Can the National Security Agency and metadata come to the rescue?
Perhaps. With a little help.
The recent disclosures of secret surveillance programs operated by the NSA confirm that the collection of personal digital data is virtually unlimited. PRISM in particular gives the agency access to data from U.S. Internet companies such as data-rich giants like Google and Facebook.
Similar programs are reported to exist for monitoring and collecting customer metadata from Verizon, AT&T and other cell phone service providers. Sucking up signals such as phone records and IP addresses can reveal who knows whom, where individuals have been, where they’re going and a vast array of other information.
These revelations have sent shocks of alarm through an American populace already weary of unwanted government intrusions. But due to continuing fears of foreign terrorist threats to the United States, these metadata-fed programs are unlikely to disappear anytime soon.
Given we are stuck with these activities, what if we could mine this treasure trove of metadata in a way to strengthen America’s cyber defense capabilities? An elite government research effort may just be able to add the sophisticated analysis to make this possible.
Among other projects, the Intelligence Advanced Projects Research Activity (IAPRA) conducts research focused on mining massive amounts of data to forecast events like a deadly disease outbreak or currency collapse. One recent IAPRA project raised eyes on Wall Street by successfully predicting the investment direction of the securities markets over an eight-year period.
Drawing on the NSA’s metadata, might the IAPRA be able to similarly predict potential cyberattacks?
It makes sense, considering cyberattacks are not planned in a vacuum. Communications between team members must take place, attack tools purchased, and programming talent attained. Computer resources (such as botnets) will be procured and potential targets probed for weaknesses. Individually, these actions can send up red flags. When collectively woven into patterns of behavior, however, such actions may serve as bright beacons signaling potential cyberattacks.
But even if we see the beacon flashing red, who flips the "ON" switch to unleash U.S. preemptive cyber strikes (active defenses) to prevent the attacks? Just as if on cue, the government revealed earlier this year that President Obama will have “broad powers to order a pre-emptive attack” in light of evidence of a major foreign cyberattack.
Our picture is thus complete.
Will metadata collection, programs such as PRISM and the skills of the IAPRA be brought together into a successful predictive cyber defense program for the U.S.?
Time will tell. I would keep my eye on news out of IAPRA projects for clues.