Risk
3/30/2010
12:28 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

FAA Teams With IBM On Cybersecurity

The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data.

The Federal Aviation Administration has begun a research and development pilot aimed at helping the agency detect and react to hackers before they have a chance to attack FAA systems, IBM and the FAA announced Tuesday.

The pilot makes use of recently released IBM software called InfoSphere Streams, which was developed in conjunction with the Department of Defense and can perform realtime analytics on heavy throughput data streams of up to millions of events or messages per second.

FAA security analysts are swamped on a daily basis with a massive volume of security information coming from the FAA's firewalls, intrusion detection systems, and wireless detection systems as well as data feeds from other agencies and commercial security services such as Verisign's iDefense.

"We're faced with information overload," Mike Brown, the FAA's director of information systems security, said in an interview. "The challenge for me is how to meld all that stuff together so that my analysts get the most comprehensive and up-to-date information in order to help them make decisions."

The FAA is no stranger to publicized attacks. In recent years, they have included theft of personal information on 48,000 former and current employees, a takeover of the FAA's domain controllers, and a viral infection that forced the FAA to shut down systems in Alaska, according to a 2009 report from the Department of Transportation's inspector general.

That report calls some of the FAA's cybersecurity capabilities "ineffective."

Currently, the FAA is carrying out its research, which began within the last two months, in a lab that isn't connected to the rest of the FAA's operational systems. Over the course of a 10-month test, the FAA will be stressing the InfoSphere Streams software to see if it can handle the type and volume of data the FAA could eventually throw at it if a deployment is in the offing.

In addition to the FAA's own cybersecurity efforts, the FAA's security operations center manages cybersecurity for the rest of the Department of Transporation as well as for parts of the Department of Energy and the Department of Commerce, and Brown expects the amount of cybersecurity information being fed to the FAA's analysts only to grow with time.

According to IBM, the effort will work by first establishing certain baselines in order to be able to identify anomalous traffic, and then use those baselines to detect the presence of possible attackers in real-time and even to perform predictive analytics to anticipate what hackers who have infiltrated a system might do next in order to cut them off at the pass before they're able to do real damage.

"Instead of detecting the symptoms of the attack, you detect the attack while the attacker is still getting his ducks in a row," IBM federal CTO Dave McQueeney said.

InfoSphere Streams is able to digest heavy streams of low-level data in multiple formats simultaneously, analyze them with pre-processing, and adjust to tweaks in algorithms and analytical models on the fly. The software runs on everything from standard Linux servers to IBM-built Linux-based supercomputers. InfoSphere Streams is highly configurable and can perform much more extensive analytics with the aid of a business intelligence platform.

Its applicability also isn't limited to cybersecurity. For example, the Air Force is using the software in a prototype cloud computing environment to analyze "massive amounts" of data, provide actionable insights about cyber threats and application failures, and automatically prevent disruptions. Farther afield, InfoSphere Streams is also being used in other industries for neonatal monitoring and detecting financial fraud, McQueeney said.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5426
Published: 2014-11-27
MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message.

CVE-2014-2037
Published: 2014-11-26
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVE-2014-6609
Published: 2014-11-26
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVE-2014-6610
Published: 2014-11-26
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dia...

CVE-2014-7141
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?