DHS rethinks privacy in cyber analytics

Shutterstock image: cybersecurity radar.

DHS wants to track cyber threats in real time across network environments using machine algorithms that can detect strange traffic patterns associated with malicious reconnaissance, compromised accounts or data exfiltration.

It also wants to insure the capabilities adhere to privacy rules.

Algorithmic analytics track the behavior of network traffic. 'That differentiates the technique from signature-based programs like Einstein. And, according to DHS, it could improve detection rates and speeds, as well as boost responses to hostile network activity in federal agency and protected networks.

The program was detailed in a Feb. 8 public meeting of the DHS Privacy Office as the agency sought to insure protection of personally identifiable information as analytic tracking technology moves forward at the agency.

Commercial companies have been using algorithmic analytics through front-end authentication, transaction monitoring, risk-scoring queries and other technologies, according to DHS documents.

DHS also has been sizing up other emerging detection technology that industry can leverage.

For instance, in January, it pushed out new detection tools to commercial industry that rely on the agency's technology. Andy Ozment, DHS' assistant secretary for cybersecurity and communications, said the agency had added Netflow Analysis to its Enhanced Cybersecurity Services program, which can allow companies to "more effectively identify and analyze malicious activity transiting their customers' networks."

Through the voluntary ECS program, DHS shares classified or sensitive information on cyberthreats with companies that use the information to block infiltration attempts. Firms have the option of providing DHS with anonymized feedback on what cyber intelligence is effective in thwarting threats.

DHS also has an applied research pilot project called "Logical Response Aperture," which tests automated security analytics and countermeasures.

DHS said in documents distributed at the Feb. 8 meeting that algorithmic analytics programs could be extended to federal systems, and also used for data flowing from major partners like the companies in its voluntary Defense Industrial Base Exploratory Cybersecurity Initiative.

However, such protections also come with privacy issues that need to be sorted out. DHS said privacy guidelines and benchmarks for algorithmic analytics must be addressed at the agency quickly, since a number of private-sector companies are adopting similar models.

In Jan. 2015, DHS chief privacy office asked the DHS Privacy and Integrity Advisory Committee to look at the privacy issues involved with using algorithmic analytics and to provide guidance.

IBM Center for the Business of Government Executive Director Dan Chenok, who chairs DPIAC's Cyber Subcommittee, submitted the committee's findings at the Feb. 8 DHS Privacy Office public meeting.

During the meeting, committee members stressed the data collected by algorithmic analytics was only a "piece of a piece" of netflow traffic -- just the portion that showed anomalous behavior, and not all traffic going in and out. They also noted that the technology did no't track the behavior of people using a network, but rather traffic behavior patterns.

The DPIAC adopted privacy recommendations that include limiting personnel who work with the data generated, developing control for accessing both the logs and underlying data, notifying users of the technology's use, and making the criteria for what is being collected transparent.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.