Risk
3/30/2010
12:28 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

FAA Teams With IBM On Cybersecurity

The Federal Aviation Administration is using InfoSphere Streams software from IBM to perform "predictive security analytics" on massive volumes of data.

The Federal Aviation Administration has begun a research and development pilot aimed at helping the agency detect and react to hackers before they have a chance to attack FAA systems, IBM and the FAA announced Tuesday.

The pilot makes use of recently released IBM software called InfoSphere Streams, which was developed in conjunction with the Department of Defense and can perform realtime analytics on heavy throughput data streams of up to millions of events or messages per second.

FAA security analysts are swamped on a daily basis with a massive volume of security information coming from the FAA's firewalls, intrusion detection systems, and wireless detection systems as well as data feeds from other agencies and commercial security services such as Verisign's iDefense.

"We're faced with information overload," Mike Brown, the FAA's director of information systems security, said in an interview. "The challenge for me is how to meld all that stuff together so that my analysts get the most comprehensive and up-to-date information in order to help them make decisions."

The FAA is no stranger to publicized attacks. In recent years, they have included theft of personal information on 48,000 former and current employees, a takeover of the FAA's domain controllers, and a viral infection that forced the FAA to shut down systems in Alaska, according to a 2009 report from the Department of Transportation's inspector general.

That report calls some of the FAA's cybersecurity capabilities "ineffective."

Currently, the FAA is carrying out its research, which began within the last two months, in a lab that isn't connected to the rest of the FAA's operational systems. Over the course of a 10-month test, the FAA will be stressing the InfoSphere Streams software to see if it can handle the type and volume of data the FAA could eventually throw at it if a deployment is in the offing.

In addition to the FAA's own cybersecurity efforts, the FAA's security operations center manages cybersecurity for the rest of the Department of Transporation as well as for parts of the Department of Energy and the Department of Commerce, and Brown expects the amount of cybersecurity information being fed to the FAA's analysts only to grow with time.

According to IBM, the effort will work by first establishing certain baselines in order to be able to identify anomalous traffic, and then use those baselines to detect the presence of possible attackers in real-time and even to perform predictive analytics to anticipate what hackers who have infiltrated a system might do next in order to cut them off at the pass before they're able to do real damage.

"Instead of detecting the symptoms of the attack, you detect the attack while the attacker is still getting his ducks in a row," IBM federal CTO Dave McQueeney said.

InfoSphere Streams is able to digest heavy streams of low-level data in multiple formats simultaneously, analyze them with pre-processing, and adjust to tweaks in algorithms and analytical models on the fly. The software runs on everything from standard Linux servers to IBM-built Linux-based supercomputers. InfoSphere Streams is highly configurable and can perform much more extensive analytics with the aid of a business intelligence platform.

Its applicability also isn't limited to cybersecurity. For example, the Air Force is using the software in a prototype cloud computing environment to analyze "massive amounts" of data, provide actionable insights about cyber threats and application failures, and automatically prevent disruptions. Farther afield, InfoSphere Streams is also being used in other industries for neonatal monitoring and detecting financial fraud, McQueeney said.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant