SHARING
INFORMATION REAL-TIME
When It Comes to Stopping Cyber Attacks, That's the Ticket
06/13/05
You
know it...and we know it. Those pesky hackers and
cyber villains can do a lot more than just create
a little mischief. They can—and have—attacked
what we call "major infrastructure"—hospitals,
water systems, power grids, banks, 911 services,
universities, transportation systems, etc. And that
can cause big-time trouble for us all.
For example: two
years ago, the “Slammer” computer worm temporarily shut down
safety monitoring systems at a nuclear power plant in Ohio. Enough said.
But here's
the rub: 85 percent of these infrastructures are owned by
private industry and state and local governments. To do our part in
protecting these systems, it’s helpful for us to have real-time
attack data from the agencies and organizations being targeted.
That's why
we're pleased to be working with a new non-profit, private sector organization
called CIDDAC. CIDDAC stands for Cyber
Incident Detection & Data Analysis Center, and it began as
a project of the Philadelphia chapter of InfraGard.
It's physically located at the University
of Pennsylvania Institute for Strategic Analysis and Response.
What is CIDDAC
and how will it work? CIDDAC is a cyber threat reporting system,
centralizing information from participating organizations. Companies
that join CIDDAC connect “Real-time Cyber Attack Detection Sensors,” or
RCADSs, to their computer networks. If these networks are attacked,
the sensors instantly send valuable forensic data to the CIDDAC operations
center for analysis. CIDDAC personnel monitor the situation, analyze
the data, and quickly send information to our cyber investigators and
to the Department of Homeland Security when they notice criminal activity.
If you're
wondering about privacy and potential risks, please note: these
sensors aren't connected to critical network services or applications
and proprietary data is not at risk. All participating agencies remain
entirely anonymous to law enforcement unless they decide to voluntarily
provide their identities. And CIDDAC only provides information to law
enforcement when it thinks a crime is being committed.
The potential
benefit of the CIDDAC model to the participants? They can
find out about attacks hitting other networks and the business sector
as a whole. They can also get trend analysis reports that help them
better assess the actual risks to their networks and make more informed
decisions about their network security needs.
The potential
benefits to us? We can learn more about how and when attacks
happen, which helps us more quickly identify, locate, and stop cyber
threats.
Interested
in joining this private sector initiative? Visit the CIDDAC
website for membership details and more information on the center.