Talk:SOLUTIONS Series
From AFCEAWiki
Contents |
[edit] Twister Software for Cyberwarfare Situational Awareness
Solutions Made Simple, Inc. (SMSi) provides data management software technology and services that enables Information Sharing for the Intelligence Community and Department of Defense.
Twister Data Framework®, the company’s software technology, is being used to implement various data management solutions including data warehousing, data migration, data consolidation, data mining, data mapping, data cleansing, data synchronization, data governance, and cross-enterprise data integration.
Twister Data Framework® also enables situational awareness (SA) for cyberwarfare. In order to achieve SA in the cyberspace domain, the Intelligence, Surveillance, and Reconnaissance (ISR) process must have the ability to ingest, tag, normalize, format, integrate, and manage a very high volume of data from disparate sources, sensors, devices, and network security monitoring / logging tools across both government and corporate networks. The transformed data must be delivered to a centralized log management system and threat repository, where it can be visualized, correlated with historical threat data to predict future threats, and shared with external systems and operators and the private sector. The Computer Network Defense (CND), Order of Battle (OOB), Course of Action (COA) development, Integrated Task Order (ITO), effects assessment, and Computer Network Attack (CNA) processes are highly dependent on this ISR process.
While military ISR processes are providing SA and tracking cyber threats and attacks against Department of Defense (DoD) military networks, attacks on other U.S. government networks and private industry, which are just as common and pose just as much security threat to our country’s critical infrastructure and financial systems, are not correlated with DoD cyber intelligence data. At the first open hearing on cybersecurity held by the House Permanent Select Committee on Intelligence September 18, 2008, cybersecurity experts told Congress that the Bush administration’s Comprehensive National Cybersecurity Initiative does not adequately address the private sector.
To improve the information flow of cyber intelligence data, SMSi's Twister Data Framework® software can be used to enable cyber intelligence data sharing and interoperability. Cyber SA can be improved by implementation of a centralized data access system for sharing and correlating network security event / log and threat data across external systems and users in U.S. government agencies and corporate organizations operating in different security domains.
[edit] Technical Approach
SMSi's technical approach for implementation of this Cyber SA capability is based on its Twister Data Framework® software technology, which is used to rapidly and automatically ingest, tag, normalize, format, integrate, correlate, and manage disparate data sources such as relational databases, streaming data, and unstructured, semi-structured, and structured text, and to transform data to make it usable for intelligence analysis. Twister runs on clusters of commodity processors, which allows massive amounts of data to be processed in parallel. Twister Data Framework® includes the Twister Data Integrator (TDI) and Twister Data Server (TDS). TDI enables data management and integration by transforming data from its original format into alternative formats for use in third party analysis, visualization, and collaboration tools. TDS enables information sharing by making data accessible through federated queries across multiple data sets and networks regardless of location and security domain, providing mediated access based on a strict LDAP security model and managing all credentials.
[edit] Customer References
SMSi has supported implementation of Cyber SA applications for DoD to automate the manually intensive data preparation steps by rapidly ingesting 20 raw data sources containing network monitoring data and populating an Oracle database to enable integration, searching, and alerting capabilities for CND analysts. In addition, SMSi has developed a proof of concept to rapidly ingest daily and historical network event data from an Oracle database and transform it for use in an analytical search tool that provides the ability to discover strategic cyber attacks. Customer references for these efforts are available upon request (dyeagle@sms-fed.com).
