Trusted Cyber Risk Research Data Sharing

Cyber Trust The Information Marketplace for Policy and Analysis of Cyber-risk & Trust (IMPACT) program supports the global cyber risk research community by coordinating and developing real world data and information sharing capabilities – tools, models, and methodologies. In order to accelerate solutions around cyber risk issues and infrastructure security, the IMPACT program enables empirical data and information sharing between and among the global cyber security research and development (R&D)community in academia, industry and the government.

Objective

CSD seeks to coordinate, enhance and develop advanced data and information sharing tools, datasets, technologies, models, methodologies and infrastructure to strengthen the capabilities of national and international cyber risk R&D. These data sharing components are intended to be broadly available as national and international resources to bridge the gap between producers of cyber-risk-relevant ground truth data, academic and industrial researchers, cyber security technology developers, and decision makers in order to inform policy and analysis of cyber-risk and trust.

Background

Cyber security R&D requires real-world data to develop advanced knowledge, test products and technologies, and prove the utility of research in large-scale network environments. Established and funded by the U.S. Department of Homeland Security (DHS) Science and Technology Directorate (S&T) Cyber Security Division (CSD), the predecessor program --Protected Repository for the Defense of Infrastructure Against Cyber Threats (PREDICT)-- was the only publicly-available, legally-collected distributed repository of large-scale datasets containing real network and system traffic to advance state-of-the-art cyber security R&D. It provided the research community access to infrastructure and event data to facilitate and develop tools, test theories, and identify workable solutions against cyber threats.

IMPACT Value Proposition

In April 2016, PREDICT transitions to IMPACT: Information Marketplace for Policy and Analysis of Cyber-risk & Trust, a name meant to reflect an evolved implementation of the program's goals:

Marketplace - A more open platform to connect and socialize data supply & demand;
Policy and Analysis - Research infrastructure and analysis driven by and for real world issues; and
Cyber-risk & Trust - Beyond just “defense” and “threats,” information as a critical infrastructure itself; responsible innovation

IMPACT offers a unique, distributed research data repository supported by a streamlined legal framework and centralized coordination of a controlled distribution of datasets. This centralized brokering and distributed provisioning between the data providers, data hosts and researchers addresses the operational, trust and administrative costs and challenges that impede sustainable and scalable data sharing. IMPACT continually adds new data that is responsive to cyber risk management (e.g., attacks and measurements) to provide the R&D community timely, high-value information to enhance research innovation and quality. The IMPACT model also serves as a laboratory for testing various data sharing models, including batch transfers, newer data-as-a-service (DaaS), and visualization techniques.

IMPACT consists of four components supporting core functional requirements for data sharing: metadata discovery, data and tool matchmaking, trusted brokering, and a social feedback loop.

Build collective knowledge (1) Metadata Indexing (Find) -- Open, comprehensive, centralized, standardized interface and engine to access metadata from the federation of providers and hosts.

(2) & (3) Data and Tools Matchmaking (Request and Use) -- Standardized policies and procedures to connect researchers with a federation of providers and hosts; Central interface and process to discover and access tools to analyze and/or use data from within and outside of IMPACT.

(4) Administrative, Legal, Ethical Brokering – Centralized interface, policies and procedures to request datasets from a federation of providers and hosts; Vetted data source provenance; Mediated access entitlement so sensitive data is shared with legitimate researchers.

(5) Social Networking (Feedback Loop) – Central platform for exchanging feedback between providers, hosts, researchers, and domain experts to improve and optimize data, tools, analytics and collective knowledge.

Ethical Research and Risk-Sensitivity

Research data sharing activities are augmented by community-informed ethics and sensitive data disclosure guidance focused on the principles, controls, and responsible implementation of solutions to issues that impede cyber security research. The Menlo Report, Ethical Principles Guiding Information and Communication Technology Research and its Companion report were the initial ethics outputs. They were inspired to preempt some of the issues coming down the pike, and to embrace a principals-in-context approach by applying the framework from the Belmont Report to modern information and communication technology research. Current efforts focus on tools and collaboration to apply and enforce research ethics while also supporting research innovation. Foundational work in utility-risk sensitive data disclosure control has similarly helped advance the socio-technical aspects of research data sharing. These efforts are co-evolutionary with IMPACT, and along with the central broker component, they combine to strengthen trust in sharing data to enhance cyber security capabilities.

International Scope

Presently, more than a petabyte of data is available to the research community, and is being used by academic institutions, commercial entities, government organizations, foreign institutions, and nonprofit organizations. Currently, seven countries participate in IMPACT (Australia, Canada, Israel, Japan, United Kingdom, and Netherlands) with new partners to be on-boarded in the near future.