DOD database would sift all network traffic for signs of attack

Participation would be voluntary, but will provide a clearer view of cyber threats, DOD official says

In its ongoing effort to keep and hold the high ground in cyberspace, the Defense Department is considering developing a database to monitor government and private-sector network traffic. According to U.S. Cyber Command officials, participating in the database is voluntary, but the collected information will provide the government with a better view of cyber threats.

Speaking last week at a seminar on cybersecurity regulation hosted by the Potomac Institute, Marine Lt. Gen. Robert E. Schmidle Jr., deputy commander of Cyber Command, said that the shared database will provide the DOD with a common operational picture. The database will collect information from all of the services’ networks, the Homeland Security Department and other federal agencies.

But putting all of these various data feeds into a single coherent database “will be an ugly challenge,” Schmidle said. Cooperating organizations who contribute data will have access to the database. This shared approach is important because it allows the government to respond in a unified fashion during an incident, he said.

Related coverage:

The attack that awakened the Pentagon

New threats compel DOD to rethink cyber strategy

However, Schmidle said that he did not expect the database to be set up immediately, as there are potential policy and privacy issues to be ironed out first.

Those issues include concerns about how deeply the DOD should be involved in commercial and civilian government networks. Nextgov reported that legislators and federal officials continue to debate the best strategy to defend government networks and critical infrastructure while maintaining individual and corporate privacy.

Schmidle contended that his organization only overlooks and defends sites in the .mil domain and only conducts operations on the Internet when ordered to by civilian officials. But he noted that defensive cyberspace operations cannot be effective without offensive operations on other networks.

Defense and industry experts have recently noted that while the DOD has established cyberspace commands and missions, what is still lacking is an overarching strategy to coordinate activities and responses to attacks at the national level.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Wed, Feb 9, 2011 Phoenix

The last time the government consolidated data from a bunch of sources into a single location, we ended up with embarrasing disclosures on Wikileaks. So now they want to combine defense and other strategic databases into a single database, conveniently giving potential hackers a single target to focus on. And someone actually thinks this is a good idea? Will they never learn?

Tue, Feb 8, 2011 John TN

... "optional / voluntary participation" ...?? Does the govt think anyone actually believes THAT?

Thu, Feb 3, 2011 rloeb

These guys have a continuing belief that all solutions lie in "big bang" databases. By the time all of the network activity data actually made it into this massive database, it would generally be too old to be useful. Worse, the signature of an attack vector would almost certainly be lost in the volume of data. This approach might be made to work if we did not have an agile, innovative enemy and a constantly shifting environment. What's needed are a lot of small teams charged with detecting threats early, with each team having sufficient autonomy that they can select their own tools and tactics. Competition between the teams will, eventually, result in the emergence of diagnostic techniques that are "smarter," at least for a while, than our enemies.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group