Risk
3/30/2010
12:28 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

FAA Teams With IBM On Cybersecurity

The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data.

The Federal Aviation Administration has begun a research and development pilot aimed at helping the agency detect and react to hackers before they have a chance to attack FAA systems, IBM and the FAA announced Tuesday.

The pilot makes use of recently released IBM software called InfoSphere Streams, which was developed in conjunction with the Department of Defense and can perform realtime analytics on heavy throughput data streams of up to millions of events or messages per second.

FAA security analysts are swamped on a daily basis with a massive volume of security information coming from the FAA's firewalls, intrusion detection systems, and wireless detection systems as well as data feeds from other agencies and commercial security services such as Verisign's iDefense.

"We're faced with information overload," Mike Brown, the FAA's director of information systems security, said in an interview. "The challenge for me is how to meld all that stuff together so that my analysts get the most comprehensive and up-to-date information in order to help them make decisions."

The FAA is no stranger to publicized attacks. In recent years, they have included theft of personal information on 48,000 former and current employees, a takeover of the FAA's domain controllers, and a viral infection that forced the FAA to shut down systems in Alaska, according to a 2009 report from the Department of Transportation's inspector general.

That report calls some of the FAA's cybersecurity capabilities "ineffective."

Currently, the FAA is carrying out its research, which began within the last two months, in a lab that isn't connected to the rest of the FAA's operational systems. Over the course of a 10-month test, the FAA will be stressing the InfoSphere Streams software to see if it can handle the type and volume of data the FAA could eventually throw at it if a deployment is in the offing.

In addition to the FAA's own cybersecurity efforts, the FAA's security operations center manages cybersecurity for the rest of the Department of Transporation as well as for parts of the Department of Energy and the Department of Commerce, and Brown expects the amount of cybersecurity information being fed to the FAA's analysts only to grow with time.

According to IBM, the effort will work by first establishing certain baselines in order to be able to identify anomalous traffic, and then use those baselines to detect the presence of possible attackers in real-time and even to perform predictive analytics to anticipate what hackers who have infiltrated a system might do next in order to cut them off at the pass before they're able to do real damage.

"Instead of detecting the symptoms of the attack, you detect the attack while the attacker is still getting his ducks in a row," IBM federal CTO Dave McQueeney said.

InfoSphere Streams is able to digest heavy streams of low-level data in multiple formats simultaneously, analyze them with pre-processing, and adjust to tweaks in algorithms and analytical models on the fly. The software runs on everything from standard Linux servers to IBM-built Linux-based supercomputers. InfoSphere Streams is highly configurable and can perform much more extensive analytics with the aid of a business intelligence platform.

Its applicability also isn't limited to cybersecurity. For example, the Air Force is using the software in a prototype cloud computing environment to analyze "massive amounts" of data, provide actionable insights about cyber threats and application failures, and automatically prevent disruptions. Farther afield, InfoSphere Streams is also being used in other industries for neonatal monitoring and detecting financial fraud, McQueeney said.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Impact of a Security Breach 2017
The Impact of a Security Breach 2017
Despite the escalation of cybersecurity staffing and technology, enterprises continue to suffer data breaches and compromises at an alarming rate. How do these breaches occur? How are enterprises responding, and what is the impact of these compromises on the business? This report offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.