Special Issue on Cyber Security

Cyber Security Research at Lincoln Laboratory
Lincoln Laboratory Journal - Volume 22, Number 1
Marc A. Zissman and Robert K. Cunningham

Department of Defense missions increasingly are fought in and through the cyber domain. While significant efforts have been made to defend U.S. assets, processes, and data, adversaries have proven adept at stealing data and disrupting operations. Lincoln Laboratory conducts research, development, evaluation, and deployment of cyber-resilient components and systems designed to ensure successful national security missions despite cyber attack and exploitation. This issue of the Lincoln Laboratory Journal focuses on some of this innovative work.

Advanced Tools for Cyber Ranges
Timothy M. Braje

In response to the growing number and variety of cyber threats, the government, military, and industry are widely employing network emulation environments for cyber capability testing and cyber warfare training. These "cyber ranges" have been increasing in size and complexity to model the high-volume network traffic and sophisticated attacks seen on the Internet today. For cyber ranges to operate effectively and efficiently, organizations need tools to automate range operations, increase the fidelity of emulated network traffic, and visualize range activity. Lincoln Laboratory has developed a variety of such tools.

Threat-Based Risk Assessment for Enterprise Networks
Richard P. Lippmann and James F. Riordan

Protecting enterprise networks requires continuous risk assessment that automatically identifies and prioritizes cyber security risks, enables efficient allocation of cyber security resources, and enhances protection against modern cyber threats. Lincoln Laboratory created a network security model to guide the development of such risk assessments and, for the most important cyber threats, designed practical risk metrics that can be computed automatically and continuously from security-relevant network data.

Finding Malicious Cyber Discussions in Social Media
Richard P. Lippmann, William M. Campbell, David J. Weller-Fahy, Alyssa C. Mensch, Giselle M. Zeno, and Joseph P. Campbell

Today's analysts manually examine social media networks to find discussions concerning planned cyber attacks, attacker techniques and tools, and potential victims. Applying modern machine learning approaches, Lincoln Laboratory 
has demonstrated the ability to automatically discover such discussions from Stack Exchange, Reddit, and Twitter posts written in English.

Cloudbreak: Answering the Challenges of Cyber Command and Control
Diane Staheli, Vincent F. Mancuso, Matthew J. Leahy, and Martine M. Kalke

Lincoln Laboratory's flexible, user-centered framework for the development of command-and-control systems allows the rapid prototyping of new system capabilities. This methodology, Cloudbreak, effectively supports the insertion of new capabilities into existing systems and fosters user acceptance of new tools.

Recommender Systems for the Department of Defense and Intelligence Community
Vijay N. Gadepally, Braden J. Hancock, Kara B. Greenfield, Joseph P. Campbell, William M. Campbell, and Albert I. Reuther

Recommender systems, which selectively filter information for users, can hasten analysts' responses to complex events such as cyber attacks. Lincoln Laboratory's research on recommender systems may bring the capabilities of these systems to analysts in both the Department of Defense and intelligence community.

Repeatable Reverse Engineering with the Platform for Architecture-Neutral Dynamic Analysis
Ryan J. Whelan, Timothy R. Leek, Joshua E. Hodosh, Patrick A. Hulin, and Brendan Dolan-Gavitt

Many problems brought on by faulty or malicious software code can be diagnosed through a reverse engineering technique known as dynamic analysis, in which analysts study software as it executes. Researchers at Lincoln Laboratory developed the Platform for Architecture-Neutral Dynamic Analysis to facilitate analyses that lead to profound insight into how software behaves. This tool was recognized with a 2015 R&D 100 Award for being one of the year's 100 most innovative technologies.

Moving Target Techniques: Leveraging Uncertainty for Cyber Defense
Hamed Okhravi, William W. Streilein, and Kevin S. Bauer

Cyber moving target techniques involve randomizing cyber system components to reduce the likelihood of successful attacks, adding dynamics to a system to shorten attack lifetime, and diversifying otherwise homogeneous collections of systems to limit attack damage. A review of five dominant categories of cyber moving target techniques assesses their benefits and weaknesses.

Secure Embedded Systems
Michael Vai, David J. Whelihan, Benjamin R. Nahill, Daniil M. Utin, Sean R. O’Melia, and Roger I. Khazan

Developers seek to seamlessly integrate cyber security within U.S. military system software. However, added security components can impede a system's functionality. System developers need a well-defined approach for simultaneously designing functionality and cyber security. Lincoln Laboratory's secure embedded system co-design methodology uses a security coprocessor to cryptographically ensure system confidentiality and integrity while maintaining functionality.

Secure and Resilient Cloud Computing for the Department of Defense

Nabil A. Schear, Patrick T. Cable, Robert K. Cunningham, Vijay N. Gadepally, Thomas M. Moyer, and Arkady B. Yerukhimovich

Cloud computing offers substantial benefits to its users: the ability to store and access massive amounts of data, on-demand delivery of computing services, the capability to widely share information, and the scalability of resource usage. Lincoln Laboratory is developing technology that will strengthen the security and resilience of cloud computing so that the Department of Defense can confidently deploy cloud services for its critical missions.

Securing the U.S. Transportation Command
Jeffrey M. Diewald, Kajal T. Claypool, Jesslyn D. Alekseyev, George K. Baah, Uri Blumenthal, Alfred Cilcius, William L. Pughe, Joseph A. Cooley, Robert K. Cunningham, Jonathan R. Glennie, Edward F. Griffin, and Patrick J. Pawlak

The U.S. Transportation Command moves soldiers, equipment, and supplies around the world to support U.S. military and disaster relief operations. To help ensure that this critical supply chain is functioning efficiently, Lincoln Laboratory is working with the command to develop a software architecture that will provide the command with an enterprise network with ample computational power, strong cyber security, and resiliency to attacks and disruptions.


A roundup of Lincoln Laboratory technology transfer opportunities in cyber security

Lab Notes
  • Securing Data › A novel technology simplifies secure military communications and has the potential to be beneficial for a wide array of applications.
  • Keeping an Eye on Cyber Threats ›  Researchers use real-time data from Lincoln Laboratory networks to monitor and develop countermeasures against cyber threats.
  • Training the Cyber Defensive Line ›  A game-like competition is helping build experts in cyber "disaster response." 
  • Can a Game Teach Practical Cyber Security? › Lincoln Laboratory's Capture the Flag competition challenges college students to defend cyberspace. 
  • Recruiting the Next Generation of Cyber Security Specialists ›  Two Lincoln Laboratory outreach activities seek to steer high-school students toward careers in cyber security.