Next-Generation Technologies & Secure Development

Beyond Firewalls and Encryption

FAA Infosec Pilot Showcases Multi-Disciplinary Approach
Beyond Firewalls and Encryption
A prototype information security system being developed for the Federal Aviation Administration goes beyond encryption, firewalls, intrusion-detection devices and anti-virus software and introduces new methods to safeguard, in real time, the agency's high-speed networks.

"When you have project like this, it's not just about firewalls; it's about analytics, it's about correlations, it's about bringing the whole picture together, because it's a multidisciplinary challenge," says Charles Palmer, director of the IBM Institute for Advanced Security, which is developing the prototype system for the FAA.

Palmer says the prototype system will correlate historical traffic patterns with dynamic data from monitors, sensors and other devices capturing information about network traffic and user activity in real time. "It's going to introduce a whole new set of technologies we've been doing at IBM Research around botnets, detecting malware and other kinds of cyber threats," Palmer says.

The FAA pilot is part of IBM's First-of-a-Kind program, which engages scientists from IBM Research with clients to explore and pilot emerging technologies that address real world problems. The FAA is counting on IBM's know-how. "We're basically leveraging IBM expertise," FAA spokesman Paul Takemoto says. "We'll see what they can offer. Inherent in that is this confidence on our part that they can deliver a system that can help us."

IBM is footing the bill for the 10-month research and development project through should run throughout most of 2010 at a cost of $1.2 million to $1.5 million, Takemoto says, adding that no taxpayer money is being spent on the pilot. IBM could recoup its investment if it ends up selling the technology to the FAA or other organizations after the pilot program ends.

The FAA has partnered with vendors in what it characterizes as other transactional agreements, or OTAs, such as the development of the next generation of its air transportation system, Takemoto says. OTAs don't require competitive bidding, and this is the first one focused on cybersecurity at the FAA, he says.

According to IBM, streaming analytics will be a key design component of the FAA prototype system, allowing agency that manages civilian air traffic to constantly analyze the immense amounts of data flowing through its networks in real time and get immediate and accurate insights about possible threats and system compromises so immediate action can occur. The system would allow the FAA to capture real-time information and store it in a data warehouse for later analysis.

Customized Dashboards

In the design, IBM says, customized executive-level dashboards will deliver immediately information on the security posture of the FAA networks. The dashboards will present FAA officials visual representations of network workloads, tickets for found malware and historical trends to facilitate decision making and early action in the event of network anomalies suggesting a possible attack, the computer maker said.

Palmer says the FAA prototype resembles the Einstein 2 intrusion detection and Einstein 3 intrusion prevention systems the government is deploying and developing, respectively. "There are going to be similarity because they're up against similar threats," Palmer says.

"This is going to be one of the first times we've actually been able to apply analytics to live security data to try to see, 'Oh, look, something is happening.' In the past, lot of folks been able to look at the data after it happened and say, 'Yep, yep, yep, you can see it happening; here it comes, here it comes: boom,'" Palmer says. "This system can be able to learn from the historical stuff, and build and watch into the future what's coming right now; it's really amazing."

Palmer sees the FAA-IBM collaboration as an example of the partnerships White House Cybersecurity Coordinator Howard Schmidt is calling for between government and business. "Government realizes these problems are massive; they not going away; they're not going to dissipate, they're not going to get better because the bad guys have plenty of time and no reason to not keep trying to cause trouble," he says. "Clearly, government wants to leverage world class research."


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.