Big Data

Cybersecurity: Locks are fine, alarms better


Keeping intruders out has never been an easy task, and it's only getting harder. Big data offers an alternative approach. (Stock image)

Big data is all around us. It's helping fast-food chains and retailers keep customers happy, and it's integral to the now very-public surveillance efforts employed by the intelligence community.

But for federal agencies, one of the most attractive uses of big data and the accompanying analytics it allows for may be in the realm of cyber defense.

While the cybersecurity measures most federal agencies employ continue to improve, statistics show an increasing prevalence of large-scale data breaches in the private sector that almost certainly translates to their government counterparts.

According to Bobby Caudill, global government program director for Teradata, new data suggests that if sophisticated outsiders – including a growing contingent of well-funded nation-state affiliated actors – want specific data, they will find a way to gain access to a system.

Instead of investing loads of money building better locks for protection, Caudill encouraged agencies to develop better alarms that use available data to determine when outsiders have gotten in.

"Big data analytics' capabilities have constantly improved and gotten more effective," said Caudill, speaking at an FCW cyber-security briefing Sept. 12 in Washington, D.C.

"We've got to look for ways to use data and analytics to recognize these things faster," Caudill said. "The threat landscape is larger. It's more lucrative now than it's ever been."

Caudill cited the banking and credit card industries as innovators in using analytics for improved fraud detection, and said the same analytics can help agencies detect threats and network intruders in near real-time.

The real-time aspect is huge, he said, because most companies and federal agencies aren't aware of data breaches until months after they occur.

According to Verizon's 2013 Data Breach Investigations Report (DBIR), which contains information on upwards of 47,000 cyber-security incidents and 621 confirmed data breaches reported by 19 worldwide partners over the past year, 66 percent of organizations "took months or more to discover" breaches.

Interestingly, the DBIR suggests that 70 percent of such breaches are discovered by external parties, not by the compromised organization. The most common breaches involve malware (40 percent), hacking (52 percent) or the exploitation of weak or stolen credentials (76 percent) according to the DBIR, and about 20 percent of all data breaches were perpetrated by state-affiliated actors such as China.

Imagine what kind of information an intruder could access with months to acclimate to a system, Caudill said.

Corporate attacks are most often driven by financial motives, according to DBIR, and intruders with months to operate could steal trade secrets, proprietary information and employee or customer data. The stakes can be at least as high in a federal environment. Tax data, Social Security numbers, classified and top secret information are all stored in massive quantities within federal networks.

Caudill, citing a Ponemon Institute study, said the problem is scarier for federal agencies because one-third aren't even planning on using big data analytics.

But Caudill said big data analytics has progressed sufficiently as a technology to search for anomalies in network data. Just as banks use analytics to analyze customer transactions and alert customers when iffy behavior occurs, federal agencies can monitor the behavior of users and traffic within their environments.

Caudill stressed that any system of situational awareness requires four key aspects: people, process, technology and data.

"If you leave out any of those things, you have a three-legged dog," Caudill said. "Now a three-legged dog can do some things, but…"

Steven Chabinsky, senior vice president of legal affairs and chief risk officer of Crowdstrike, said yesteryear's failed approaches to cybersecurity highlight the importance of analytics within network systems.

The world is dealing with more potent, tenacious adversaries than ever before, Chabinsky said, and the government isn't doing much in the way of stopping them.

Short of spending more money on identifying specific adversaries and targeting them with offensive cyber initiatives – something Chabinsky said the private sector would welcome– agencies should invest in better threat detection because the threats aren't going to stop.

Analytics represents the best current approach to identifying threats when they break through security, and the faster those threats are discovered and isolated, the less data they're likely to export and the less harm they're likely to inflict.

"We as a nation and security community have been following a failed approach to security," Chabinsky said. "It should not surprise anybody that we are failing miserably."

About the Author

Frank Konkel is a former staff writer for FCW.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Shutterstock image: looking for code.

    How DOD embraced bug bounties -- and how your agency can, too

    Hack the Pentagon proved to Defense Department officials that outside hackers can be assets, not adversaries.

  • Shutterstock image: cyber defense.

    Why PPD-41 is evolutionary, not revolutionary

    Government cybersecurity officials say the presidential policy directive codifies cyber incident response protocols but doesn't radically change what's been in practice in recent years.

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

Reader comments

Thu, Sep 19, 2013 Dave Tindell

Frank, good article but have to agree with the comments of the reader above that infrastructure should be a top priority since many of the new system incorporate greater controls and monitoring capabilities. Adding analytics to this will help identify the anomalies associated with illegal intrusion then alert appropriate entities of the finding and automatically lockdown or reduce bandwidth. Since big data really is a big target for cyber-attacks and intrusion due its nature and volume, being prepared to monitor, analyze and control both external and internal access is of utmost importance to both the data owners and those the data represent. All four legs are needed for real stability.

Mon, Sep 16, 2013

The title of your article contradicts the comments of the security experts. You need all four to have have better security. Having alarms without improving the locks fails to remediate the situation. We are being told to invest in better alarms but at the same time cutting the resources we use to remediate the situation while at the same time expanding the avenues subject to attack. Big data analytics is hyping the need, when the need is really to upgrade the infrastructure. Legacy systems and equipment on networks threaten other connected systems because of their unmitigated vulnerabilities. Older tools for remediation are not being updated because of this "need" for cyber analytics. If you don't have the basic, modern tools for hardening, you don't need cyber analytics. A parallel to this is the hype about money need for roads and bridges. When money is finally allocated, it doesn't go towards repairing the crumbling bridges and roads but to the "smart" high tech roads built with sensors. The sensors tell you how dangerous the road is becoming but the problem in repairing it goes unmitigated.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group