DHS to rely on big data to protect critical infrastructure, networks

This post is also available in: עברית (Hebrew)

DHS NOC190215

DHS officials responsible for protecting federal civilian networks and critical industries from cyberattacks have recently referred to this issue. They said they are going to rely more on big data analytics to predict, detect, and respond to future hacks. This, according to a recently released White House progress report.

The report details how cybersecurity officials are “working across government and the private sector to identify and leverage the opportunities big data analytics presents to strengthen cybersecurity.”

According to Homeland Security New Wire, much about the big data initiative remains classified, but in a conference call with members of President Barack Obama’s National Security Telecommunications Advisory Committee (NSTAC), White House and DHS officials previewed a number of ongoing efforts that will combine traditional cyber-defense tactics with real-time intelligence provided by in-depth data analytics.

According to NextGov, DHS will gather data from its proactive scanning of critical networks to perform mathematical trend analyses of cyber events. The final product will be a full-scale, real-time model of potential cyberthreats agencies and critical sectors face. Phyllis Schneck, deputy undersecretary for cybersecurity and communications for DHS’ National Protection and Programs Directorate: “the department refers to it as a ’weather map’ and hopes it can do for cyberthreats what weather satellites, meteorologists, and data analysts at the National Weather Service have done for years- predicting climate threats”.

Register to iHLS Israel Homeland Security

“This concept comprises the ability to view the current state of cybersecurity, just as a traditional weather map provides the view of current weather,” Schneck told the committee. “Our goal for networks for connected devices is to know when to, in real-time, just reject incoming traffic — much of which carries the malware these days— due to its current behavior.”

DHS’s Cybersecurity Apex program will also implement a similar strategy for critical private sector networks. The program will detect the presence of a cyberthreat without relying on a known cyber-signature. Companies in the financial sector are already benefiting from the program, Schneck said.

Altogether, the “weather map system” remains in its early stages of development, but DHS has already analyzed big data using its network-monitoring Einstein system. “We are doing everything in small steps, small understandable steps,” Schneck said.

Still, it is unclear how DHS will analyze government network activities considering it announced last year that it would delete all Einstein data, including information about traffic to government websites, network intrusions, and general vulnerabilities, more than three years old; because according to DHS officials in 2014, data more than three years old would have no research significance.