A variety of moving target defense (MTD) technologies are emerging to improve the defensive posture of enterprise networks. However, an enterprise’s assets are often physically distributed and employ diverse technologies that compete for network resources. As a result, coordination and control of network defense is difficult and likely to produce sub-optimal and conflicting behaviors. Enabling network enclaves to share information in a federation coordinates the use of MTD technologies, leading to a stronger defense of the federation as a whole. Creating a federation requires three essential capabilities: 1) a command and control (C2) framework for providing the real-time, adaptive defensive posture across multiple organizational divisions; 2) mechanisms to provide adaptive and coordinated defense pivots based on threats spreading across the federation; and 3) the ability to share threat data and mitigation techniques within the federation. To address this need, Intelligent Automation, Inc. (IAI) with the support of The Florida Institute of Technology (Florida Tech), will integrate IAI’s Self-shielding Dynamic Network Architecture (SDNA), a network-layer MTD technology, with the Federated Command and Control (FC2) Framework developed by Florida Tech to produce an SDNA-C2FED prototype system. IAI’s SDNA technology utilizes the moving target defense principle to improve network security by constantly manipulating the appearance of the network to create a more dynamic target. SDNA’s dynamics keep the attack in the reconnaissance phase as long as possible and make the execution of many attacks infeasible due to the risks and logistics involved. Federated information systems allow new services and capabilities to be utilized across independently managed administrative domains, with each domain having individual resources, features, and security issues. The SDNA-C2FED prototype system provides the potential to protect global Department of Homeland Security (DHS) operations.
This material is based on research sponsored by the Department of Homeland Security (DHS) Science and Technology Directorate, Cyber Security Division (DHS S&T/CSD) via contract number HHSP233201600073C.