Just two days after the General Accounting Office (GAO) issued a scathing report on the security of the federal government’s computer systems, the Department of Defense (DoD) and the National Security Agency will announce Thursday a partnership with Lancope to develop a device, code-named the Therminator, for advanced information security.
The DoD was one of 14 federal agencies to receive an F in a recent GAO survey of government security systems released Tuesday. The government’s overall score for its security systems was 55, a slight improvement over last year’s 53.
The the DoD’s new technology transfer licensing and cooperative research and development agreement with Lancope will incorporate the Atlanta-based company’s StealthWatch intrusion detection system (IDS) with technology developed by the government that uses advanced math related to the temperature of matter to represent the incoming data flow on a network.
The parties plan to pursue an aggressive rollout of the technology with the goal of developing a prototype within six months. Lancope also plans to use elements of Therminator’s core technology in its commercial offerings at some point in the future.
Project Therminator aims to produce a graphical representation of network traffic that allows information security specialists and network administrators to recognize and understand the impact of incoming and outgoing network attacks in real-time. A key goal of the program is to identify network system intrusions that don’t follow known patterns or signatures. Standard IDS systems are vulnerable to new attack techniques.
“The threat to computerized networks is growing in sophistication, capability, and activity levels. Script-based intrusion detection systems do exactly what they are scripted to do and we must and will continue to employ them,” said Major General Dave Bryan, U.S. Army, Commanding Officer of the Joint Task Force for Computer Network Operations. “The problem is that we must also expect the threat to know this and to do the unexpected. In other words, the sophisticated threat I am most concerned with is not going to behave in an expected way. Therefore, we must carefully script our systems to look for the unexpected because they are going to camouflage their malicious activity as otherwise normal activity.”
According to Dr. John Copeland, founder, chairman and chief scientist with Lancope and the technology transfer chair at the School of Electrical and Computer Engineering with Georgia Institute of Technology, “Therminator will identify sophisticated cyber-war attacks that are launched by renegade or terrorist organizations that cannot be detected using traditional signature-based intrusion detection systems.”
Lancope’s StealthWatch has intelligent alarming, provides advanced network surveillance, operates at giga-speeds, recognizes unknown threats, and creates an audit trail of suspicious activity. Combined with the government’s new data-reduction and visualization technology, the partnership attempts to bridge the best elements of what is known in government lingo as GOTS (Government Off The Shelf) with COTS (Commercial Off The Shelf).
“By integrating Lancope’s proven behavior-based IDS with the NSA and DoD’s data visualization technology, we are developing superior, proactive information security technology that helps public agencies combat cyber war and gives private organizations the additional ability to recognize sophisticated denial of service attacks in real-time,” Copeland said.
Dr. Dave Ford, Special Assistant to the NSA’s Secure Network Technology Office added, “Maintaining US information superiority in a fast paced information-based economy invites us to rethink pieces of the traditional acquisition process from the R&D phase through to actual fielding. The success of our mission depends on establishing committed relationships between government and private industry and launching co-development initiatives to build, test, field and support superior solutions within the required timeframe.”
