C3E Workshop 2011 Final Report

pdf

Executive Summary

The Science and Technology Lead for Cyber at the Office of the Director of National Intelligence (ODNI) and the Chief of Trusted Systems Research at the National Security Agency (NSA) co-hosted the 2011 Computational CyberSecurity in Compromised Environments (C3E) Workshop this past September. The research workshop brought together a diverse group of top academic, commercial and government experts to examine new ways of approaching the cybersecurity challenges facing our Nation.

This was the third in a series of research workshops related to C3E, drawing upon the work of C3E efforts in 2009 and 2010 on adversarial behavior, models, data, the need for practical solutions and the need for understanding how best to employ human- and machine-based decisions in the face of emerging cyber threats. C3E holds as a central purpose the creation of an enduring community of interest who can continue to innovate on the analytic and operational challenges we face in light of these threats.

Predictive analytics was topic of the C3E 2011 workshop. The temporal and substantive dimensions associated with cyberspace are so challenging that warning, anticipation, and reaction are different than those from other threats, including aspects created by continuous, fast moving, or advanced persistent threats. Predictive analytics can be applied to understanding the presence of an adversary in a system or network, as well as the range of actions they could apply, and under what circumstances. Predictive analytics also allows the development of analytic models of normal, abnormal, and threat activities in order to anticipate, rather than react to developments.

This year, looking through the lenses of two potential foundations of predictive analytics – emergent behavior and the intersection of anomalous activities – C3E participants’ highlighted observations and findings into a set of areas for further consideration, including:

  • the importance of predictive analytics to the cyberspace security mission

  • the demonstrated relevance of analytics to both theoretical understanding and practical application of cyberspace challenges

  • the opportunities and challenges associated with “big data” including the relevance of perspective and analytic metaphor from other scientific disciplines

  • data requirements and metrics for modeling cyber emergence

  • issues related to model evaluation and interoperability

  • conceptual approaches and real examples of the potential value of intersecting anomalies, and

  • alternative perspectives on the attacker-defender calculus in cyberspace

C3E remains focused on cutting-edge analysis and analytics and understanding systems, networks, and how people interact with them. In addition, while C3E is often oriented around research, we have begun to incorporate practical examples of how different government, scientific and industry organizations are actually using advanced analysis and analytics in their daily business, and creating a path to applications for the practitioner. This is important to providing real solutions to address cyber problems, rather than remaining at the theoretical level.

These ideas are summarized in this report, including detailed appendices. As such, they are ideas that the C3E workshop participants thought to be worthy of additional U.S. government, academic, and private sector attention.

 

Tags:
Submitted by Katie Dey on