Tag Archives: Cyber Intelligence Sharing and Protection Act (CISPA)

How to Forecast a Cyber Atttack: IARPA cyber intelligence

DDoS Stachledraht attack. Image from wikipedia

From the website of IARPA (Intelligence Advanced Research Projects Activity (IARPA) — a US research agency under the Director of National Intelligence.

“Approaches to cyber defense typically focus on post-mortem analysis of the various attack vectors utilized by adversaries. As attacks have evolved and increased over the years, established approaches (e.g., signature-based detection, anomaly detection) have not adequately enabled cybersecurity practitioners to get ahead of these threats. This has led to an industry that has invested heavily in analyzing the effects of cyber-attacks instead of analyzing and mitigating the “cause” of cyber-attacks,

The CAUSE   (Cyber-attack Automated Unconventional Sensor Environment)Program seeks to develop cyber-attack forecasting methods and detect emerging cyber phenomena to assist cyber defenders with the earliest detection of a cyber-attack (e.g., Distributed Denial of Service (DDoS), successful spearphishing, successful drive-by, remote exploitation, unauthorized access, reconnaissance). The CAUSE Program aims to develop and validate unconventional multi-disciplined sensor technology (e.g., actor behavior models, black market sales) that will forecast cyber-attacks and complement existing advanced intrusion detection capabilities. Anticipated innovations include: methods to manage and extract huge amounts of streaming and batch data, the application and introduction of new and existing features from other disciplines to the cyber domain, and the development of models to generate probabilistic warnings for future cyber events. Successful proposers will combine cutting-edge research with the ability to develop robust forecasting capabilities from multiple sensors not typically used in the cyber domain…”

Excerpt from IARPA website

See also http://www.iarpa.gov/images/files/programs/cause/CAUSE_Abstracts.pdf

The Illusion of Privacy: CISPA

medical records

When a coalition of internet activists and web companies scuppered the Hollywood-sponsored Stop Online Piracy Act (SOPA) last year, they warned Congress that future attempts to push through legislation that threatened digital freedoms would be met with a similar response. Now some of them are up in virtual arms again, this time against the Cyber Intelligence Sharing and Protection Act (CISPA)….

Its fans, which include companies such as IBM and Intel, say the bill’s provisions will help America defend itself against attempts by hackers to penetrate vital infrastructure and pinch companies’ intellectual property. CISPA’s critics, which include the Electronic Frontier Foundation, a digital-rights group, and Mozilla, the maker of the Firefox web browser, argue that it could achieve that goal without riding roughshod over privacy laws designed to prevent the government getting its hands on citizens’ private data without proper judicial oversight.

CISPA aims to encourage intelligence-sharing…  [CISPA requires of companies] to be more forthcoming by offering them an exemption from civil and criminal liability when gathering and sharing data about cyber-threats…[T]he bill is vague about what sort of information on cyber-threats can be shared. So in theory everything from e-mails to medical records could end up being shipped to intelligence agencies, even if it is not needed. Harvey Anderson of Mozilla says CISPA “creates a black hole” through which all kinds of data could be sucked in by the government.

The bill does forbid the use by officials of personal information from medical records, tax returns and a list of other documents. But its critics say it would be far better if companies had to excise such data before sharing what is left. They also note that the broad legal protection CISPA offers to firms could be abused by companies keen to cover up mishaps in their handling of customer data. A more carefully worded legal indemnity would stop that happening.

All this has exposed a rift in the internet world. Whereas Mozilla and other firms want CISPA to be overhauled or scrapped, some web firms that helped sink SOPA seem ambivalent. Google claims it has taken no formal position on the draft legislation and is “watching the process closely”. But TechNet, an industry group whose members include the web giant and Facebook, has written to the House Intelligence Committee expressing support for CISPA. If Google and other web companies do have doubts about some of the bill’s provisions, now would be the time for them to sound the alarm.

Cyber-Security, From SOPA to CISPA, Economist, Apr. 20, 2013, at 32