Connect with us

Hi, what are you looking for?


Incident Response

Predicting Cyberattacks: Storm Clouds or Silver Lining?

Cyberterrorists do it. Cybercriminals do it. China, Russia and other nation-states do it. Extremist groups do it. Government agencies, corporations and Facebook users do it.

All are knowing – and in some cases unknowing – contributors to the most massive data gathering exercise in history. Many times referred to by the overused term big data.

Cyberterrorists do it. Cybercriminals do it. China, Russia and other nation-states do it. Extremist groups do it. Government agencies, corporations and Facebook users do it.

All are knowing – and in some cases unknowing – contributors to the most massive data gathering exercise in history. Many times referred to by the overused term big data.

The worldwide explosion of user-generated digital information has created a torrent of information about individuals’ and organizations’ past, present, and planned actions and intentions.

The collection and use of such information by private enterprises such as Facebook, Twitter, LinkedIn and other social media corporations has created multi-billion dollar businesses with global reach.

Predicting Cyber AttacksCriminal interests also find this digitized information to be multi-billion dollar businesses. A June 2014 report from cyber security firm McAfee places the annual global cost of cybercrime to be between $400 and $575 billion, exceeding the national income of most countries.

Nor are U.S. military plans and weaponry or corporate intellectual property out of reach. The 2013 IP Commission Report places the annual cost of intellectual property theft from the U.S. annually to exceed $300 billion annually.

Such data illustrate the vulnerability of U.S. commercial, government and military networks. In spite of continued record cybersecurity investments, the U.S. cyber defense gap continues to accelerate.

With risks to national and economic security increasing, other avenues of cyber defense are receiving attention. Improving resilience and the promising application of predictive analysis to the prevention of cyberattacks before they occur are two such areas.

Advertisement. Scroll to continue reading.

Predicting complex future events such as cyber attacks may seem a fanciful notion of science fiction. Yet several applications of predictive analysis in a variety of areas are in or nearing operation, with others showing potential. We will examine three.

Looking Into the Future

Predictive analysis is made possible by the convergence of big data, powerful analytic models and near-instant global communications. The planning, coordination, testing and communication associated with cyberattack preparation create a promising trove of big data for predictive analysis. Following are three examples of predictive analysis which are illustrative of the possibilities.

Predictive policing, in use since 2010, uses sophisticated computer models to analyze crime, social and environmental data to identify potential crime risks before they occur. Similar methods drawing on big data analysis of cyber criminal and cyber terrorism communications and actions may have similar potential in identifying potential cyberattack risks.

In a second area of research, Christopher Ling, senior vice president at consultancy Booz Allen, describes a method of analysis focused on activities within an organization’s networks. He describes the application of predictive analysis consisting of “…the science of gathering the dots [the data] married with the art of connecting the dots” to provide insight on evolving potential threats.

Ling addresses the subject based on sensing, analyzing and reacting to cyber intrusions in progress, as they all have a preparatory segment. “Attacks don’t occur in an instant,” he says; “exploiting targeted networks involves processes which occur over a period of time.”

Current applications of this methodology? Ling indicated that such predictive analysis is beginning to be used by intelligence agencies but has yet to move to the private sector.

A third project, ACE, is being developed by the Intelligence Advanced Projects Agency, a research arm of the Office of the Director of National Intelligence.

ACE gathers data from a multitude of external sources and uses probability scoring, machine learning analysis to help improve U.S. intelligence forecasts. ACE has no reported results from application in forecasting cyberattacks, but development continues.

Finally, not to be left out from the opportunities offered by predictive analysis, has just received a patent for what it terms anticipatory shipping. Based on analysis of factors such as customer preferences, purchasing history and recent inquiries, this capability is designed to foretell what customers will want so that the goods can be shipped nearby and prepared for same day delivery.

On balance, cyberattack prediction is an emerging capability with promising potential to strengthen America’s national cyber defenses, but needs time to develop. Warning of future cyberattacks flashing on today’s monitoring screens is not science fiction but a capability fully within the realm of possibility.

But there are issues to be prepared for when this capability arrives.

Being Careful What We Ask For

What is the responsibility that accompanies this predictive power and what does one do with such information? Shore up internal defenses in an attempt to limit attack damage? Launch preemptive strikes with the objective of disrupting or preventing the attacks? The options are varied, some carrying risks, others controversial.

No matter how strong the technology, such analysis is by its nature accompanied by human factors. Judgments, presumptions, deductions and opinions are all contributors and present incalculable margins for error. If mistakes are made, there may be consequences to be paid.

Cyber technology continues to change the way the world works and nations’ capabilities to alter the balances of global military, economic and political power. Advance knowledge of cyberattack intentions conveys a position of power to the holder of such information of immense strategic value. How the information is used is worthy of as much advance development as the technology itself.

The notion of living in a world where nation-states, terrorist organizations and others initiate global cyber attacks based on anticipation of incoming strikes, potentially triggering counterstrikes in return, portends a world of Star Wars dimensions where prediction may produce the most unpredictable consequences of all.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.