ACSC members explore how to refine the data analytics research agenda at Innovation Workshop

July 18, 2016

The Advanced Cyber Security Center held a Cyber Innovation Workshop in partnership with the Massachusetts Innovation Bridge on June 29, bringing together leading regional cybersecurity thinkers to help frame a data analytics research agenda.

The event was an interactive working session among attendees that yielded some fresh thinking on data analytics research priorities. By the end of the session, attendees had pinpointed several important areas for cybersecurity research. A project in development, led by Liberty Mutual, to provide real data sets for research was also introduced at the event.

The first panel focused on the need for effectively sorting through data, with panelists calling for innovations in providing more timely actionable information. Steve Patton, Information Security Architect at Liberty Mutual Insurance Company, Ashley O’Connor, Vice President Network Security Services at the Federal Reserve, and Garrett Schubert, manager of Incident Response and Threat Intelligence at Acquia explored the need to advance data analytics to provide more valuable and immediate threat intelligence that signal deviations from “normal” network behavior. Vineet Mehta, Ph.D., Principal Cyber Researcher and Group Leader at the MITRE Corp. moderated the discussion.

“We spend too much time responding or trying to understand the risk and what we do is we get lost in the noise,” said Schubert.

Added O’Connor: “My research challenge to the panel … is to  make it easier for companies to stay ahead of the curve and sleep at night because they know what situational normal is and know when something bad is going to happen.”

Expanding on the theme of creating a new level of actionable intelligence, Patton said. “We want to know normal and abnormal, good and bad, but I think we desperately need to know important and unimportant.”

The second panel focused on cybersecurity research opportunities and included Trey Herr, a Fellow at the Belfer Center’s Cyber Security Project at Harvard Kennedy School, Howard Shrobe, Ph.D and principal research scientist at MIT’s CSAIL, and Michael Siegel, Principal Research Scientist and Associate Director, MIT Sloan School of Management. David Luzzi, Ph.D., Vice Provost for Research, Innovation and Development at Northeastern University’s Innovation Campus at Burlington, moderated the panel. They responded to the first panel’s call for making data analytics in cybersecurity more diagnostic.

Siegel called for an extension of data into human behavior that affects cybersecurity. “To some extent, I want to see more data, like Liberty Mutual’s, moving forward, but I want to somehow start to extend our appetite for data to things that affect the environments and what we know is to be the main problem, which is people, which, depending on whether you’re at 50% or 90%, depending on the survey, ultimately they are the cause of the problems we face.”

Herr said cyber attackers should not be treated in isolation, but could offer collective intelligence to help thwart attacks. “Realistically, these groups do communicate, and even if it’s not intentional the way that they operate ...  how can we build on that insight?

Shrobe explained that his research at MIT could align with the desire of cybersecurity professionals to receive the kind of data that enables a quick, efficient response. “What we would like to be doing is recognizing where in this high level plan for attacking the system the attackers are and to adjust our sensors to be looking for those kind of things. It means we don’t have to expand lots of energy when we don’t think we’re under attack and we can focus when we know a little bit about what kind of attack we’re under.”

After the second panel, event participants were asked to rank their research priorities. Among the top research themes springing from the panel:

• How to compress time from problem to mitigation?

• How to determine what’s important and what’s not?

• Where does accountability need to be?

• How to standardize risk management metrics for cybersecurity?

• How do we distinguish what’s normal?

ACSC chairman William Guenther kicked off the Innovation Workshop with an overview of ACSC’s strategic assessment, emphasizing plans for an enhanced commitment to threat sharing and workforce development. The organization has launched a search for a new executive director to fill the shoes of Charlie Benway, who recently left to become the director of the Massachusetts Innovation Bridge. Benway was honored for his vital role in moving ACSC forward during a post-event ceremony and received a citation signed by Gov. Charlie Baker for his work on behalf of the ACSC.