recommended reading

Can Big Data Stop Cyber Threats?


The quality of data and automation has not matured to the point where feeding information to machines can prevent cyberattacks, according to one former U.S. intelligence cyber chief.

Right now, there's simply too much information, and it's inefficient to analyze it, said Roger Hockenberry, former chief technology officer for the National Clandestine Service. Hockenberry spoke Tuesday at a discussion about the role of big data in cybersecurity organized by Nextgov.

Still, some current Homeland Security Department officials stressed the need to at least automate data feeds about breaches -- something organizations that are hit by hackers are often reticent about.

"What it really comes down to is your CERT," or computer emergency response team, said Hockenberry, who also served as a CIA chief for cyber solutions. "All the companies that I see have a very nascent ability to automate response to any kind of attack. It’s still a manual process."

Roberta Stempfley, DHS deputy assistant secretary for cybersecurity strategy and emergency communications, who also spoke at the event, said she values the wisdom of crowds in analyzing data, if they are trusted crowds. 

"One of the most important things we can do," she said, "is make sure the knowledge of one becomes the wisdom of others -- and they can take action to protect themselves based on what we know."

She offered the example of specially formatted data about threat "indicators," or hallmarks, that contains context, such as ways to use that data to stop hackers. DHS worked with industry to produce standards called STIX, for Structured Threat Information eXpression, that companies will feel comfortable sharing in a restricted environment. The department already has begun testing this automated, two-way exchange of formatted indicators across the financial sector, Stempfley said.

She estimates the system will be made available to other critical industry organizations within about three months. 

"Groupthink is not always useful," Stempfley said. "A trusted place to collaborate, and getting enough smart people around the problem to actually develop insight, is very useful."

Another DHS project – the Cyber Information Sharing and Collaboration Program -- has quietly gathered 84 organizations representing key sectors to do "deeper geek level analytics” that have proved “really powerful at getting the wisdom of more than a single individual," Stempfley said. 

This is not a comment page for anonymous pundits -- but rather a firewalled, vetted website where unidentified industry members can feel comfortable confessing to breaches. 

"I think that there are people who are much more comfortable in an anonymous manner," Stempfley said in an interview after the event. "When we describe that what we want is indicators and context, people get more comfortable with saying, 'I’m a retail provider,’ or they want to share their name, but most companies are not comfortable putting themselves out there yet."

Editor's Note: The headline and the lead section of this article have been updated to better characterize the remarks of participants at the event.

(Image via Ai825/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.