Since the nature of cybersecurity is highly defensive, organizations typically associate risk with information sharing. That’s why Galois chose to launch its collaboration program in August within the higher education field, where collaboration is much more culturally accepted and encouraged.
The firm turned to the Northwest Academic Computing Consortium (NWACC), a network of 33 colleges, universities and nonprofit organizations across the Pacific Northwest that collaborate on the use of advanced technologies to benefit its members. The organization is made up of a diverse set of members across many states, including Oregon, Washington, Idaho, Montana, North Dakota, Alaska, Hawaii and Colorado.
The program's goal is simple: Develop advanced technology to identify, defend and prevent cyber attacks more efficiently and effectively. As Adam Wick, research lead of Mobile Security and Systems Software at Galois points out, efficiency is key.
“One of the biggest problems in cyberattacks is that response is really slow. You have to figure out what the attack looks like, then call ISP over the telephone, and then ask for help,” he explains. “Then you have to go through a process to confirm your identity, then apply suggestions. At that point, they might be flooded. It can take hours if you’re lucky, days if you’re not.”
To address that concern, Galois is focused on designing technology that is not only faster, but also smarter at detecting cyber threats.
“The first step was to figure out how to make this system more rapid and responsive. We’ve built detection systems to identify that DDoS [distributed denial-of-service] is starting and identify what it looks like and summarize in exactly the way ISP wants to hear it,” Adam says. “Once we have that in place, our second step is communicating that information around a network of peers. If one university has detected they have a DDoS attack, they can announce it to their peers.”
According to NWACC President Martin Ringle, this collaborative approach has enhanced communication and understanding for all participating universities.
“Collaboration is beneficial in a couple of critical ways: The expertise level is never going to be as broad as the expertise shared by dozens of institutions,” he said. “The more security officers involved, the wider the breadth of expertise. We can leverage that knowledge, especially for smaller institutions. It’s the sum of parts.”
While the collaboration program is slated to unfold over the next two years, the goal is to deliver a working prototype by 2018 that can be applied to other institutions and industries, such as banks and government agencies.
“Our initial targets are mid-size intuitions or ISPs because those are our core users right now,” Wick said. “Organizations that are big enough that they have a chance of someone wanting to attack them, but not big enough that they can be multi-homed. Government departments will be our first big targets.”
In the mean time, Galois is eager to collect as much information from diverse organizations during this research and development phase to best design effective defense tools to meet its needs. And the firm encourages any interested organizations to consider joining the pilot program, as it will greatly help discover insights and challenges out there.
“In development, whether it be research or standard product development, the more entities we can talk to about this," Wick said, "the fewer guesses we have to make and the more research we can do.”
