CERT running security pilots

The CERT Coordination Center at Pennsylvania's Carnegie Mellon University has developed two unique pilot programs designed to bolster the information assurance capabilities of government agencies.

The number and sophistication of cyberattacks against U.S. government systems have increased in recent years, but the refinement of the individuals initiating them has decreased, which makes it even more difficult for agencies to differentiate a high school hacker from an extended, coordinated intrusion attempt, said John McHugh, senior member of the technical staff at the CERT Coordination Center (CCC) at Carnegie Mellon.

Speaking May 2 at an Armed Forces Communications and Electronics Association information technology conference in Quantico, Va., McHugh said the basic idea is to make sure that cyber intruders can't take out all the systems all the time since "survivability is the mission-centric notion of information assurance."

To help agencies improve their defenses, the CCC is working on the Automated Incident Response (AirCERT) program, a data collection and coordination exercise that uses statistical methods to detect emerging threat patterns.

AirCERT uses an open source infrastructure to automatically gather and report security incidents from CCC client Internet sites that agree to have that information inspected, McHugh said. The goal is to "reduce the burden on security analysts by automatically handling well-understood attacks," he said.

The CCC has completed an AirCERT proof-of-concept prototype and is testing the program with members of the Internet community.

The CCC also is working with a defense agency -- which McHugh would not name because of security concerns -- on another program that uses raw data to identify routing anomalies and back doors into a network.

The NetFlow system collects enormous amounts of unbiased data and analyzes it in "chunks at a time" to help establish "traffic baselines" and detects potentially nefarious activity as deviations from the baselines, McHugh said.

The CCC is working with the defense agency on a detailed analysis of its daily traffic and hopes to use real-time data in the future, he said, adding that agencies and companies that use Cisco Systems Inc. routers can do this type of analysis.

"This is a capability in most Cisco routers, and anyone who wants to can collect this data," McHugh told Federal Computer Week. "We're working with a large government client to develop tools to [enable them to] analyze it themselves."

Featured

  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected