November 21, 2018
“S&T is excited to collaborate with our Dutch partners on these cyber-defense projects,” said William N. Bryan, Senior Official Performing the Duties of the Under Secretary for Science and Technology. “The capabilities developed by the joint research teams will benefit both countries today and into the future. We hope this is the first of many joint ventures with our international partners.”
The five research teams will collaborate to develop solutions for Distributed Denial of Defense Security (DDoSD) and Industrial Controls Systems Security. Building upon previous research efforts conducted between S&T and The Netherlands, the first joint international BAA call was published in May 2017. DHS S&T provided funding of $1.25 million and the Dutch partners—Netherlands Organization for Scientific Research (NWO) and the country’s National Cyber Security Center (NCSC), part of the Dutch Ministry of Justice and Security — provided the equivalent amount in euros.
“Earlier collaborative research has proven added value to continue U.S.-Dutch cybersecurity research,” said NCSC Cybersecurity Research Manager Raymond Doijen. NWO Cybersecurity Research Manager Jan Piet Barthel added that both countries will benefit from the exchange of experiences, viewpoints and data.
The following organizations received funding awards for their joint U.S-Netherlands projects:
- New York University and Delft University of Technology, Delft—to design and create a prototype to implement DDoS countermeasures and remediation for in-home networks and Internet of Things (IoT) devices, primarily from attacks using Domain Name System (DNS).
- University of Southern California - Information Sciences Institute, Marina del Rey, California, and University of Twente, Enschede—to define a framework to counter the IoT DDoS threat by creating tools to reconfigure capabilities in DNS servers and content delivery networks. This framework will be used to create tools to manage anycast (methodology in which a single destination address has multiple routing paths to two or more endpoint destinations) before and during DDoS attacks, and evaluate operational DNS systems.
- University of California, San Diego and University of Twente, Enschede—to analyze the DDoS attacks focused on exploitation of DNS. Attack sources, targets, and characteristics observed in DDoS attack traffic will be analyzed and an assessment of vulnerabilities and single points of failure that threaten the resilience of the DNS under DDoS attack will be conducted. By combining these two perspectives, actionable intelligence will be used to improve the resilience of the DNS against attacks, while facilitating prevention of DNS attacks.
- University of Texas at Dallas, and Technische Universiteit Eindhoven—to create new tools, algorithms, and software to improve the situational awareness of security analysts for ICS. The results will enable security analysts and operators to identify and mitigate threats, and the impact of cyber attacks.
- University of California, Santa Barbara and Vrije Universiteit (VU) Amsterdam—to develop a methodology for making patching decisions for ICS software. The methodology will make a determination of the severity of the vulnerability, which will drive a decision on how immediate a patch needs to be applied; Analyze the impact of patches to determine stability or functionality of software; and develop novel methods to apply the hardening only to vulnerable execution paths.
S&T’s cybersecurity mission is to enhance the security and resilience of the nation’s critical information infrastructure and the internet by developing and delivering new technologies, tools and techniques to defend against cyberattacks. S&T conducts and supports technology transitions and leads and coordinates R&D among the R&D community, which includes DHS customers, government agencies, the private sector and international partners. For more information about S&T, visit scitech.dhs.gov.