CybersecurityCyber researchers need to predict, not merely respond to, cyberattacks: U.S. intelligence

Published 9 March 2015

The Office of the Director of National Intelligence wants cybersecurity researchers to predict cyberattacks rather than just respond to them, according to the agency’s Intelligence Advanced Research Projects Activity (IARPA) program. Current cyber defense methods such as signature-based detection “haven’t adequately enabled cybersecurity practitioners to get ahead of these threats,” said Robert Rahmer, who leads IARPA’s Cyber-attack Automated Unconventional Sensor Environment (CAUSE) program. “So this has led to an industry that’s really invested heavily in analyzing the effects or symptoms of cyberattacks instead of analyzing [and] mitigating the cause.”

The Office of the Director of National Intelligence wants cybersecurity researchers to predict cyberattacks rather than just respond to them, according to the agency’s Intelligence Advanced Research Projects Activity (IARPA) program. Current cyber defense methods such as signature-based detection “haven’t adequately enabled cybersecurity practitioners to get ahead of these threats,” said Robert Rahmer, who leads IARPA’s Cyber-attack Automated Unconventional Sensor Environment (CAUSE) program. “So this has led to an industry that’s really invested heavily in analyzing the effects or symptoms of cyberattacks instead of analyzing [and] mitigating the cause.”

CAUSE will fund researchers who are developing “unconventional” techniques for predicting cyberattacks. One technology that could emerge from CAUSE is a set of tools to harvest big data and models for threat forecasting. “Successful proposers will combine cutting-edge research with the ability to develop robust forecasting capabilities from multiple sensors not typically used in the cyber domain,” says an IARPA description of the CAUSE program.

Federal agencies have failed to detect cyberattacks before they cause great damage. CAUSE aims to use automated methods to detect cyber threats “hours to weeks earlier” than current methods, Rahmer said. The Homeland Security News Wire reported that it took months before U.S. Investigations Services, formerly the government’s top security-clearance contractor, noticed a security breach within the firm’s computer networks (see “Security contractor USIS failed to notice months-long hacking of its computer systems,” HSNW, 5 November 2014).

Federal Computer Week reports that IARPA will issue an agency announcement for the CAUSE program by the end of fiscal 2015. Proposals will be evaluated on the timeliness and level of detail of their warnings of cyberattacks. The resulting technology could be made available to intelligence agencies and the private sector.

Roughly 150 researchers from industry and academia attended a recent IARPA proposers day event. Proposals included a software that collects and analyzes media to model adversaries’ online behavior. That plan from R&D nonprofit Battelle would strip away the anonymity hackers rely on to operate in the Deep Web.

The CAUSE program comes as the intelligence community integrates cyber capabilities into current operations. On 6 March, CIA chief John Brennan announced the agency would explore and utilize cyber capabilities in almost every category of the agency’s operations. “Cyber is now part of every mission. It’s not a specialized, boutique thing,” said a former CIA official.