DHS Needs to Define Network Disruptions Before It Can Fight Them

metamorworks/Shutterstock.com

Agencies have different definition of what an outage is and that matters.

Most people recognize a network disruption when they see one—you tend to notice if your internet goes out or you lose cell service—but it’s a lot harder to figure out what caused the incident and what broader effects it might have.

But the Homeland Security Department is funding research aimed at classifying, attributing and predicting network events that impact communications, utilities and other critical infrastructure around the world.

Last week, the agency’s science and technology office awarded the first batch of contracts under the Predict, Assess Risk, Identify (and Mitigate) Disruptive Internet-scale Network Events project, or PARIDINE. Through the program, Homeland Security aims to protect critical infrastructure against “internet-scale disruptive events” like natural disasters, political actions or malicious cyberattacks.

But first, the agency is working to build its understanding of what constitutes a disruption in the first place, PARIDINE Program Manager Ann Cox told Nextgov.

Because so many pieces of critical infrastructure connect to the internet in some way, agencies haven’t agreed upon a single definition for “network disruption,” she said. For instance, the Federal Communications Commission defines outages by the number of customers they affect, but the Pentagon would likely classify any hiccup in services as a network disruption, she said.

The five teams selected for the first phase of the program will spend the next six- to 12-months working to define those events before building tools that analyze different networks types and identify incidents when they occur, Cox said. Groups must also find a way to connect disruptions to a specific event, whether it's an accidental cable cut or a foreign cyberattack.

Three of the selected teams will focus on the internet at large, one will analyze financial networks and the last will look at emergency communications systems, according to Cox. She said each technology will primarily analyze open source data because many of the organizations that would ultimately use them are unable to access classified information.

Cox said Homeland Security eventually intends to award two more batches of contracts, one for technologies that predict the likelihood of future network disruptions and another for systems that map the fallout of specific events. Future funding is still up in the air, she said, so it’s unclear when the later phases of PARIDINE will begin.

“If we have a disruptive event, is it going to affect this part of the grid … what is that going to touch? Will there be cascading failures along that line?” said Cox. “Nobody’s really looked at a holistic view of this, which is what I’m hoping for here.”