04:20 PM

Fighting Cyberattacks By Sharing Information

New service must overcome companies' unwillingness to share even anonymous data

Earlier this month, a series of worms--the first of which was named Zotob--took down a significant number of Windows 2000 PCs around the world. Microsoft issued a patch and said there was no threat to Windows XP systems unless the attacker had valid log-on credentials. About two weeks later, Microsoft discovered that wasn't the case, and said the same vulnerability that Zotob used to victimize Windows 2000 systems also existed on some Windows XP systems.

It's enough to make any IT department go mad. So several Philadelphia-area businesses and organizations are testing out a new model called the Cyber Incident Detection & Data Analysis Center, which lets private-sector entities anonymously share cyberthreat and attack data with their peers. CIDDAC's plan is to help keep members up to date about the latest threats and provide them with trend-analysis information about specific intrusion activity that they can use to assess risks to their own networks. It also expects to link the service with government agencies such as the Homeland Security Department and the FBI, providing them with anonymous information that could be used in the fight against cybercrime.

Similar programs exist, but they haven't solved the problem of companies being reluctant to report security breaches (see box). The service most closely resembles the SANS Institute's Internet Storm Center, although that service has no direct link with federal law enforcement. There's also the Software Engineering Institute's CERT Coordination Center, a federally funded research and development center operated by Carnegie Mellon University.

But CIDDAC arose out of shortcomings in the existing organizations, says Brad Rawling, a CIDDAC board member. Unlike government-sponsored services that are fair game for Freedom Of Information Act requests (which means companies worry about disclosure of anonymous information about a security breach), CIDDAC is a private-sector endeavor.


Many cyberattacks go unreported

46% of organizations don't belong to any information-sharing organization

20% of cyberattacks are reported to law enforcement

16% of companies are unaware of law enforcement's interest in security breaches

12% of cyberattacks are reported to legal counsel

Data: FBI's Computer Security Institute's annual security survey of 700 computer security practitioners in U.S. companies and government agencies

CIDDAC also is automating collection of cyberattack information. The SANS Institute's Internet Storm Center relies on freeware, called DShield, to anonymously collect data from users' intrusion-detection logs and disseminate this information to other users, but companies must submit their firewall logs to the center. CIDDAC is using software from AdminForce Remote LLC; members embed AdminForce's sensors into their company network and if an intruder attempts to penetrate the system, the intrusion-monitoring sensor sends a message to law enforcement and to other CIDDAC participants while protecting the identity of the reporting entity.

There is, however, one big downside. CIDDAC isn't free, like the other services. Membership will cost $10,000 per year, which pays for one sensor, a year of monitoring service, and access to CIDDAC reports. Since its April debut, the effort has been funded with about $100,000 from members, as well as $200,000 from the Homeland Security Department's Science and Technology Directorate. CIDDAC is searching for an additional $400,000 to move it beyond a pilot.

CIDDAC is expected to be fully functional by year's end. It's testing its sensor technology and reporting system in Philadelphia, New Jersey, and North Carolina. The next phase of testing, as CIDDAC receives production models of its sensors in the next month and a half, will include as many as 10 companies and institutions.

Whether CIDDAC succeeds remains to be seen. But no doubt weary IT departments on constant guard are looking for all the help they can get. (For more on information security, see story, The Threats Get Nastier).

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.