Dr. Doug Maughan, Director, Cyber Security Division Department of Homeland Security, spoke at the Google Symposium on Thursday. His talk was extremely well attended and generated quite a bit of discussion.
The slides for the talk are available here:
http://www.cs.umd.edu/~mwh/UMD-Google-Maughan-1Dec2011.pptx
One useful takeway from the talk is this: DHS is different from DARPA, NSA, and other DOD-based agencies in that its focus is to protect the homeland. For cybersecurity, this means DHS absolutely has to work with companies, so that they can protect their assets, which in aggregate are the nation's assets. This focus has a couple of consequences.
First, classified research is a non-starter, since companies may not have the necessary classifications, and indeed want to support the broader, non-classified marketplace. All DHS-supported research is open.
Second, DHS considers it a success if it can make a security-related business viable, so that that business improves the nation's security. Therefore, it has extensive SBIR and STTR programs to support businesses. One key success story is Komoku, founded Maryland's own Bill Arbaugh;
Komoku was bought by Microsoft a few years back. Interestingly, the DHS policy is that they don't want any intellectual property: a DHS-supported company keeps that property but then must either commercialize, or release their code etc. open source.
The flip-side of the business focus is that DHS does not support basic research (6.1 research in DOD parlance). Instead it supports applied research up through development and testing. Doug pointed out that STTRs should be attractive to academics who can partner with companies. And their general focus is attractive to those wishing to commercialize their academically developed technology.
Several technical areas that Doug mentioned that struck me: he felt that software was at the root of most, if not all, of the security problems that DHS is considering. Better software will make a dent in all these problems. He also called out usability and metrics as key, underexplored areas. Finally, he said DHS has plans to consider privacy in FY13. I observe that MC2 has strength in all these areas.
Particular slides in the talk I found very useful are slides 7, 14, 19, 22, and 38.
Overall it was an interesting talk. Let me know if you have questions or ideas after you've looked at the slides. I'm very interested to hear them!
Doug's BIO:
Branch Chief in Homeland Security Advanced Research Projects Agency (HSARPA) within the Science and Technology (S&T) Directorate of the Department of Homeland Security (DHS). Doug is directing the Cyber Security Research and Development activities at HSARPA. Prior to his appointment at DHS, Doug was a Program Manager in the Advanced Technology Office (ATO) of the Defense Advanced Research Projects Agency (DARPA) in Arlington, Virginia. His research interests and related programs were in the areas of networking and information assurance.
Prior to his appointment at DARPA, Doug worked for the National Security Agency (NSA) as a senior computer scientist and led several research teams performing network security research. Doug received bachelors degrees in Computer Science and Applied Statistics from Utah State University, a master's degree in Computer Science from Johns Hopkins University, and a PhD in Computer Science from the University of Maryland, Baltimore County (UMBC).
Doug's Blog:
See, e.g., I also found that Doug runs a blog; here's a recent post: http://blog.dhs.gov/2011/10/science-and-technology-directorate-wins.html
