MOVING TARGET DEFENSE: FROM GOVERNMENT LAB TO CYBERSECURITY TECHNOLOGY

Share This Post

The cyberspace is central to our lives—providing resources for daily conveniences, and acting as the backbone of critical services and economic prosperity. As the internet and the full spectrum of attacks on it have grown, the challenges of enhancing security and resilience have trickled through government agencies and private organizations alike. While the worlds of the two sectors operate largely independently, subjugating cyber adversaries has proven to be a team effort.

As a driving force in cybersecurity, the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has a cyber mission squarely focused on strengthening the cyber ecosystem. According to the DHS, these efforts are threefold:

  1. Develop and deliver new technologies, tools, and techniques to enable our nation to defend, mitigate, and secure current and future systems, networks, and infrastructure against cyberattacks
  2. Conduct and support technology transition
  3. Lead and coordinate research and development

Transition to Practice

The federal government spends upwards of $1 billion annually on unclassified cybersecurity research. Only a small portion of that work reaches the marketplace. Most instead falling in the ‘Valley of Death,’ an area between research and practice.

For the DHS research and development community, technology transition is one of the biggest challenges. Can concepts developed in a government lab actually be transitioned to technology prototypes in the real world? To tackle this very concern, DHS created the Cybersecurity Division Transition to Practice (TTP) Program, resulting in more than 20 commercialized cybersecurity technologies since 2013.

In the early stages of the program, DHS showcased Moving Target Defense (MTD) as a prototype that could become a commercially viable cybersecurity product. At the time it was in the form of ‘Coreographer,’ an MTD tool that detected when DNS connections were bypassed. Years later after some fine-tuning, MTD was then presented as a solution that efficiently randomized IP addresses, application port numbers, and network communication paths while maintaining network connectivity, functionality, and performance. In a TTP guide, Sandia National Laboratories outlined a prototype implementation of an MTD solution that could introduce randomness, uncertainty, and unpredictability to thwart attacks and shift the advantage back to the defenders. And in the following year as part of S&T’s Silicon Valley Innovation Program, DHS awarded Infafel Corp. of Cambridge $168k to develop an MTD capability for virtual machines.

The Path Ahead for MTD

From the beginning, MTD’s merits were evident and its application was essential. Cyberattacks begin with reconnaissance of information about our systems in order to perpetrate attacks. Given that our computer systems too often use predictable communication paths, static configurations, and unpatched software, we have essentially designed it in a way that favors adversaries.

The push for MTD was and still is an effort that we believe in. It is a means to upend security economics in favor of defenders in a way that is scalable and flexible for a multitude of cybersecurity protections. More importantly MTD has allowed BotRx to be a proactive bot defense solution and not reactive, stopping attacks before they cause harm.

At BotRx we have joined others across the cybersecurity community to deploy MTD in an effort to create a safe and secure cyberspace for Americans and the entire international community. It is after all, the lifeblood of our lives and nations. To learn more about how MTD works against bad bots, read our white paper, The Definitive Guide to Moving Target Defense for Automated Bot Attacks.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore