The government is embarking on a new effort to develop technology that can predict and detect cyber attacks.
The program — called the cyber attack automated unconventional sensor environment, or CAUSE — is being spearheaded by the U.S. Intelligence Advanced Research Projects Activity organization.
“What we’re looking to do is to get ahead of all of these attacks and threats … in order to protect critical infrastructure,” said Robert Rahmer, CAUSE’s program manager.
IARPA wants to change the current paradigm of responding to attacks months or even a year after the fact and actually predict them, he said. The CAUSE program will take advantage of advancements in big data, open source information and threat intelligence-gathering.
Predicting a cyber threat, even if only a few seconds or minutes before it occurs, can be beneficial, Rahmer said. IARPA wants to eventually be able to predict them three to five days ahead, depending on the type of attack.
“There are several steps in the process of a [cyber attack] campaign and if you look at them individually, there are likely indicators during that process … that we can hopefully identify,” he said. “The idea is that we’re going to extract some of these features and signals from the earlier phases of that campaign.”
For example, during a distributed denial of service attack, the infrastructure is often set up months beforehand, he said.
IARPA has awarded four contracts for the effort to BAE Systems, Leidos, Charles River Analytics and the University of Southern California’s Information Sciences Institute. The effort kicked off in August. It will include three phases with a downselect at the end of each of them. The first phase will last 18 months. Phases two and three are each 12 months.
Anne Taylor, the director of BAE’s cyber and communications technologies research group, said the company received an $11.4 million contract for the program. It will develop software to help predict attacks.
BAE Systems plans to draw from a wide variety of sources — including chatter on social media — and then “fuse all these different types of activities — the cybersecurity, the human behavior, social sciences and prediction,” she said.
BAE will work with StratumPoint, Digital Operatives LLC and the University of Maryland on the project, Taylor said.