Risk
3/30/2010
12:28 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%
Repost This

FAA Teams With IBM On Cybersecurity

The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data.

The Federal Aviation Administration has begun a research and development pilot aimed at helping the agency detect and react to hackers before they have a chance to attack FAA systems, IBM and the FAA announced Tuesday.

The pilot makes use of recently released IBM software called InfoSphere Streams, which was developed in conjunction with the Department of Defense and can perform realtime analytics on heavy throughput data streams of up to millions of events or messages per second.

FAA security analysts are swamped on a daily basis with a massive volume of security information coming from the FAA's firewalls, intrusion detection systems, and wireless detection systems as well as data feeds from other agencies and commercial security services such as Verisign's iDefense.

"We're faced with information overload," Mike Brown, the FAA's director of information systems security, said in an interview. "The challenge for me is how to meld all that stuff together so that my analysts get the most comprehensive and up-to-date information in order to help them make decisions."

The FAA is no stranger to publicized attacks. In recent years, they have included theft of personal information on 48,000 former and current employees, a takeover of the FAA's domain controllers, and a viral infection that forced the FAA to shut down systems in Alaska, according to a 2009 report from the Department of Transportation's inspector general.

That report calls some of the FAA's cybersecurity capabilities "ineffective."

Currently, the FAA is carrying out its research, which began within the last two months, in a lab that isn't connected to the rest of the FAA's operational systems. Over the course of a 10-month test, the FAA will be stressing the InfoSphere Streams software to see if it can handle the type and volume of data the FAA could eventually throw at it if a deployment is in the offing.

In addition to the FAA's own cybersecurity efforts, the FAA's security operations center manages cybersecurity for the rest of the Department of Transporation as well as for parts of the Department of Energy and the Department of Commerce, and Brown expects the amount of cybersecurity information being fed to the FAA's analysts only to grow with time.

According to IBM, the effort will work by first establishing certain baselines in order to be able to identify anomalous traffic, and then use those baselines to detect the presence of possible attackers in real-time and even to perform predictive analytics to anticipate what hackers who have infiltrated a system might do next in order to cut them off at the pass before they're able to do real damage.

"Instead of detecting the symptoms of the attack, you detect the attack while the attacker is still getting his ducks in a row," IBM federal CTO Dave McQueeney said.

InfoSphere Streams is able to digest heavy streams of low-level data in multiple formats simultaneously, analyze them with pre-processing, and adjust to tweaks in algorithms and analytical models on the fly. The software runs on everything from standard Linux servers to IBM-built Linux-based supercomputers. InfoSphere Streams is highly configurable and can perform much more extensive analytics with the aid of a business intelligence platform.

Its applicability also isn't limited to cybersecurity. For example, the Air Force is using the software in a prototype cloud computing environment to analyze "massive amounts" of data, provide actionable insights about cyber threats and application failures, and automatically prevent disruptions. Farther afield, InfoSphere Streams is also being used in other industries for neonatal monitoring and detecting financial fraud, McQueeney said.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web