BD Spokes: PLANNING: NORTHEAST: Cross-organization Big Data Cyber Attack Awareness

BD 发言人：规划：东北：跨组织大数据网络攻击意识

• 批准号: 1636899
• 负责人: John Yen
• 金额: $ 9.96万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-09-01 至 2017-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1636899&HistoricalAwards=false
• 关键词: BD; Spokes; PLANNING; NORTHEAST; Cross

Cyber attacks, especially those involving Advanced Persistent Threats (APTs), have targeted organizations of all types, including higher education institutions. A key opportunity to counter large-scale cyber attacks is to initiate the establishment of a broad partnership regarding the ultimate goal of cross-organization protected sharing of relevant cyber security data for enhanced operation, workforce development, and research. The impacts of sharing cyber security data are immense. Due to the risks of monoculture in enterprise computing, the "one plus one is greater than two" effects have already been widely recognized in the cyber security community. They can enhance collaborative cyber security operations through cross-organization sharing of relevant cybersecurity data. They can also empower researchers to develop scalable data analytics and tools for more effective prevention, mitigation, and response to cross-organization cyber attacks. Finally, they can significantly enhance the education and learning of diverse cyber security workforce (including developers, analysts, and managers). A key challenge for sharing cyber security data is an institution's concern about potential risks involved in sharing such data. Due to the complexity of the problems, solutions to tackle this challenge can only emerge from meetings and forums that include all stake holders such that their potential concerns about sharing cyber security data can be addressed together. Furthermore, thought leaders in cyber security, big data analytics, cyber infrastructure, privacy, data sharing policy and compliance can all contribute to such discussions in a unique way. Therefore, this project will organize a series of planning activities (including a workshop) regarding Cross-organization Sharing of Cyber Security Data, in collaboration with the Northeast Big Data Hub, Penn State, Rutgers University, Dartmouth College, industry partners (e.g., IBM), and government partners (e.g., Army Research Lab). The workshop will generate a report regarding best practices (including draft agreements and related infrastructures), planning for workforce development, and path to financial sustainability for three academic institutions in Northeast region (i.e., the Pennsylvania State University, Rutgers University, and Dartmouth College) to enable and leverage cross-organization sharing of massive cyber security data.This project will improve our understanding about the complex issues related to barriers for protected sharing of cyber security data. An improved understanding regarding these issues and their relationships in a holistic way provides a critical base on which possible best practices for agreements, frameworks, and cyber infrastructures for sharing relevant cyber security data can be established. In addition, the workshop will also identify options and uncover their tradeoffs for addressing the complex issues for cross-organization sharing of cyber security data. It is likely that these tacit knowledge, once articulated clearly through the workshop report, will enhance the formal knowledge regarding cyber security analysis, management, and tool development, especially for achieving cross-organization big data cyber attack awareness. This project will also generate three broad impacts: (i) it will fundamentally transform cyber defense operations by enabling multi-organization collaborative defense; (ii) it will enhance the global competitiveness of diverse cyber security workforce through enhancements to training tools, learning modules, and courses that leverage real-world cyber security data; (iii) it will foster research regarding cross-organization cyber situation awareness through innovative analytics of massive cross-organization cyber security data.This award is co-funded by the CISE Division of Computer and Network Systems (CNS) Secure and Trustworthy Computing (SaTC) Program.

网络攻击，特别是那些涉及高级持续性威胁（apt）的网络攻击，针对的是所有类型的组织，包括高等教育机构。应对大规模网络攻击的一个关键机遇是，发起建立广泛的伙伴关系，以实现跨组织共享相关网络安全数据的最终目标，以加强运营、员工发展和研究。共享网络安全数据的影响是巨大的。由于企业计算存在单一文化的风险，“一加一大于二”的效应已经在网络安全界得到广泛认可。他们可以通过跨组织共享相关网络安全数据来加强协同网络安全行动。它们还可以使研究人员能够开发可扩展的数据分析和工具，以更有效地预防、缓解和响应跨组织的网络攻击。最后，它们可以显著加强各种网络安全工作人员（包括开发人员、分析师和管理人员）的教育和学习。共享网络安全数据的一个关键挑战是机构对共享此类数据所涉及的潜在风险的担忧。由于问题的复杂性，应对这一挑战的解决方案只能来自包括所有利益相关者在内的会议和论坛，以便共同解决他们对共享网络安全数据的潜在担忧。此外，网络安全、大数据分析、网络基础设施、隐私、数据共享政策和合规等领域的思想领袖都可以以独特的方式为此类讨论做出贡献。因此，该项目将与东北大数据中心、宾夕法尼亚州立大学、罗格斯大学、达特茅斯学院、行业合作伙伴（如IBM）和政府合作伙伴（如陆军研究实验室）合作，组织一系列关于网络安全数据跨组织共享的规划活动（包括研讨会）。研讨会将生成一份关于东北地区三所学术机构（即宾夕法尼亚州立大学、罗格斯大学和达特茅斯学院）的最佳实践（包括协议草案和相关基础设施）、劳动力发展规划和财务可持续性路径的报告，以实现和利用大规模网络安全数据的跨组织共享。该项目将提高我们对网络安全数据共享保护障碍相关的复杂问题的理解。提高对这些问题及其整体关系的理解，为建立共享相关网络安全数据的协议、框架和网络基础设施的最佳实践提供了关键基础。此外，研讨会还将确定选项并揭示其权衡，以解决跨组织共享网络安全数据的复杂问题。这些隐性知识，一旦通过研讨会报告清晰地表达出来，很可能会增强关于网络安全分析、管理和工具开发的正式知识，特别是实现跨组织大数据网络攻击意识。该项目还将产生三个广泛的影响：(i)它将通过实现多组织协同防御，从根本上改变网络防御行动；（ii）通过改进利用现实世界网络安全数据的培训工具、学习模块和课程，提高各类网络安全劳动力的全球竞争力；（iii）通过对海量跨组织网络安全数据的创新分析，促进有关跨组织网络态势感知的研究。该奖项由CISE计算机和网络系统（CNS）安全与可信计算（SaTC）计划部门共同资助。