CybersecurityDHS to rely on big data to protect critical infrastructure, networks

DHS officials responsible for protecting federal civilian networks and critical industries from cyberattacks are going to rely more on big data analytics to predict, detect, and respond to future hacks, according to a White House progress report released on 5 February. The report details how cybersecurity officials are “working across government and the private sector to identify and leverage the opportunities big data analytics presents to strengthen cybersecurity.”

Much about the big data initiative remains classified, but in a conference call with members of President Barack Obama’s National Security Telecommunications Advisory Committee (NSTAC), White House and DHS officials previewed a number of ongoing efforts that will combine traditional cyber-defense tactics with real-time intelligence provided by in-depth data analytics.

According to NextGov, DHS will gather data from its proactive scanning of critical networks to perform mathematical trend analyses of cyber events. The final product will be a full-scale, real-time model of potential cyberthreats agencies and critical sectors face. Phyllis Schneck, deputy undersecretary for cybersecurity and communications for DHS’ National Protection and Programs Directorate, said that the department refers to it as a “weather map” and hopes it can do for cyberthreats what weather satellites, meteorologists, and data analysts at the National Weather Service have done for years- predicting climate threats. “This concept comprises the ability to view the current state of cybersecurity, just as a traditional weather map provides the view of current weather,” Schneck told the committee. “Our goal for networks for connected devices is to know when to, in real-time, just reject incoming traffic — much of which carries the malware these days— due to its current behavior.”

DHS’s Cybersecurity Apex program will also implement a similar strategy for critical private sector networks. The program will detect the presence of a cyberthreat without relying on a known cyber-signature. Companies in the financial sector are already benefiting from the program, Schneck said.

White House Cybersecurity Coordinator Michael Daniel has asked the NSTAC to study how big data can be used to improve cybersecurity. “We continue on the White House side to have a real interest in exploring the issue of big data and big data analytics,” Daniel said during the conference call. He affirmed that like weather prediction, where an entire industry and discipline is built on big data, “To a very large degree, we want to pursue that in cybersecurity, and I think there’s a lot of opportunities there.”

Altogether, the “weather map system” remains in its early stages of development, but DHS has already analyzed big data using its network-monitoring Einstein system. “We are doing everything in small steps, small understandable steps,” Schneck said.

Still, it is unclear how DHS will analyze government network activities considering it announced last year that it would delete all Einstein data, including information about traffic to government websites, network intrusions, and general vulnerabilities, more than three years old; because according to DHS officials in 2014, data more than three years old would have no research significance.