Argonne develops program for cyber security “Neighborhood Watch”

July 16, 2009

Cyber security team wins 2009 DOE innovation, technology achievement award

ARGONNE, Ill. — U.S. Department of Energy laboratories fight off millions of cyber attacks every year, but a near real-time dialog between these labs about this hostile activity has never existed – until now.

Scientists at DOE's Argonne National Laboratory devised a program that allows for cyber security defense systems to communicate when attacked and transmit that information to cyber systems at other institutions in the hopes of strengthening the overall cyber security posture of the complex.

"The Federated Model for Cyber Security acts as a virtual neighborhood watch program.  If one institution is attacked, secure and timely communication to others in the Federation will aide in protecting them from that same attack through active response," cyber security officer Michael Skwarek said.

Prior to the development of the Federated Model for Cyber Security, the exchange of hostile activity was solely on the shoulders of the human element.  In cyber attacks, every second counts. The ability to securely share such information will assist in strengthening others against similar attacks.  With millions of cyber security probes a day, the human element will not be successful alone.

"This program addresses the need for the exchange of hostile activity information with the goal of reducing the time to react across the complex.  History has shown that hostile activity is often targeted at more than one location, and having our defenses ready and armed will assist greatly," Skwarek said.

Currently, the program is capable of transmitting information regarding hostile IP addresses and domain names, and will soon be able to share hostile email address and web URLs to others in the Federation.

For developing the program, Skwarek, along with Argonne's cyber security team members Matt Kwiatkowski, Tami Martin, Scott Pinkerton, Chris Poetzel, Gene Rackow and Conrad Zadlo, won the DOE's 2009 Cyber Security Innovation and Technology Achievement Award.

The Federated Model for Cyber Security has proved to be an important cyber security and communication tool.  Use in the private sector, as well as in institutions with heavy collaborative efforts, can realize an operational gain by leveraging the power of sharing and learning from others on what they see and defend against on a daily basis.