WHY THIS MATTERS IN BRIEF
The security industry faces a paradigm shift as the US Government moves to predict cyber attacks before they happen.
The Intelligence Advanced Research Projects Activity (IARPA), the sister organisation to DARPA, the Pentagons bleeding edge military research and development organisation, which invests in high-risk, high-payoff research programs to tackle some of the most difficult challenges facing the Intelligence Community has launched a multi-year $12 million program to create a slew of new cyber tools and techniques that will be used to create an early warning system for detecting the precursors to cyber attacks.
If the project is successful then, for the first time ever, we would have an early warning system and a way to predict cyber attacks before they happen and could make preparations to protect government institutions and private organisations accordingly.
IARPA, part of the Office of the Director of National Intelligence, says the three and a half year program will develop software code to sense what they term “unconventional indicators” of cyber attack, and use the data to develop models and machine learning systems that can create probabilistic warnings.
Current early warning systems are focused on traditional cyber indicators such as activity targeted toward IP addresses and domain names, according to IARPA program manager Robert Rahmer.
The first stage of the program, lasting 18 months, will examine data outside of the victims network, such as black market sales of exploits that take advantage of particular software bugs. The second and third phases, 12 months each, will do deep dives into a broad range of existing advanced intrusion detection platforms, look for new and alternative ways to develop warnings and then transfer the tools that emerge from the research to the other partner organisations, he said.
IARPA said the program, known as Cyberattack Automated Unconventional Sensor Environment, or CAUSE, has been underway since August and includes four main research partners – BAE Systems – whose team will include StratumPoint, Digital Operatives LLC and the University of Maryland – Charles River Analytics, Leidos, and the University of Southern California. Each partner has a novel approach to addressing the challenge and can work with subcontractors, according to Rahmer.
“We are focusing on the human aspect of prediction versus detection,” said Anne Taylor, technology group director at BAE who said the company is applying human behavioural, cyber attack, and social theories to publicly available information — such as posts on social media — to develop a network of unconventional sensors that can monitor a range of different activities that could indicate the early formulation of an attack.
“Signals of interest are derived from examining emotional language and sentiment-related characteristics, analyzing topics of discussion, and looking at technical communications,” said Taylor
“This differs from traditional cyber attack detection which utilizes conventional sensors running with private data where the focus is on the detection of an ongoing event, rather than prediction.”
“The possibility of pushing threat detection closer to its originating point in the attack chain holds significant promise for reducing or potentially preventing the damage caused by cyberattacks,” said John Fratamico, president of the Leidos Advanced Solutions Group.
If nothing else the program looks set to establish a precedent that will show that, with the right tools and insights, it’s possible to predict cyber attacks before they happen. An early warning system of this nature could prove invaluable in helping organisations deploy the appropriate counter measures before they inflict damage, although how it will cope with the rise of new artificial intelligence driven robo-hackers, whose mission might only appear at the point when the attack happens, remains to be seen.