Crowdsourcing cyber threat defense
Paul Revere’s ride on April 18, 1775, to warn colonial troops at Concord. Mass., after seeing two lanterns in the Old North Church in Boston signaling the approaching British was arguably, said Mark Jaster, “the first successful evidence of an intelligence network operating in the United States.”
So when he founded his cybersecurity company -- 418 Intelligence Corp. -- Jaster selected a name that referred to that early intelligence network, with “418” representing April 18.
Far from focusing on old intelligence technologies, however, Herndon, Va.-based 418 Intelligence has just received a $350,000 grant from the Department of Homeland Security to develop a unique game-based forecasting platform for responding to cyber threats.
The idea behind 418 Intelligence’s platform is that when an organization detects a cyber attack or threat it will submit information about the event to the platform where it can be assessed by a recruited crowd of cybersecurity specialists.
“We are designing an online game experience that I call ‘fantasy football for cyber,’" Jaster said. “We are asking defenders to come to the table with their playbooks. The whole point is to ask the crowd -- who are journeymen cybersecurity analysts -- under this condition and within these parameters, what is going to happen?”
Given the sensitivity companies and government agencies have about revealing vulnerabilities, Jaster said a critical part of the platform design is developing a utility to anonymize the submissions of cyber attack details. Integrating a commercial technology that will provide rules-based encryption and digital-rights access for safely sharing the data is also vital, he said.
Once the analysts -- recruited primarily from government agencies, though Jaster said he also plans to reach out to the private sector for participation – have the threat data in hand, they submit what they believe would be the most effective steps for neutralizing the threat. “Then we ask an observer to bet on who is going to be most effective, and just how effective a specific control tactic will be against a specific attack tactic,” Jaster said. We're trying to get "a calibrated estimate" of a defense's effectiveness from the recruited crowd "that we then use as the prompt for real observers on the outside to validate whether those estimates are accurate with anonymized data.”
So what’s in it for the crowd of analysts? “There are a couple of reasons why they will want to be involved,” Jaster said. “One, just like the open source communities reward people for being experts in software development, they get reputation. They will gain stature in the community that they can use in their professional work to advance themselves and to gain influence and to sharpen their skills," he said. "That turns out to usually be the most lasting motivator.”
Second, Jaster said the company also has plans to commercialize crowdsourcing of cyber analysis. Participating analysts would benefit both by having access to real data that has been anonymized and that they can earn income from.
“What we are proposing,” Jaster said, “is to be the first on-demand incident response service out there.”
Posted by Patrick Marshall on Feb 08, 2018 at 2:36 PM