Early Warning Center: Security Against Cyber Terrorism
The Cyber Incident Detection Data Analysis Center (CIDDAC), the first real-time cyber threat- sharing system to protect the nation’s critical infrastructure, announced last week the opening of its National Operations Center at Penn’s Institute for Strategic Threat Analysis and Response (ISTAR).
The operations center will fundamentally change the way the U.S. responds to criminal and terrorist use of the Internet by providing voluntary automated incident reporting to law enforcement when security breaches occur, all the while protecting the identity and privacy of its members and their data.
ISTAR—a multidisciplinary institute for research, teaching and policy formulation in strategy and security studies (Almanac October 15, 2002)—will be the academic partner of CIDDAC in the Department of Homeland Security contract to establish a pilot program for a research center for the study of cyber security issues.
CIDDAC is a non-profit organization that integrates private, public and government cooperation to facilitate the real-time sharing of cyber attack data.
“Every day, new security breaches compromise the privacy of our personal and financial information, but these events also compromise the security of critical infrastructure, both public and private, in democracies around the world,” said Dr. Harvey Rubin, professor of medicine, microbiology and computer science, and director of ISTAR. “The establishment of the CIDDAC operations center at ISTAR will provide new and important data that our researchers can use to track cyber attacks and tackle this emerging threat.”
CIDDAC places an intrusion-monitoring machine, known as a Real-time Cyber Attack Detection Sensor (RCADS), outside a corporate network. While the sensor is not connected to any actual corporate production systems, it appears to intruders as just another machine on the network. The RCADS is also linked to the CIDDAC National Operations Center, which alerts other member organizations. CIDDAC analyzes RCADS data and only sends appropriate criminal referrals to law enforcement. The reporting company’s identity remains confidential.
“With CIDDAC’s method of gathering cyber threat data, the private sector can both report and benefit from such data without worrying about the government accessing internal networks,” said Charles “Buck” Fleming, executive director of CIDDAC. “This rapid sharing of information will allow U.S. companies and the nation to operate more securely and smoothly.” Mr. Fleming said privacy protection is a basic requirement of CIDDAC.
“Protection guarantees by statute and the Constitution are essential elements of any data collection activity,” he said. “The private sector needs to drive this effort—in partnership with academia, government and law enforcement —for it to be successful.” While law enforcement does not access private corporate data, it can compile attack signatures, which are profiled to provide government investigators data to more quickly identify, locate and neutralize cyber threats.
“Rapid information sharing is vital to combating cyber criminals,” said John C. Eckenrode, special agent in charge of the Philadelphia FBI office. “A victim of a cyber attack must be able to collect and analyze a large amount of data in a short period of time to identify the attacker. To reduce this threat, the private sector must take the lead in identifying significant cyber threats and share that information with other businesses and law enforcement.”
Companies, organizations and government agencies involved in banking, electrical power, gas and oil, telecommunications, 911 services, water, transportation and government services can join CIDDAC. Additional information is available at (877) 905-0777 or www.ciddac.org.
Almanac, Vol. 51, No. 31, May 3, 2005
May 3, 2005
Volume 51 Number 31