FAA, IBM set sights on real-time network security
Project uses analytics platform that could recognize attacks as they arrive
- By William Jackson
- Apr 15, 2010
The Federal Aviation Administration is partnering with IBM in a research and development program to create a real-time, intelligent system that could recognize online attacks while they are forming and thwart them before they are launched.
“We are getting information overload” from an increasing number of warnings and alerts from sensors, firewalls and organizations, such as the U.S. Computer Emergency Readiness Team, said FAA spokesman Paul Takemoto. “The challenge is to put this together in a way that is meaningful.”
The system would provide a first-level analytics capability that would elevate alerts to the next level of human analysis, Takemoto said. “IT’s not going to replace the human element.”
Faster networks, closer inspection fend off agile threats
The heart of the prototype system would be a streaming analytics engine developed by IBM to do signals intelligence for the Defense Department. InfoSphere Streams is a platform for real-time analysis of multiple data streams that are delivered at different speeds and in different formats, in volumes too large to be stored and reviewed, said David McQueeney, chief technology officer at IBM U.S. federal business.
“One of the uses we thought was promising for this was cybersecurity,” he said. So IBM approached FAA to collaborate on a prototype.
Although Takemoto said FAA is confident IBM will be able to come up with a system, the project is strictly R&D at this time. The agency and company will work to develop the algorithms needed for security data analysis and define the level of performance and scalability required for a workable system. FAA will then decide whether to proceed with further development, testing and deployment.
Takemoto said the program is not tied to FAA’s Next Generation Air Transportation System, a long-term effort by FAA to bring air traffic control into the 21st century by replacing radar-based guidance with a satellite-based system that would allow pilots to locate other aircraft and communicate with other pilots and FAA controllers more efficiently.
“Our air traffic control systems are separate from our administrative systems,” he said.
The effort is part of IBM’s First-of-a-Kind program, which brings IBM scientists together with customers in an effort to create commercial products from innovative technologies.
“All we ask the customer to do is put up some of their best technical resources; we pay for the researchers,” McQueeney said.
The project is expected to wrap up late this year.
“Cybersecurity turns out to be one of the more interesting use cases” for streaming analytics, McQueeney said. “You typically are under attack for a while before you know about it. The goal is to get inside the execution loop” of the attack and disrupt it before it is carried out.
Organizing an attack requires a fair amount of heavy lifting. This work often is automated and carried out through command-and-control channels between malicious servers and compromised computers that make up botnets. IBM and FAA hope to create a system that can detect and recognize those activities before an attack is launched. Technologies such as deep packet inspection can recognize and respond to known patterns, but the new system would be able to learn patterns of behavior from past activity.
“These are some of the hardest problems in computer science,” McQueeney said of giving computers the ability to learn. “But this is a platform that lets the computer scientists spend all of their time on that problem” because the ability to do high-speed analysis of streaming data is already available.
InfoSphere Streams is a run-time platform that provides the analytical horsepower. Developers will create the application and algorithms to sit on it. “The technology we are using has a tremendous amount of computational ability,” McQueeney said.
William Jackson is a Maryland-based freelance writer.