Cybersecurity

Getting a handle on cyberattacks

cyber attack button

The intelligence community’s advanced research organization wants to find live, real-world cyberattack data to test incursion detection techniques used by large organizations.

In a request for information posted March 4 on the Intelligence Advanced Research Projects Activity web site, the group said it wants to find a better way to evaluate detection techniques as cyberattacks proliferate from different types of assailants and from varied geographical locations using multiple technologies.

ARPA said it is particularly interested in talking to vendors about structured databases used to document and report cyberattacks, with an eye toward minimal latency between report and the event. It also wants real-time enterprise data, such as host logs, security application logs and alerts, and help desk ticket details that cover the period of a cyber event.

The RFI said IARPA wants to get a better handle on which existing structured databases consistently document and report cyberattacks and how complete their global, regional or industry-specific reach is.

Additionally, it wants to find out what cyberattack attributes – including source and target IP ranges, time, intent, indicators of compromise, attacker attribution, victim details and magnitude -- are documented in the databases.

The agency also inquired about the possibility of partnering with a large organization with more than 5,000 users in a sponsored research program as a test bed.

About the Author

Mark Rockwell is a staff writer covering acquisition, procurement and homeland security. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above