The CyberScience Laboratory: A CyberSecurity and Incident Response

Enabler

8 November 2007

Salvatore C. Paladino, CISSP

Overview• Mission/Objectives• Staff• CyberSecurity Network of Partners• Delivery System• Rapid Technology Deployments• Technology Development and Analysis

– Rapid Forensic Analyst

• Dynamic Training Capabilities• Virtual Training Portal and Resources

– CyberSecurity Technical Assistance Package

• Embedded Intern Program• Future Plans

CyberScience Laboratory

• Established March 2000• Mission/Objectives

– Develop a national and international government, industry & academia network to address cybersecurity technical issues

– Evaluate DOD, DHS and DOJ R&D technologies and provide technology assistance for transition to federal, state and local law enforcement agencies and critical infrastructure owners and operators across the U.S.

– Facilitate cybersecurity training, technical assistance and technology transfer to the cybersecurity community

Tool DemonstrationsRapid Technology Deployment

CyberSecurity Training

CSL Staff

• Members of the CSL staff include:– Cyber Security Specialists– Electronic Crime Specialists– Information Analysts– Software Engineers

• Certifications include:– Certified Forensic Computer

Examiner (CFCE)– Certified Electronic Evidence

Collection Specialist (CEECS)– Certified Information Systems

Security Professional (CISSP)– Network+ Certified Professional– Certified Ethical Hacker (CE/H)

• Public Sector– National Institute of Justice – Office of Science & Technology– Air Force Research Laboratory/Information Directorate– Department of Homeland Security - Science and Technology– DHS/USSS Electronic Crimes Task Forces (ECTFs)

• Atlanta, Charlotte, Chicago, Dallas, Houston, Kentucky, Los Angeles, Miami, New England, New York, San Francisco, Washington D.C.

– Federal Bureau of Investigation (FBI) Cyber Division and Digital Evidence Section (DES)– Inter-American Committee Against Terrorism (CICTE)– International Association of Computer Investigative Specialists (IACIS)– Multi-State Information Sharing and Analysis Center (MS-ISAC)– New York City Criminal Justice Coordinator’s Office– New York State Police (NYSP)– Organization of American States (OAS)– Upstate New York Electronic Crimes Coalition (UNYECC)– Western NY Regional Computer Forensic Lab– Infragard– Central New York Computer Crime Coalition (CNY3C)

• Private Sector– AccessData Corporation– Digital Intelligence, Inc.– Dolphin Technology, Inc.– Guidance Software– International High Technology Crime Investigation Association (HTCIA)– Intelligent Computer Solutions, Inc.– JPMorgan Chase– MasterCard– National Grid

• Academia– Utica College: Economic Crime Investigation Institute– John Jay College of Criminal Justice– Syracuse University – Columbia University– Carnegie Mellon University– Cornell University

CSL’s Public, Private and Academia Network

– Eastern Kentucky University– Stanford University– James Madison University– Champlain College– Dartmouth College– University of Dayton: Institute on

Law, Technology & Security

– Florida Atlantic University– George Mason University– George Washington University

– Paraben Corporation– Partners Trust Bank– The TrainingCo. LLC.– WetStone Technologies,

Inc.

• Public Sector– National Institute of Justice – Office of Science & Technology– Air Force Research Laboratory/Information Directorate– Department of Homeland Security - Science and Technology– DHS/USSS Electronic Crimes Task Forces (ECTFs)

• Atlanta, Charlotte, Chicago, Dallas, Houston, Kentucky, Los Angeles, Miami, New England, New York, San Francisco, Washington D.C.

– Federal Bureau of Investigation (FBI) Cyber Division and Digital Evidence Section (DES)

– Inter-American Committee Against Terrorism (CICTE)– International Association of Computer Investigative Specialists (IACIS)– Multi-State Information Sharing and Analysis Center (MS-ISAC)– New York City Criminal Justice Coordinator’s Office– New York State Police (NYSP)– Organization of American States (OAS)– Upstate New York Electronic Crimes Coalition (UNYECC)– Western NY Regional Computer Forensic Lab– Infragard– Central New York Computer Crime Coalition (CNY3C)

• Private Sector– AccessData Corporation– Digital Intelligence, Inc.– Guidance Software– International High Technology Crime Investigation Association (HTCIA)– ITT Dolphin Technology, LLC– Intelligent Computer Solutions, Inc.– JPMorgan Chase– MasterCard– National Grid– Paraben Corporation– Partners Trust Bank– The TrainingCo. LLC.– WetStone Technologies, Inc.

• Academia– Utica College: Economic Crime Investigation Institute– John Jay College of Criminal Justice– Syracuse University – Columbia University– Carnegie Mellon University– Cornell University– Eastern Kentucky University– Stanford University– James Madison University– Champlain College– Dartmouth College– University of Dayton: Institute on Law, Technology & Security– Florida Atlantic University– George Mason University– George Washington University

Wireless Intrusion Detection System (WIDS) MOZART

Utica PD (2004)

Gaston County, NC and Gastonia PD

(2005 - 2006)

Miami ECTF (2007)

Presidential Debate (2004)

• Demonstrated a need for wireless security and identified wireless gaps in networks

• Saved a tremendous amount of manual work that is now automated

Impact of deployments on the practitioner community

Future Deployments• CAULDRON • IronKey• Zippy Reporting Tool• PhishBouncer• Rapid Forensic Analyst

Future Test Sites• Immigrations and Customs Enforcement• Office of Emergency & Public Health

Preparedness• USSS ECTFs• Utica Police Department

Rapid Technology Deployments

DeployedDeployed

Rapid Forensic Analyst

• First responder’s triage tool for forensic analysis– Quickly and easily assess field situations– Focus on pertinent, relevant, and useful data while filtering

out extraneous information– Gather potentially volatile (perishable) information in a

secure manner

• Use indications & warnings to focus first responders:– Where to look– What evidence gathering tools to use and in what order

• Turnkey solution– Ideal for border, parole, or other incident response– Ready for beta testing

Technology Analysis

• An unbiased “honest broker” approach for the functional testing and evaluation of the following technologies:– Government– Commercial– Open-source– Freeware

• Demonstrate technologies to the cybersecurity community to raise awareness

• Provide on-site technology assistance to help facilitate the adoption of appropriate cybersecurity technology solutions

CSL’s Dynamic Training Capabilities

CyberCrimes Investigations

Training Course

Judicial and Prosecutor’s

Perspectives on Electronic Crime

OAS CyberSecurity and CyberCrime Seminar

Forensic Tool Workshop

Senior Official's CyberSecurity

Seminar

Intrusion Forensic Experiment (IFX)

The CSL has trained over

2,000 International,

Federal, State, Local, and

Private Sector CyberSecurity

Agencies

Cybersecurity/Cybercrime Training Topics

CSL’s Virtual Training Portal

CSL Virtual Training Portal includes:

– Interactive and on-demand virtual training

– Resource Library– Functional Analysis

and Threat Assessment Reports

– Training Curriculum Center

• View Training Materials• Test• Certificate of

Completion

Training Resources

CSL Cybersecurity and Cybercrime Training DVDs USSS Forward Edge II Training DVD

CyberSecurity Technical

Assistance PackageCSL Desktop and Pocket Reference Cards

Cyberthreat Resource Kit (C-Kit)

CSL Future Plans

• Technology/Tool Transfer– 23rd Annual Computer Security Applications

Conference, FL – 12/07– Develop of C-Kit v3.0

• Technical Assistance– Embedded intern program – NY/NJ ECTF and

FBI’s RCFL

• Capacity Building– OAS CyberSecurity and CyberCrime Seminar: The

Way Forward, FL – 11/07– DoD 2008 CyberCrime Conference, MO – 1/08

Website Registration

www.cybersciencelab.com

Thank You

Salvatore C. Paladino, CISSP

Cyber Security Specialist

ITT Advanced Engineering & Sciences

CyberScience Laboratory

www.cybersciencelab.com

sal.paladino@itt.com

315-838-7066