Developed by the Department of Homeland Security Science and Technology Directorate’s (S&T) Cyber Security Division (CSD), the DETER testbed, described as the “Internet in a box” or a “virtual Internet,” provides a safe and secure option to conduct critical cybersecurity experimentation and testing in the context of complex networks and cyber‐physical systems designed to protect the nation’s critical cyber infrastructure.
As it celebrates its ten year anniversary, CSD Director Douglas Maughan noted that DETER has continued to upgrade and evolve alongside the Internet. Within the last six months, CSD upgraded DETER and installed tools that allow researchers to conduct faster experiments that can simulate the spread of malware. This key change allows cybersecurity researchers to run experiments that safely test advanced cyber defense tools and techniques against real-world threats as well as design nontraditional experiments to address wearable devices and industrial control systems that connect to the Internet.
“With DETER, researchers can organize experiments quickly to try out new ideas,” explained Maughan. “If the experiments work, great. If not, the researcher can go back and tweak things. It’s like a DVR. You can play it back, see why it broke, and later you can try a whole different approach and compare the results to see what works best.”
It also allows for large-scale experimentation and for researchers to quantitatively evaluate cybersecurity solutions against malware and other threats in a real-world environment, directly supporting CSD’s mission to find security improvements to address critical weaknesses and discover new solutions for emerging cybersecurity threats.
“With DETER we are able to safely connect to the Internet to conduct risky experiments,” Maughan said. “If you look at things like botnets and real complex attacks, they are all dependent on getting control signals in; researchers need to have a connection to the Internet. We have set up a closely-monitored, locked-down Internet connection that only allows controlled of traffic in and out. And this isn’t for everyone; only for selected experiments and on a case-by-case basis.”
S&T initially partnered with the National Science Foundation (NSF) to develop DETER and continues to work together through a series of collaborative workshops with cyber researchers to ensure DETER is configured to run experiments on all types of devices with Internet access, including medical devices, vehicles, and the smart grid. The results of these workshops will be made public by the end of 2014.
“We’re no longer looking at just the Internet; there is software in everything,” he stressed. “How do you run experiments on the ‘Internet of things’? How do you integrate, for example, wearable activity trackers in an experiment? And how do you control it remotely? How do you test 1,000 activity trackers that are moving around? How do you replicate that movement in an experiment? We don’t know. We have to understand what’s needed before we can build the infrastructure.”
In addition to being used by academic researchers, DETER is also used by national labs and industry as well in classrooms, giving future cybersecurity researchers hands-on experience. The DETER testbed has over 3,700 users across more than 224 locations around the globe including cybersecurity researchers, developers and operators and governments from 30 different countries.
While the DETER software is available through open source channels, such as github.com, users must request an account and all users are vetted before being allowed access. Maughan encourages researchers, developers and testers to visit the site and take advantage of the DETER’s capabilities and strengthen their products which in turn strengthens the nation’s cyber infrastructure.
“We need to determine where we are going in the future of cybersecurity in order to mitigate risks to secure our nation,” Maughan concluded.
For more information visit the DETER website.