based on TTWG and NSTIC requirements)
User attribute retrieval standard for federal agencies
SAML 2.0 Profile for BAE developed by a joint DHS S&T & DOD DMDC-West Team
Results of POC incorporated into the Federal IdM Segment Architecture
Proof of Concept implementation in Testbed
Backend Attribute Exchange Pilot
Service Provisioning Markup Language (SPML) S&T is conducting a
pilot using the FEMA and State and Local use-case
Ability to exchange single records & multiple records in batch mode
Potential Operations “Give me a list of all
F/ERO’s with Attribute X, Y, and Z”
“Give me all the ESF/NIPP attributes of User X”
“Give me any changes you have since time/date X”
FRAMEWORK for FERO Attributes S&T funding NIST to develop a standard
Credential Information Model and a Framework for A&A (S&T Standards Division: Bert Coursey and Peter Shebell)
For Mutual Aid Emergency Response Officials Developed 155 fine-grained XML
Schemas for Job Titles; Emergency Support Function (ESF) Job Categories
Developed a NIEM compliant course-grained XML Schemas for ESF job description
Need input from TTWG and others
White House blog: R&D MOU
“The goal of the agreement is to speed the commercialization of cybersecurity research innovations that support our Nation’s critical infrastructures.”
White House facilitated MOU signed between S&T, NIST, and the Financial Sector to conduct R&D for public-private sectors
http://www.whitehouse.gov/blog/2010/12/06/partnership-cybersecurity-innovation
S&T Cyber Security Contact Information Doug Maughan
S&T Cyber Security Division [email protected]
Karyn Higa-SmithS&T Cyber Security Division Program Manager [email protected]
Megan MahleS&T Cyber Security Division Support [email protected]