Cyber security appears at the Neighborhood Watch levelComputer scientists have developed a grassroots-like effort to combat cyber threats through communications
By Doug Page
Cyber criminals sometimes prey on organizations related to one another, such as government agencies and laboratories. Research laboratories, for instance, fight off millions of cyber attacks every year.
An incident at one institution can be a tip that an attack on similar sites is imminent, but, until recently, an installation wouldn’t know about attacks on any others.
To address this inconsistency, computer scientists at Argonne National Laboratory in Illinois have developed a sort of grassroots effort to combat cyber security incidents among laboratories and universities.
The new system, called the Federated Model for Cyber Security, allows cyber security defense systems to communicate when attacked and transmit attack information instantly and automatically to defense systems at other institutions. The idea is to strengthen the overall cyber security posture of the federated sites.
"This model acts as a virtual Neighborhood Watch program." said Michael Skwarek, deputy CIO and cyber security program manager at Argonne. Skwarek said that if one institution in the network is attacked, secure and timely communication to others will help protect other sites from that same attack through active response.
Before the Argonne system, which won the Department of Energy's 2009 Cyber Security Innovation and Technology Achievement Award, exchanging information about hostile activity rested solely on humans using the telephone or e-mail to alert other sites, a ridiculously inefficient method when every second can count to fend off an attack.
"With millions of cyber security probes a day, the human element will not be successful alone," Skwarek said.
The new system reduces the time to react across the complex. "Hostile activity is often targeted at more than one location, and having our defenses ready and armed will assist greatly," Skwarek said.
Currently, the system is capable of transmitting information about the type and time of attack, exploit attempted, and the hostile IP addresses and domain names, and will soon be able to share hostile e-mail addresses and URLs to others in the federation.
Current members of the federation include more than 20 national labs and universities. Skwarek believes the private sector could benefit as well.
"Institutions that collaborate regularly, such as the financial sector, can also realize an operational gain by leveraging the power of sharing and learning from others on what they see and defend against on a daily basis," he said.
Registration directions are available online through the Argonne National Laboratory Web site.