Big Data Can Lead to Big Problems
AFCEA Cyber Committee recommends actions to thwart threats.
The billions of bits and bytes that make government services, information sharing and even shopping easier also open the doors for adversaries to gather intelligence that aids their nefarious pursuits. AFCEA International’s Cyber Committee has published a white paper that describes several ways big data analytics can help cybersecurity analysts close those doors or at least shrink the gap and reduce vulnerabilities.
Complex networks comprising traditional information technology systems, the Internet of Things and multiple cloud environments make it difficult for cybersecurity analysts to detect, prevent and mitigate cyber exploits and attacks. The Cyber Committee urgently recommends the United States apply big data analytics to the security of government and critical infrastructures and undertake the necessary research to increase the speed of developing these tools.
The urgency of this recommendation comes not only from the magnitude but also the diversity of the data that’s being stolen. Breaches of the Office of Personnel Management (OPM), a voter database and even Yahoo’s user base demonstrate that cyber criminals are after both large amounts and various types of information. By using big data analytics on the spoils of cyber war, they gain significant insight into U.S. national security decisions, the economy and even political dynamics.
“Adversaries could learn quite a lot, given enough information,” explains Sam Visner, Cyber Committee member and director of the National Cybersecurity Federally Funded Research and Development Center operated by The MITRE Corporation. “For example, an adversary or simply a competitor might learn about the various strategic thrusts of U.S. R&D, particularly in critical areas such as aerospace. An adversary might seek to understand the demographics, including interests and affiliations of U.S. government personnel. Given the amount of genomic data, one might want to understand U.S. health vulnerabilities. Critical insights into U.S. pharmaceutical research might be gleaned with enough data and advanced analytics.”
However, the AFCEA Cyber Committee points out that the U.S. national security and intelligence communities also can use big data analytics to understand how to stop foreign intelligence services and cyber criminals from exploiting U.S. computer networks. It recommends increasing the emphasis on the kind of research IBM is conducting, which applies artificial intelligence to the data that security information and event management systems collect.
Work at the U.S. Department of Energy also intrigues Visner. “The use of data analytics to make our critical infrastructure smarter, including work conducted by the Smart Grid Consortium of the DOE National Laboratories, can help us optimize energy transmission, distribution and use,” he says, but warns, “In the hands of an adversary, such analytics might be used to structure debilitating attacks against our infrastructure.”
If possible, government research and development organizations should undertake a joint effort to support the development of such technologies, the committee recommends. In addition, given the progress the private sector has made, the government should allow industry to help shape and conduct this research.
The collection and storage of data presents another major challenge to the security of big data analytics environments. The OPM hack illustrated that a single adversary can move easily across the enterprise to steal information. Consequently, it is important that all data be encrypted during transmission, at rest and, if possible, during processing, the committee suggests.
In addition, concern is rising that the United States is losing billions of dollars in intellectual property as well as terabytes of data each year. Several approaches are worth exploring to combat this threat to both national security and the economy. The Cyber Committee recommends that the intelligence community look at foreign countries’ policies, doctrines and concepts of operations in several areas to address this issue. Committee members believe such intelligence could be of immense importance to national and homeland security and is prepared to support development of initial terms of reference.
“Given the value of big data environments, we should look at ways to enhance cybersecurity at an enterprise level. In addition, urgent attention should be paid to the way other countries are using big data analytics to understand the United States and craft courses of action that affect our national interests. The AFCEA Cyber Committee stands ready to support these efforts,” the committee states in its white paper.
Visner has additional ideas. For example, the U.S. government should address the behavior of all smart infrastructures, including those that are just becoming smart such as roads that will need to serve increasingly autonomous vehicles. These infrastructures will entail both IT resources and the distribution of electricity, he says. “We need models of ‘normal’ behavior of such complex, ever-changing infrastructures if we are to detect and deal effectively with the malware that can cause anomalous—and dangerous—behavior,” he asserts.
“We need also to think imaginatively about ways our adversaries can use advanced data analytics,” he adds, pointing out that enemies could employ the tools the United States uses in ways the nation has not anticipated or even imagined. “We need to focus cybersecurity R&D on these issues and include the R&D resources of academia, industry and the nonprofit world in addition to the resources of government,” Visner states.