CERT running security pilots

The CERT Coordination Center at Pennsylvania's Carnegie Mellon University has developed two unique pilot programs designed to bolster the information assurance capabilities of government agencies.

The number and sophistication of cyberattacks against U.S. government systems have increased in recent years, but the refinement of the individuals initiating them has decreased, which makes it even more difficult for agencies to differentiate a high school hacker from an extended, coordinated intrusion attempt, said John McHugh, senior member of the technical staff at the CERT Coordination Center (CCC) at Carnegie Mellon.

Speaking May 2 at an Armed Forces Communications and Electronics Association information technology conference in Quantico, Va., McHugh said the basic idea is to make sure that cyber intruders can't take out all the systems all the time since "survivability is the mission-centric notion of information assurance."

To help agencies improve their defenses, the CCC is working on the Automated Incident Response (AirCERT) program, a data collection and coordination exercise that uses statistical methods to detect emerging threat patterns.

AirCERT uses an open source infrastructure to automatically gather and report security incidents from CCC client Internet sites that agree to have that information inspected, McHugh said. The goal is to "reduce the burden on security analysts by automatically handling well-understood attacks," he said.

The CCC has completed an AirCERT proof-of-concept prototype and is testing the program with members of the Internet community.

The CCC also is working with a defense agency -- which McHugh would not name because of security concerns -- on another program that uses raw data to identify routing anomalies and back doors into a network.

The NetFlow system collects enormous amounts of unbiased data and analyzes it in "chunks at a time" to help establish "traffic baselines" and detects potentially nefarious activity as deviations from the baselines, McHugh said.

The CCC is working with the defense agency on a detailed analysis of its daily traffic and hopes to use real-time data in the future, he said, adding that agencies and companies that use Cisco Systems Inc. routers can do this type of analysis.

"This is a capability in most Cisco routers, and anyone who wants to can collect this data," McHugh told Federal Computer Week. "We're working with a large government client to develop tools to [enable them to] analyze it themselves."

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.