recommended reading

Can Big Data Stop Cyber Threats?


The quality of data and automation has not matured to the point where feeding information to machines can prevent cyberattacks, according to one former U.S. intelligence cyber chief.

Right now, there's simply too much information, and it's inefficient to analyze it, said Roger Hockenberry, former chief technology officer for the National Clandestine Service. Hockenberry spoke Tuesday at a discussion about the role of big data in cybersecurity organized by Nextgov.

Still, some current Homeland Security Department officials stressed the need to at least automate data feeds about breaches -- something organizations that are hit by hackers are often reticent about.

"What it really comes down to is your CERT," or computer emergency response team, said Hockenberry, who also served as a CIA chief for cyber solutions. "All the companies that I see have a very nascent ability to automate response to any kind of attack. It’s still a manual process."

Roberta Stempfley, DHS deputy assistant secretary for cybersecurity strategy and emergency communications, who also spoke at the event, said she values the wisdom of crowds in analyzing data, if they are trusted crowds. 

"One of the most important things we can do," she said, "is make sure the knowledge of one becomes the wisdom of others -- and they can take action to protect themselves based on what we know."

She offered the example of specially formatted data about threat "indicators," or hallmarks, that contains context, such as ways to use that data to stop hackers. DHS worked with industry to produce standards called STIX, for Structured Threat Information eXpression, that companies will feel comfortable sharing in a restricted environment. The department already has begun testing this automated, two-way exchange of formatted indicators across the financial sector, Stempfley said.

She estimates the system will be made available to other critical industry organizations within about three months. 

"Groupthink is not always useful," Stempfley said. "A trusted place to collaborate, and getting enough smart people around the problem to actually develop insight, is very useful."

Another DHS project – the Cyber Information Sharing and Collaboration Program -- has quietly gathered 84 organizations representing key sectors to do "deeper geek level analytics” that have proved “really powerful at getting the wisdom of more than a single individual," Stempfley said. 

This is not a comment page for anonymous pundits -- but rather a firewalled, vetted website where unidentified industry members can feel comfortable confessing to breaches. 

"I think that there are people who are much more comfortable in an anonymous manner," Stempfley said in an interview after the event. "When we describe that what we want is indicators and context, people get more comfortable with saying, 'I’m a retail provider,’ or they want to share their name, but most companies are not comfortable putting themselves out there yet."

Editor's Note: The headline and the lead section of this article have been updated to better characterize the remarks of participants at the event.

(Image via Ai825/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.