EMERGING CYBERSECURITY TECHNOLOGIES

1










EMERGING CYBERSECURITY TECHNOLOGIES
Noreen Lukow
CSEC 670 Cybersecurity Capstone













EMERGING CYBERSECURITY TECHNOLOGIES

2

Table of Contents
Introduction............................................................................................................ 3
Prioritized Research and Development.................................................................. 4
Big Data ................................................................................................................. 4
Governmental Support Regarding Big Data .......................................................... 4
Human Computer Interaction and Information Management ................................ 5
Governmental Support Regarding Human Computer Interaction and
Information Management ................................................................................. 5
High Confidence Software and Systems ................................................................ 5
Governmental Support Regarding High Confidence Software and Systems ......... 6
High End Computing .............................................................................................. 6
Governmental Support Regarding High End Computing ....................................... 7
Remote Agent Technologies ................................................................................... 7
Governmental Support Regarding Remote Agent Technologies ............................ 9
Real-Time Forensic Analyses ................................................................................. 10
Real-time Forensic Tools ........................................................................................ 11
Governmental Support Regarding Real-Time Forensic Analyses .......................... 11
Summary and Conclusion ....................................................................................... 12






EMERGING CYBERSECURITY TECHNOLOGIES

3

Abstract
Emerging technologies such as prioritized research and development, remote
agent technologies, and real-time forensic analyses, offer strategies that both the private
and public sector can now utilize. These methodologies are critical in ensuring that
cyberspace can defend itself from the emerging, sophisticated threats such as the
advanced persistent threat, which has the potential to damage one of our most popular
resources -- the Internet.
Index Terms: prioritized research and development, remote agent technologies,
real-time forensic analyses, cyberspace, advanced persistent threat, Internet.

Introduction
Cyberattacks are a global problem, thus it will take a global community to come
up with viable solutions. Both the public and private sector will need to do their part to
ensure that the global resource, we all call the Internet, remains safe and secure for all
users. Emerging technologies have the potential to do just that.
With the realization that nobody is immune from the dreaded cyberattack, since
both public enterprises and governmental organizations can count themselves as victims,
its no surprise that both sectors are involved in making one of the most critical
infrastructures of all, the Internet, threat free. It remains to be seen whether or not
emerging technologies utilizing methodologies such as remote agent technologies and
real-time forensic analyses will be enough to protect the security of both public and
private networks.





EMERGING CYBERSECURITY TECHNOLOGIES

4

Prioritized Research and Development
The Networking and Information Technology Research and Development
(NITRD) program is currently seeking strategies to proactively secure Americas
networks. To this end, new concepts such as: Cybereconomics, Tailored Trustworthy
Spaces, and Moving Target Defenses have been earmarked for deployment. The
objective of these emerging concepts is to create dynamic structures, architectures, and
defenses as current strategies are ineffective, since they are static rather than dynamic,
reactive rather than proactive. (UMUC, 2012)
The NITRD program has identified the following (6) six areas for prioritized
research and development, however this paper will only focus on the first four: 1) Big
Data (BD) 2) Human Computer Interaction and Information Management (HCI&IM) 3)
High Confidence Software and Systems (HCSS) 4) High End Computing (HEC) 5)
Software Design and Productivity (SDP) and 6) Social, Economic, and Workforce
Implications of IT and IT Workforce Development (SEW). (UMUC, 2012)
Big Data (BD)
According to the NITRD program, Big Data is used to identify data sets that are
so vast, current software tools cannot capture, manage, or process them within a
reasonable timeframe. (UMUC, 2012)
Governmental Support Regarding Big Data
Last year the Obama Administration determined that Big Data was important
enough to invest $200 million towards a Big Data initiative anticipating that it will
solve some of the problems facing the United States. The objective of the $200 million
investment is to improve both the tools and techniques required to access, organize, and
interpret the immense amount of amassed Big Data. (Weiss & Zgorski, 2012)
Not to be outdone, the Department of Defense is hedging a bet that Big Data will
prove to be so big that they plan to invest approximately $250 million annually across
various military programs such as the Defense Advanced Research Projects Agencys
XDATA program. The XDATA program intends to develop computation techniques and
EMERGING CYBERSECURITY TECHNOLOGIES

5

tools for the purpose of analyzing vast amounts of both semi-structured and unstructured
data. (Weiss & Zgorski, 2012)
Human Computer Interaction and Information Management
(HCI&IM)
HCI&IMs objective is to focus on information -- information interaction,
information integration, and information management research for the purpose of
developing and evaluating emerging technologies and their relationship with both users
and computers. (UMUC, 2012)
According to the Human Computer Interaction and Information Management
Coordinating Group (2003), HCI&IMs competencies can be attributed to their
contribution to the following national security priorities:
* leading-edge scientific research relating to emerging technologies
* national defense
* homeland security
* emergency planning and response training
* cybersecurity education
Governmental Support Regarding Human Computer Interaction and
Information Management
The U.S. government plans to use HCI&IM R&D to achieve the following (3)
three objectives: 1) alter the scope of future scientific research 2) expand the current
knowledge base for both science and engineering and 3) increase Americas workforce
productivity and competencies via technological awareness. (Human Computer
Interaction and Information Management Coordinating Group, 2003)
High Confidence Software and Systems (HCSS)
According to the High Confidence Software and Systems Coordinating Group
(2001), a high confidence system is simply a system that behaves in a familiar and
predictable fashion. Additionally, it is a system that understands threats, be they man-
EMERGING CYBERSECURITY TECHNOLOGIES

6

made or caused by nature. Lastly, a high confidence system neither causes nor
contributes to incidents or lost profits.
High Confidence Software and Systems R&D promises to change the future for a
multitude of methodologies, including: 1) software and hardware engineering platforms
2) information assurance 3) networking 4) distributed computer systems 5)
cyberphysical systems and 6) high mobility systems. (UMUC, 2012)
Governmental Support Regarding High Confidence Software and
Systems
The U.S. government is aware that HCSS is of critical importance in ensuring the
future of both security-critical and safety-critical systems. The governmental domains
that will benefit from the ongoing research of HCSS include, but are not limited to:
transportation, health care, oil and gas production, financial services, law enforcement,
emergency services, and our national defense. (High Confidence Software and Systems
Coordinating Group, 2001)
According to the High Confidence Software and Systems Coordinating Group
(2001), in addition to ensuring security of critical systems, there are (4) four federal
government strategic goals that can be enhanced by implementing and continually
developing HCSS research:
1) Public protection
2) Consumer protection
3) Improve governmental services
4) Engender national security support
High End Computing (HEC)
In order for the United States to stay at the forefront in fields of study such as
science, engineering, and technology, philosophies such as high end computing will be
required. (UMUC, 2012) It is through organizations such as HEC R&D that will provide
industry, both public and private, the means to address future cybersecurity problems,
through continual research in the aforementioned curricula. (NITRD, 2011)
EMERGING CYBERSECURITY TECHNOLOGIES

7

High end computers or high performance computers are generally reserved for
computational science projects, or tasks that are computationally intensive such as
cryptography.
An example of a high end computer is IBMs supercomputer Blue Gene. Blue
Gene is a colossal computer, running over 250,000 processors, which enables it to handle
enormous data sets. Blue Gene is continually making history by making the impossible,
possible due to its ability of solving previously unsolvable computations. According to
IBM (n.d.), Blue Gene has helped map the human genome, safeguarded nuclear arsenals,
replicated brainpower, and even identified fossil fuels. (IBM, n.d.)
Governmental Support Regarding High End Computing
It is no wonder that Blue Gene was a recipient of the U.S. Medal of Technology
and Innovation. It is also no wonder that high performance computers have been utilized
by the U.S. government agencies for more than ten years for projects ranging from the
DOE Office of Science software infrastructure and technologies projects to Dept. of
Defense academic research projects. (Nelson, 2003)
Remote Agent Technologies (RATs)
Remote agent technologies are a technically safe, efficient, and cost effective way
to actively monitor networks from a central site. Remote agent technologies such as
Remote Network Monitoring (RMON) have evolved out of the need to proactively
monitor networks. Remote monitoring agents conduct integrated, remote testing to
ensure network security. Remote agents provide the ability to perform network tests
quickly and effectively, virtually eliminating the dreaded backlog case scenario.
One of the biggest advantages of implementing RMON is its ability to give the
network administrator a big picture of the organizations various local area networks
(LANS). The ability to monitor, analyze, and troubleshoot multiple LANs from a
centrally located site, allows network administrators to become more proactive than
reactive. Consequently, RMON allows network administrators to respond to incidents
faster, and therefore implement security measures quicker and more effectively. (Rouse,
n.d.)
EMERGING CYBERSECURITY TECHNOLOGIES

8

The advantage RMON has over other network monitoring tools such as Simple
Network Management Protocol (SNMP) is that its Management Information Base (MIB)
is more extensive, incorporating not just a single type, but rather (9) nine groups of
collected data including: 1) Statistics 2) History 3) Alarm 4) Host 5) HostTopN 6)
Matrix 7) Filter 8) Packet Capture and 9) Event. (Waldbusser, 1991)
Remote agents, often referred to as mobile agents, the new paradigm for
distributed computing, are well suited for network management applications allowing for
greater control of network devices, without being hampered with SNMPs limitations.
For example, mobile agents are very adaptive, and as such can respond to network
incidents, requiring only minimum software. Other virtues of mobile agents include:
mobility, asynchronicity and autonomy, robustness, fault tolerance, and heterogeneity or
diversity. (Ying & Xinguang, 2013)
Alternatively, networks without mobile agents need to keep device software
loaded and accessible, 24-7 to both support and respond to potential events. (Jansen &
Karygiannis, n.d.) Jansen and Karygiannis explain that mobile agent technology is a new
paradigm in which a program, in the form of a software agent, can suspend its execution
on a host computer, transfer itself to another agent-enabled host on the network, and
resume execution on the new host.
Remote monitoring and more specifically, mobile agents, offer an organization
both economic and security advantages. Because agents are centrally located, travel
time/costs can be kept to a minimum. In addition, from a security standpoint, mobile
agents have become a viable option since the reliability of the network connection is not
critical. Additionally, remote monitoring is a good choice since it does not utilize
unsecure firewall protocols. (UMUC, 2012)
Examples of current mobile agent platforms include Aglets, IBM Japans Java-
based autonomous software agent technology; Voyager, developed by ObjectSpace, an
agent-enhanced Object Request Broker; and Grasshopper, a mobile agent system built on
top of a distributed processing environment. (Zhao, Wang, & Zhang, 2002)
EMERGING CYBERSECURITY TECHNOLOGIES

9

If there is a downside to utilizing mobile agent technology, it is that issues such as
reliability and security have prevented developers from embracing all the advantages it
has to offer. (El-Gamal, El-Gazzar, & Saeb, n.d.)
Governmental Support Regarding Remote Agent Technologies
Like the public sector, governmental agencies are seeking solutions to enhance
security, increase network availability, and reduce their vulnerabilities against
internal/external threats which could potentially impact their core IT infrastructure.
(NetBotz, n.d.)
The government, in an effort to diligently secure their IT infrastructure is
employing organizations like NetBotz, a leading provider of IT monitoring and alert
solutions to remotely monitor physical conditions and equipment via a centralized web-
based management system. Additionally, NetBotz, utilizing remote agent technologies
can instantly protect critical IT equipment, increase network availability, increase internal
security, and reduce response time. (NetBotz, n.d.)
Krachenfels & Roe (2012), adds that remote agent technologies utilizing an
Ethernet communications network also offers an affordable solution to security and
surveillance requirements to the U.S. governments power grid. According to
Krachenfels & Roe, centralized monitoring of operational data is critical for cost-
effective operation, while new regulatory requirements and good practices dictate
increased access security.
Real-Time Forensic Analyses
Real-time forensic analysis may be described as the real-time monitoring of
account activity to prevent the manipulation of sensitive data; the process to expose
malware, vulnerabilities, and threats; and ultimately, a system to ensure the continuity of
day-to-day business activities. Real-time forensic technology, is affiliated with the
concepts of security intelligence, situational awareness, and continuous monitoring.
Security intelligence is the real-time forensic analysis, standardization, and
analytics of user data, including the applications and infrastructure that affects an
organizations security and consequently, its risk posture. (Poulin, 2012)
EMERGING CYBERSECURITY TECHNOLOGIES

10

Network situational awareness is the ability to monitor large networks and
analyze bulk data from various sources, with the ultimate goal of detecting malicious
activity, according to Ed Stoner, a senior researcher at the Software Engineering
Institute at Carnegie Mellon University. (Gupta, 2012)
Continuous monitoring is much more than monitoring a network for possible
vulnerabilities. This methodology integrates the following three monitoring techniques:
1) vulnerability monitoring 2) application monitoring and 3) threat monitoring to
provide system security.
The National Institute of Standards and Technology/NIST defines continuous
monitoring as maintaining ongoing awareness of information security, vulnerabilities,
and threats to support organizational risk management decisions. (Poulin, 2012)
According to Poulin (2012), the motivation and goal for continuous monitoring is
to strive for near real-time situational awareness, and maintain situational awareness of
all systems throughout the organization.
Although there may be disagreement as to what continuous monitoring actually
means, most organizations would agree that traditional monitoring systems are not
competent enough to react to todays external, targeted, persistent, zero-day attacks.
Continuous monitoring, along with other defense methodologies may be the answer to
future threats.
According to Tarala (2011), the challenge that organizations including the U.S.
government face is the ability to develop a comprehensive network-wide monitoring
program that not only incorporates the best aspects of existing systems but the ingenuity
of innovative techniques. This will be no easy feat, as the mandatory solution will
require real-time, advanced threat detection and incident response procedures.
The interdependent relationship of real-time forensic analysis, security
intelligence, situational awareness, and continuous monitoring is the common goal of
ensuring optimal IT security and thus securing an idyllic risk posture.


EMERGING CYBERSECURITY TECHNOLOGIES

11

Real-time Forensic Tools
Tools such as Forenscope have the capability of providing live forensics to not
only capture, but also analyze and explore a PC without system disruption or
compromising evidence integrity. (Chan, Chaugule, Larson, & Campbell, 2010)
To analyze the massive amounts transmitted over a network, students at Georgia
Tech recommend using animated and coordinated visualization methodologies, such as
animated scatter plots with parallel coordinate plots. The goal of these technologies is to
enable the ability to perform analysis of enormous amounts of network traffic rapidly
while permitting an at a glance perspective regarding network monitoring and
detection, and yet maintain the ability to provide comprehensive data related to the
activity. (Krasser, Conti, Grizzard, Gribschaw, & Owen, 2005)
Governmental Support Regarding Real-Time Forensic Analyses
Federal, state, and local government are forced to deal with a multitude of
evolutionary regulations on a continual basis. Continuous monitoring can help by
tracking security related data, and providing the resources to quickly respond to
impromptu incidents effectively. (Symantec, n.d.)
In addition to the moral responsibility of maintaining a robust security risk
posture throughout government agencies, local, state, and the federal government are
obligated to adhere to the standards set forth by the Federal Information Security
Management Act/FISMA 2.0, NIST and the Office of Management and Budget/OMB.
The purpose of these standards is to help maintain a continuous monitoring plan to
ensure an appropriate risk posture. (Symantec, n.d.)
The traditional security monitoring methodologies cannot compete with the
threats that government will face in the future. One example is the dreaded advanced
persistent threat. To rely on ex post-facto analysis of such an attack would prove
fruitless. What is needed in the event of such an attack is security intelligence utilizing
continual real-time forensic analysis to effectively defend future critical networks from
the new breed of threat agents and their ingenious threat capabilities.
EMERGING CYBERSECURITY TECHNOLOGIES

12

According to Ren & Jin (2005), the futuristic demands on law enforcement
caseloads will demand that monitoring live systems and networks will be required. Ren
and Jin suggest that new approaches such as network forensics server database agents,
forensics data integration, and active real time network forensics will reduce the
bottlenecks and difficulties plaguing network architectures today.
Summary and Conclusion
New cybersecurity technologies such as prioritized research and development,
remote agent technologies, and real-time forensic analyses are emerging just in time to
secure the critical infrastructure we call the Internet. Technical advances must continue
evolving to ensure the continual implementation of new methodologies, especially
security, in order to secure and propagate both private and public networks in the future.
The future of cybersecurity will rely on both public and private organizational
efforts to ensure that cyber space on all levels -- local, national, and international -- will
be protected from the emerging threats that if not thwarted, can potentially threaten the
survival of cyberspace. Ultimately, the private sector must be made to realize that the
governments initiatives to secure cyberspace will only work with their involvement and
continual support.









EMERGING CYBERSECURITY TECHNOLOGIES

13

References
Chan, E., Chaugule, A., Larson, K., & Campbell, R. (2010). Performing live forensics on insider
attacks. Retrieved from http://srg.cs.illinois.edu/srg/sites/default/files/forenscope-cae-
wit_0.pdf
El-Gamal, Y., El-Gazzar, K., & Saeb, M. (n.d.). A comparative performance evaluation model of
mobile agent versus remote method invocation for information retrieval. Retrieved from
http://www.waset.org/journals/waset/v3/v3-52.pdf
Gupta, U. (2012). Developing situational awareness. Retrieved from
http://www.bankinfosecurity.com/developing-situational-awareness-a-4908/op-1
High Confidence Software and Systems Coordinating Group. (2001). High confidence software
and systems research needs. Retrieved from http://www.nitrd.gov/pubs/hcss-research.pdf
Human Computer Interaction and Information Management Coordinating Group. (2003).
Human-computer interaction and information management research needs. Retrieved
from http://www.nitrd.gov/pubs/hci-im_research_needs_final.pdf
IBM. (n.d.). IBM Blue Gene/Q. Retrieved from http://www-
03.ibm.com/systems/technicalcomputing/solutions/bluegene/
Jansen, W., & Karygiannis, T. (n.d.). NIST Special Publication 800-19 -- Mobile agent security.
Retrieved from http://csrc.nist.gov/publications/nistpubs/800-19/sp800-19.pdf
Krachenfels, J., & Roe, T. (2012). Hardened networks add reliability to remote networking.
Retrieved from http://security-today.com/articles/2012/10/01/hardened-networks-add-
reliability-to-remote-monitoring.aspx
Krasser, S., Conti, G., Grizzard, J., Gribschaw, J., & Owen, H. (2005). Real-time and forensic
network data analysis using animated and coordinated visualization. Retrieved from
http://www.rumint.org/gregconti/publications/20050418_IA_Krasser(final).pdf
Nelson, B. (2003). Successful government use of high performance computing. Retrieved from
http://www.nitrd.gov/about/presentations_nco/2003/20030418_langley_dnelson/2003041
8_langly_dnelson.pdf
Netbotz. (n.d.). Remote environmental monitoring, early detection, instant alerting. Retrieved
from http://www.netbotz.com/
NITRD. (2011). Interagency working group on high end computing. Retrieved from
http://www.nitrd.gov/nitrdgroups/index.php?title=Interagency_Working_Group_on_High
_End_Computing_(HEC_IWG)#title
Poulin, C. (2012). Continuous monitoring and real-time risk scoring. Retrieved from
http://www.us-
cert.gov/sites/default/files/gfirst/presentations/2012/cybersecurity_cont_monit_risk_scori
ng_poulin.pdf
EMERGING CYBERSECURITY TECHNOLOGIES

14

Ren, W., & Jin, H. (2005). Distributed agent-based real time network intrusion forensics system
architecture design. In Advanced Information Networking and Applications, 2005.
AINA, 2005. (pp.177, 182). IEEE. doi: 10.1109/AINA.2005.164
Symantec. (n.d.). Achieving situational awareness with continuous monitoring. Retrieved from
http://www.symantec.com/zh/tw/content/en/us/enterprise/fact_sheets/b-continuous-
monitoring_DS_21191405.en-us.pdf
Rouse, M. (n.d.). What is RMON (Remote Network Monitoring)? Retrieved from
http://searchmobilecomputing.techtarget.com/definition/RMON
Tarala, J. (2011). A real-time approach to continuous monitoring. Retrieved from
http://www.sans.org/reading-room/analysts-program/netwitness-splunk-monitoring
UMUC. (2012). Module 3. The future of cybersecurity technology and policy. Cybersecurity
Capstone. Module posted in University of Maryland University College CSEC670 online
classroom, archived at: http://webtycho.umuc.edu
Waldbusser, S. (1991). Remote network monitoring management information base. Retrieved
from http://tools.ietf.org/html/rfc2819
Weiss, R., & Zgorski, L. (2012). Obama administration unveils "Big Data" initiative: Announces
$200 million in new R&D investments. Retrieved from
http://www.whitehouse.gov/sites/default/files/microsites/ostp/big_data_press_release.pdf
Ying, W., & Xinguang, P. (2013). Risk assessment model based on mobile agent. Retrieved from
http://www.jatit.org/volumes/Vol47No3/fourtyseventh_volume_3_2013.php
Zhao, Q., Wang, H., & Zhang, Y. (2002). Comparison study of three mobile agent systems:
Aglets, Grasshopper and Voyager. Retrieved from
www.engr.uconn.edu/~steve/Cse298300/Fall02Projs/Agents/APres.ppt