DHS Wants to Plug Holes in Cyber Defenses with Big Data
Parsing data gleaned from its network-monitoring activities could provide a full-scale, real-time model of the potential cyberthreat agencies face, DHS officials say.
The Department of Homeland Security has a new big idea for improving the cybersecurity of federal agencies and key private industries: big data.
A White House progress report released Feb. 5 detailing how the federal government is seizing big data opportunities said DHS is “working across government and the private sector to identify and leverage the opportunities big data analytics presents to strengthen cybersecurity.”
When queried by Nextgov, a DHS spokesman declined to provide details about the big data efforts outlined in the report.
But in a conference call with members of the President’s National Security Telecommunications Advisory Committee that same day, White House and DHS officials provided glimpses into a number of ongoing initiatives that aim to fuse traditional cyber-defense methods with the real-time intelligence rendered by robust data analytics.
DHS, which is tasked with protecting civilian agency networks, is taking steps to take the data it gathers from its proactive scanning -- in consultation with its privacy experts -- and perform mathematical trend analyses of cyber events. The goal is to get a full-scale, real-time model of the potential cyberthreat agencies face.
DHS officials call it the “weather map” and hope it can do for cyberthreats what weather satellites, meteorologists and data analysts at the National Weather Service have done for years predicting climate threats, said Phyllis Schneck, deputy undersecretary for cybersecurity and communications for DHS’ National Protection and Programs Directorate.
"This concept comprises the ability to view the current state of cybersecurity, just as a traditional weather map provides the view of current weather,” Schneck told the committee. “Our goal for networks for connected devices is to know when to, in real-time, just reject incoming traffic -- much of which carries the malware these days -- due to its current behavior.”
Schneck likened the idea to going beyond “a set of vaccines” -- relying only on threat signatures -- and moving instead toward full-scale cyber “immune system” for the government.
Another DHS initiative, the Cyber Apex program, aims to do something similar for key industries in the private sector: detect the presence of a cyberthreat without necessarily relying on a known cyber-signature.
The program is currently working with companies in the financial sector, but could be expanded soon, Schneck said.
Overall, DHS remains in the early stages of developing the weather map system. The agency is currently building the architecture and doing some prototyping, Schneck. But at least in a few cases, DHS has analyzed data from its network-monitoring Einstein system.
"We are doing everything in small steps, small understandable steps," she said.
Still, it’s unclear how DHS’ plans to parse network activity squares with a policy, quietly announced last fall, to delete all Einstein data -- which includes information about traffic to government websites, network intrusions and general vulnerabilities -- more than three years old.
Also on Thursday, White House Cybersecurity Coordinator Michael Daniel tasked the NSTAC, a group of 30 industry executives who advise President Barack Obama on telecommunications policy and national security, with studying how big data can be used to strengthen cybersecurity.
"We continue on the White House side to have a real interest in exploring the issue of big data and big data analytics,” Daniel said during the conference call.
Again, citing the example of weather prediction -- an entire industry and discipline built on big data -- Daniel added, "To a very large degree, we want to pursue that in cybersecurity, and I think there's a lot of opportunities there."
The committee will work over the next several months on coming up with recommendations, according to a DHS spokesman.