DHS rethinks privacy in cyber analytics

Shutterstock image: cybersecurity radar.

DHS wants to track cyber threats in real time across network environments using machine algorithms that can detect strange traffic patterns associated with malicious reconnaissance, compromised accounts or data exfiltration.

It also wants to insure the capabilities adhere to privacy rules.

Algorithmic analytics track the behavior of network traffic. 'That differentiates the technique from signature-based programs like Einstein. And, according to DHS, it could improve detection rates and speeds, as well as boost responses to hostile network activity in federal agency and protected networks.

The program was detailed in a Feb. 8 public meeting of the DHS Privacy Office as the agency sought to insure protection of personally identifiable information as analytic tracking technology moves forward at the agency.

Commercial companies have been using algorithmic analytics through front-end authentication, transaction monitoring, risk-scoring queries and other technologies, according to DHS documents.

DHS also has been sizing up other emerging detection technology that industry can leverage.

For instance, in January, it pushed out new detection tools to commercial industry that rely on the agency's technology. Andy Ozment, DHS' assistant secretary for cybersecurity and communications, said the agency had added Netflow Analysis to its Enhanced Cybersecurity Services program, which can allow companies to "more effectively identify and analyze malicious activity transiting their customers' networks."

Through the voluntary ECS program, DHS shares classified or sensitive information on cyberthreats with companies that use the information to block infiltration attempts. Firms have the option of providing DHS with anonymized feedback on what cyber intelligence is effective in thwarting threats.

DHS also has an applied research pilot project called "Logical Response Aperture," which tests automated security analytics and countermeasures.

DHS said in documents distributed at the Feb. 8 meeting that algorithmic analytics programs could be extended to federal systems, and also used for data flowing from major partners like the companies in its voluntary Defense Industrial Base Exploratory Cybersecurity Initiative.

However, such protections also come with privacy issues that need to be sorted out. DHS said privacy guidelines and benchmarks for algorithmic analytics must be addressed at the agency quickly, since a number of private-sector companies are adopting similar models.

In Jan. 2015, DHS chief privacy office asked the DHS Privacy and Integrity Advisory Committee to look at the privacy issues involved with using algorithmic analytics and to provide guidance.

IBM Center for the Business of Government Executive Director Dan Chenok, who chairs DPIAC's Cyber Subcommittee, submitted the committee's findings at the Feb. 8 DHS Privacy Office public meeting.

During the meeting, committee members stressed the data collected by algorithmic analytics was only a "piece of a piece" of netflow traffic -- just the portion that showed anomalous behavior, and not all traffic going in and out. They also noted that the technology did no't track the behavior of people using a network, but rather traffic behavior patterns.

The DPIAC adopted privacy recommendations that include limiting personnel who work with the data generated, developing control for accessing both the logs and underlying data, notifying users of the technology's use, and making the criteria for what is being collected transparent.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Elections
    voting security

    'Unprecedented' challenges to safe, secure 2020 vote

    Our election infrastructure is bending under the stress of multiple crises. Administrators say they are doing all they can to ensure it doesn't break.

  • FCW Perspectives
    zero trust network

    Can government get to zero trust?

    Today's hybrid infrastructures and highly mobile workforces need the protection zero trust security can provide. Too bad there are obstacles at almost every turn.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.