Risk
3/30/2010
12:28 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

FAA Teams With IBM On Cybersecurity

The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data.

The Federal Aviation Administration has begun a research and development pilot aimed at helping the agency detect and react to hackers before they have a chance to attack FAA systems, IBM and the FAA announced Tuesday.

The pilot makes use of recently released IBM software called InfoSphere Streams, which was developed in conjunction with the Department of Defense and can perform realtime analytics on heavy throughput data streams of up to millions of events or messages per second.

FAA security analysts are swamped on a daily basis with a massive volume of security information coming from the FAA's firewalls, intrusion detection systems, and wireless detection systems as well as data feeds from other agencies and commercial security services such as Verisign's iDefense.

"We're faced with information overload," Mike Brown, the FAA's director of information systems security, said in an interview. "The challenge for me is how to meld all that stuff together so that my analysts get the most comprehensive and up-to-date information in order to help them make decisions."

The FAA is no stranger to publicized attacks. In recent years, they have included theft of personal information on 48,000 former and current employees, a takeover of the FAA's domain controllers, and a viral infection that forced the FAA to shut down systems in Alaska, according to a 2009 report from the Department of Transportation's inspector general.

That report calls some of the FAA's cybersecurity capabilities "ineffective."

Currently, the FAA is carrying out its research, which began within the last two months, in a lab that isn't connected to the rest of the FAA's operational systems. Over the course of a 10-month test, the FAA will be stressing the InfoSphere Streams software to see if it can handle the type and volume of data the FAA could eventually throw at it if a deployment is in the offing.

In addition to the FAA's own cybersecurity efforts, the FAA's security operations center manages cybersecurity for the rest of the Department of Transporation as well as for parts of the Department of Energy and the Department of Commerce, and Brown expects the amount of cybersecurity information being fed to the FAA's analysts only to grow with time.

According to IBM, the effort will work by first establishing certain baselines in order to be able to identify anomalous traffic, and then use those baselines to detect the presence of possible attackers in real-time and even to perform predictive analytics to anticipate what hackers who have infiltrated a system might do next in order to cut them off at the pass before they're able to do real damage.

"Instead of detecting the symptoms of the attack, you detect the attack while the attacker is still getting his ducks in a row," IBM federal CTO Dave McQueeney said.

InfoSphere Streams is able to digest heavy streams of low-level data in multiple formats simultaneously, analyze them with pre-processing, and adjust to tweaks in algorithms and analytical models on the fly. The software runs on everything from standard Linux servers to IBM-built Linux-based supercomputers. InfoSphere Streams is highly configurable and can perform much more extensive analytics with the aid of a business intelligence platform.

Its applicability also isn't limited to cybersecurity. For example, the Air Force is using the software in a prototype cloud computing environment to analyze "massive amounts" of data, provide actionable insights about cyber threats and application failures, and automatically prevent disruptions. Farther afield, InfoSphere Streams is also being used in other industries for neonatal monitoring and detecting financial fraud, McQueeney said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.