Lots of lights burn through the night at the Homeland Security Deparetment, as people think about the potential cybersecurity-induced damage can have to critical infrastructure.
To combat the threat, the DHS’ Science and Technology Directorate has assembled a collection of data sets concerning infrastructure events. The program, called Information Marketplace for Policy and Analysis of Cyber-risk and Trust (IMPACT), is making these data sets available to researchers.
Erin Kenneally, the program manager in the Cybersecurity Division of S&T, told theFederal Drive with Tom Teminsaid the data sets are part of a central catalog with a “federation of providers” that make data available through different formats and mechanisms.
“We deal with network level data, things like malware, passive DNS data, some synthetic data from some cyber exercise competitions … typology data [and] internet telescope data,” Kenneally said. “It’s not application layers things that your normal ‘Joe Public’ would be familiar with, but really the data at the infrastructure network layer that most researchers in this space find extremely valuable.”
According to Kennally, most members of IMPACT who perform tests and simulations to provide data are researchers themselves, coming from accredited universities, companies and government agencies. The information they collect then gets released via IMPACT a few different ways depending on the data set.
“You can imagine terabytes worth of data. You’re not just going to give a raw data dump to somebody,” Kenneally said. “Often times, the data may be available as a service type model, or it might be available in what we could call a virtual enclave model, where the user would actually query the database remotely instead of downloading a huge terabyte dump of data. It just depends on the data you’re dealing with.”
Not just anyone can get access to the data sets, though. Kenneally said members are screened before they’re allowed access to IMPACT, and that the data they provide will be useful to the program as a whole.
“We make sure who the people requesting data are legitimate researchers as opposed to some hacker,” she said. “In order to also vet the data itself, we have a questionnaire that we go through to not only determine the sensitivity of the data that might be made available, but also utility. Often times, we can’t really determine what the utility is until we make it available and we see if the community wants it. If not, we’re going to ‘downgrade it’, if you will, and forage for more valuable data sets.”
While most of the program’s subscribers are based in domestic government, industry and academia, IMPACT supplies data to partners in seven other countries including Israel, Australia and Singapore.
Keannally called the program’s scope “wide ranging” and continually looking to expand to address different user bases and grow its presence at home and abroad. She said IMPACT is working to make international data sharing within the program a two-way street.
“Right now, its unilateral. Those researchers from those countries can request data, but they’re not necessarily provisioning data themselves,” she said. “We’re moving into that phase where we’re going to make that a bilateral exchanges and make it a fully international data sharing model.”
Overall, IMPACT acts as hub to not only test and simulate possible infrastructure scenarios, but look back on and tackle old problems before they create new ones.
“Going back historically and being able to test tools and methodologies and techniques against a large data set to verify theories, verify techniques that your tools are actually working correctly, that’s just one example of the type of data we provide,” Kenneally said.