Preparing for a Different Kind of Cyberattack

With the help of Lancope Inc., the government is working on a new technology to identify and repel attacks that don't adhere to known patterns or signatures.

While many agencies are still licking their wounds from once again failing their annual information security test, the Department of Defense and the National Security Agency on Thursday will announce a new partnership that could go a long way toward shoring up the security of the governments networks.

The new agreement is a joint research and development initiative with Lancope Inc., to build an advanced intrusion-detection appliance for use both inside the government and in the private sector. Code-named the Therminator, the appliance will incorporate Lancopes StealthWatch, behavior-based IDS system with a new data-reduction and visualization technology developed by the government.

Perhaps indicating the governments current emphasis on information security, the organizations have set forth an aggressive development schedule and are hoping to deploy a prototype appliance within six months.

A key component of the box is the visualization technology developed at the Naval War College by Dave Ford, special assistant to the Secure Network Technology Office at the NSA, in Fort Meade, Md. The technology uses some advanced math related to the temperature of matter to represent the incoming data flow on a network. The data flow is shown in a series of bar graphs plotted by time and colored to show anomalies.

"It allows you to see the characteristics of a data stream. Events like Code Red cause visual changes in the color display," said John Copeland, co-founder and chief scientist at Lancope, based in Atlanta. "The main problem with all of this incoming data is theres so much of it, how do you reduce it to something thats usable?"

The governments main goal with this initiative is to develop a technology thats capable of identifying and repelling attacks that dont adhere to known patterns or signatures. Conventional IDS systems rely on signature files, much like anti-virus products do, and are essentially blind to new attack techniques.

Several top officials in the Bush administration have said repeatedly that they believe terrorists and hostile nations will soon begin using the Internet as a key attack platform, if theyre not already doing so.

"The DoD is expecting non-patterned attacks," Copeland said. "If they recognize that its taking place, then they can use other tools to investigate whats happening. The military wants to be prepared."

Lancope plans to integrate the Therminators core technology into its commercial offerings at some point, as well.