Despite investing billions of dollars into cybersecurity, federal agencies are struggling to keep pace with threats that are ever-changing. Part of the problem is the approach being taken, according to the Intelligence Advanced Research Project Activity (IARPA).
As reported in Federal Computer Week, too much focus is now given to the effects of cyber attacks, instead of analyzing and mitigating the causes. As the cyber threat has grown and evolved over the years, established approaches such as signature-based and anomaly detection have not proven sufficient to enable cybersecurity practitioners to get more proactive, rather than always being reactive.
To start addressing this, IARPA has launched the Cyber-attack Automated Unconventional Sensor Environment (CAUSE) Program, and is hosting a conference later this month in Washington, D.C. to support it. According to the FCW article:
IARPA officials said they hope the CAUSE Program can develop and validate unconventional sensor technology that can detect activities such as actor behavior models and black market sales to help forecast cyberattacks and complement existing capabilities.
Under CAUSE, it wants to develop innovative technologies that could manage and extract huge amounts of streaming and batch data, apply existing features from other disciplines and introduce new ones to the cyber domain, and develop models to generate probabilistic warnings for future cyber events.
The CAUSE Program consists of both unclassified and optional classified research activities and will draw on the strengths of academia and industry through collaborative teaming. Teams could include computer scientists, data scientists, social and behavioral scientists, mathematicians, statisticians, information theorists, and cybersecurity subject matter experts with applied experience with cybersecurity capabilities.
This is a worthy goal for IARPA to pursue. Post-mortem analysis can in many cases yield important information about cyber attacks that can then be used to make the organization more resilient in the future. But the promise of actually forecasting and blocking attacks before they happen could provide a dramatically superior level of cybersecurity.