DHS rethinks privacy in cyber analytics
- By Mark Rockwell
- Feb 12, 2016
DHS wants to track cyber threats in real time across network environments using machine algorithms that can detect strange traffic patterns associated with malicious reconnaissance, compromised accounts or data exfiltration.
It also wants to insure the capabilities adhere to privacy rules.
Algorithmic analytics track the behavior of network traffic. 'That differentiates the technique from signature-based programs like Einstein. And, according to DHS, it could improve detection rates and speeds, as well as boost responses to hostile network activity in federal agency and protected networks.
The program was detailed in a Feb. 8 public meeting of the DHS Privacy Office as the agency sought to insure protection of personally identifiable information as analytic tracking technology moves forward at the agency.
Commercial companies have been using algorithmic analytics through front-end authentication, transaction monitoring, risk-scoring queries and other technologies, according to DHS documents.
DHS also has been sizing up other emerging detection technology that industry can leverage.
For instance, in January, it pushed out new detection tools to commercial industry that rely on the agency's technology. Andy Ozment, DHS' assistant secretary for cybersecurity and communications, said the agency had added Netflow Analysis to its Enhanced Cybersecurity Services program, which can allow companies to "more effectively identify and analyze malicious activity transiting their customers' networks."
Through the voluntary ECS program, DHS shares classified or sensitive information on cyberthreats with companies that use the information to block infiltration attempts. Firms have the option of providing DHS with anonymized feedback on what cyber intelligence is effective in thwarting threats.
DHS also has an applied research pilot project called "Logical Response Aperture," which tests automated security analytics and countermeasures.
DHS said in documents distributed at the Feb. 8 meeting that algorithmic analytics programs could be extended to federal systems, and also used for data flowing from major partners like the companies in its voluntary Defense Industrial Base Exploratory Cybersecurity Initiative.
However, such protections also come with privacy issues that need to be sorted out. DHS said privacy guidelines and benchmarks for algorithmic analytics must be addressed at the agency quickly, since a number of private-sector companies are adopting similar models.
In Jan. 2015, DHS chief privacy office asked the DHS Privacy and Integrity Advisory Committee to look at the privacy issues involved with using algorithmic analytics and to provide guidance.
IBM Center for the Business of Government Executive Director Dan Chenok, who chairs DPIAC's Cyber Subcommittee, submitted the committee's findings at the Feb. 8 DHS Privacy Office public meeting.
During the meeting, committee members stressed the data collected by algorithmic analytics was only a "piece of a piece" of netflow traffic -- just the portion that showed anomalous behavior, and not all traffic going in and out. They also noted that the technology did no't track the behavior of people using a network, but rather traffic behavior patterns.
The DPIAC adopted privacy recommendations that include limiting personnel who work with the data generated, developing control for accessing both the logs and underlying data, notifying users of the technology's use, and making the criteria for what is being collected transparent.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.