Publications

30 Results
Skip to search filters

TCIA Secure Cyber Critical Infrastructure Modernization

Keliiaa, Curtis M.

The Sandia National Laboratories (Sandia Labs) tribal cyber infrastructure assurance initiative was developed in response to growing national cybersecurity concerns in the the sixteen Department of Homeland Security (DHS) defined critical infrastructure sectors1. Technical assistance is provided for the secure modernization of critical infrastructure and key resources from a cyber-ecosystem perspective with an emphasis on enhanced security, resilience, and protection. Our purpose is to address national critical infrastructure challenges as a shared responsibility.

More Details

Cyberspace modernization. An interest protocol planning advisory

Keliiaa, Curtis M.; McLane, Victor N.

A common challenge across the communications and information technology (IT) sectors is Internet + modernization + complexity + risk + cost. Cyberspace modernization and cyber security risks, issues, and concerns impact service providers, their customers, and the industry at large. Public and private sectors are struggling to solve the problem. New service opportunities lie in mobile voice, video, and data, and machine-to-machine (M2M) information and communication technologies that are migrating not only to predominant Internet Protocol (IP) communications, but also concurrently integrating IP, version 4 (IPv4) and IP, version 6 (IPv6). With reference to the Second Internet and the Internet of Things, next generation information services portend business survivability in the changing global market. The planning, architecture, and design information herein is intended to increase infrastructure preparedness, security, interoperability, resilience, and trust in the midst of such unprecedented change and opportunity. This document is a product of Sandia National Laboratories Tribal Cyber and IPv6 project work. It is a Cyberspace Modernization objective advisory in support of bridging the digital divide through strategic partnership and an informed path forward.

More Details

Assessment of current cybersecurity practices in the public domain : cyber indications and warnings domain

Keliiaa, Curtis M.; Hamlet, Jason H.

This report assesses current public domain cyber security practices with respect to cyber indications and warnings. It describes cybersecurity industry and government activities, including cybersecurity tools, methods, practices, and international and government-wide initiatives known to be impacting current practice. Of particular note are the U.S. Government's Trusted Internet Connection (TIC) and 'Einstein' programs, which are serving to consolidate the Government's internet access points and to provide some capability to monitor and mitigate cyber attacks. Next, this report catalogs activities undertaken by various industry and government entities. In addition, it assesses the benchmarks of HPC capability and other HPC attributes that may lend themselves to assist in the solution of this problem. This report draws few conclusions, as it is intended to assess current practice in preparation for future work, however, no explicit references to HPC usage for the purpose of analyzing cyber infrastructure in near-real-time were found in the current practice. This report and a related SAND2010-4766 National Cyber Defense High Performance Computing and Analysis: Concepts, Planning and Roadmap report are intended to provoke discussion throughout a broad audience about developing a cohesive HPC centric solution to wide-area cybersecurity problems.

More Details

National cyber defense high performance computing and analysis : concepts, planning and roadmap

Keliiaa, Curtis M.; Hamlet, Jason H.

There is a national cyber dilemma that threatens the very fabric of government, commercial and private use operations worldwide. Much is written about 'what' the problem is, and though the basis for this paper is an assessment of the problem space, we target the 'how' solution space of the wide-area national information infrastructure through the advancement of science, technology, evaluation and analysis with actionable results intended to produce a more secure national information infrastructure and a comprehensive national cyber defense capability. This cybersecurity High Performance Computing (HPC) analysis concepts, planning and roadmap activity was conducted as an assessment of cybersecurity analysis as a fertile area of research and investment for high value cybersecurity wide-area solutions. This report and a related SAND2010-4765 Assessment of Current Cybersecurity Practices in the Public Domain: Cyber Indications and Warnings Domain report are intended to provoke discussion throughout a broad audience about developing a cohesive HPC centric solution to wide-area cybersecurity problems.

More Details

Policy based network management : state of the industry and desired functionality for the enterprise network: security policy / testing technology evaluation

Keliiaa, Curtis M.; Tolendino, Lawrence F.; Taylor, Jeffrey L.; MacAlpine, Timothy L.; Morgan, Christine A.

Policy-based network management (PBNM) uses policy-driven automation to manage complex enterprise and service provider networks. Such management is strongly supported by industry standards, state of the art technologies and vendor product offerings. We present a case for the use of PBNM and related technologies for end-to-end service delivery. We provide a definition of PBNM terms, a discussion of how such management should function and the current state of the industry. We include recommendations for continued work that would allow for PBNM to be put in place over the next five years in the unclassified environment.

More Details

Directory Enabled Policy Based Networking

Keliiaa, Curtis M.

This report presents a discussion of directory-enabled policy-based networking with an emphasis on its role as the foundation for securely scalable enterprise networks. A directory service provides the object-oriented logical environment for interactive cyber-policy implementation. Cyber-policy implementation includes security, network management, operational process and quality of service policies. The leading network-technology vendors have invested in these technologies for secure universal connectivity that transverses Internet, extranet and intranet boundaries. Industry standards are established that provide the fundamental guidelines for directory deployment scalable to global networks. The integration of policy-based networking with directory-service technologies provides for intelligent management of the enterprise network environment as an end-to-end system of related clients, services and resources. This architecture allows logical policies to protect data, manage security and provision critical network services permitting a proactive defense-in-depth cyber-security posture. Enterprise networking imposes the consideration of supporting multiple computing platforms, sites and business-operation models. An industry-standards based approach combined with principled systems engineering in the deployment of these technologies allows these issues to be successfully addressed. This discussion is focused on a directory-based policy architecture for the heterogeneous enterprise network-computing environment and does not propose specific vendor solutions. This document is written to present practical design methodology and provide an understanding of the risks, complexities and most important, the benefits of directory-enabled policy-based networking.

More Details
30 Results
30 Results