Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

U.S Awards Cyber Attack Prediction Program Contract to BAE Systems

The U.S. Intelligence Advanced Research Projects Activity (IARPA) has awarded its $11.4 million Cyber-attack Automated Unconventional Sensor Environment (CAUSE) program to BAE Systems. 

The U.S. Intelligence Advanced Research Projects Activity (IARPA) has awarded its $11.4 million Cyber-attack Automated Unconventional Sensor Environment (CAUSE) program to BAE Systems. 

IARPA’s program brief specified: “IARPA expects performers to identify and extract novel leading signals from both internal and external sensors (both conventional and unconventional) and use them to generate warnings – probabilistic forecasts and/or detections of cyber-attacks. Performers will generate warnings for real cyber-attacks against one or more U.S. industry organizations that have agreed to participate in CAUSE.”

The purpose is to predict, rather than just detect, cyber threats. Organizations will then be able to prepare for an attack rather than be required to respond to an attack.

The CAUSE program will develop “predictive methods that combine existing advanced intrusion detection capabilities with unconventional publicly available data sources, leveraging sources not usually associated with cybersecurity,” BAE announced. “Researchers will seek to identify leading indicators of an attack from vast, noisy external streams of data and then correlate related data from different sources to generate accurate, actionable warnings.”

IARPA awards it $11.4 million Cyber-attack prediction syste  program to BAE Systems.

This is not the first project that has sought to use the power of computers to predict the future. Two existing examples are the International Crisis Early Warning System (ICEWS), maintained by Lockheed Martin; and Global Data on Events Language and Tone (GDELT), developed and maintained by Kalev Leetaru at Georgetown University. In all three examples, ICEWS, GDELT and now CAUSE, the basic premise is to input large amounts of data, process that date, and output predictions based on that data. 

Data is clearly key. Success can only happen with the right source data, the right amount of source data, and the correct analytical algorithms. There has been limited success with the earlier predictive systems. “Unfortunately, many of these previous efforts have yet to prove operationally useful,” explains Dr. Andrea Little Limbago, Principal Social Scientist at Endgame. “After almost 40 years of political scientists attempting to automate and forecast these events, the big data frameworks provide some insight, but fail dramatically on reliability and consistency. A key reason for this is because of the old data science dictum, ‘garbage in, garbage out’.”

However, the quality and quantity of data available today outstrips that of just a few years ago. “Most cyber early warning frameworks focus only a specific data stream or a few at most, and they also rarely include human behavior,” continued Limbago. “CAUSE is straying from this paradigm, and is building upon previous automated, open source efforts that leverage social media, traditional news media reports, and other unclassified sources to forecast attacks or instability.”

The ‘social media’ element is of particular concern. Last week, Twitter’s CEO Jack Dorsey described Twitter as the ‘people’s news network’. While this may be true at one level, whether Twitter streams can be sufficiently accurate to provide the basis for reliable predictions remains to be seen. “Following Hurricane Sandy,” comments Limbago, “had first responders used Twitter postings to go to the worst hit spots, they would have gone to only those with electricity, not the ones that had lost all connectivity, which is where emergency efforts would need to be focused.”

Advertisement. Scroll to continue reading.

This is exactly where CAUSE seeks to differ from earlier approaches. While it will draw data from ‘noisy’ sources such as Twitter, it will seek to correlate that data with more reliable sources before drawing predictive conclusions. Even so, the expected sources will include even less reliable sources than Twitter drawn from the dark web. This concerns Limbago. While they are useful data sources, they “don’t necessarily cross the boundary into reliability, especially at the speed required for cyber early warning and for the coverage required.”

Rebecca Cathey, BAE’s Principal Investigator, explained how it will work. “Our system applies human behavioral, cyber attack, and social theories to publicly available information to develop unconventional sensors of activities indicative of the early stages of an attack. The sensors search for signals including emotional language, sentiment, and topics of conversation. The sensor outputs will be fused together using models seeded with expert knowledge to predict the likelihood of cyber attacks against specific targets. This differs from traditional cyber attack detection, which utilizes conventional sensors running with private data, where the focus is on detection of an ongoing event, rather than prediction. Our sensors will use a wide variety of techniques and algorithms to mine a graphical representation of the data.”

What remains to be seen now is whether there have been sufficient advances in big data acquisition, processing power and advanced analytics to turn a good idea into reliable actions.

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.