recommended reading

Can Big Data Stop Cyber Threats?


The quality of data and automation has not matured to the point where feeding information to machines can prevent cyberattacks, according to one former U.S. intelligence cyber chief.

Right now, there's simply too much information, and it's inefficient to analyze it, said Roger Hockenberry, former chief technology officer for the National Clandestine Service. Hockenberry spoke Tuesday at a discussion about the role of big data in cybersecurity organized by Nextgov.

Still, some current Homeland Security Department officials stressed the need to at least automate data feeds about breaches -- something organizations that are hit by hackers are often reticent about.

"What it really comes down to is your CERT," or computer emergency response team, said Hockenberry, who also served as a CIA chief for cyber solutions. "All the companies that I see have a very nascent ability to automate response to any kind of attack. It’s still a manual process."

Roberta Stempfley, DHS deputy assistant secretary for cybersecurity strategy and emergency communications, who also spoke at the event, said she values the wisdom of crowds in analyzing data, if they are trusted crowds. 

"One of the most important things we can do," she said, "is make sure the knowledge of one becomes the wisdom of others -- and they can take action to protect themselves based on what we know."

She offered the example of specially formatted data about threat "indicators," or hallmarks, that contains context, such as ways to use that data to stop hackers. DHS worked with industry to produce standards called STIX, for Structured Threat Information eXpression, that companies will feel comfortable sharing in a restricted environment. The department already has begun testing this automated, two-way exchange of formatted indicators across the financial sector, Stempfley said.

She estimates the system will be made available to other critical industry organizations within about three months. 

"Groupthink is not always useful," Stempfley said. "A trusted place to collaborate, and getting enough smart people around the problem to actually develop insight, is very useful."

Another DHS project – the Cyber Information Sharing and Collaboration Program -- has quietly gathered 84 organizations representing key sectors to do "deeper geek level analytics” that have proved “really powerful at getting the wisdom of more than a single individual," Stempfley said. 

This is not a comment page for anonymous pundits -- but rather a firewalled, vetted website where unidentified industry members can feel comfortable confessing to breaches. 

"I think that there are people who are much more comfortable in an anonymous manner," Stempfley said in an interview after the event. "When we describe that what we want is indicators and context, people get more comfortable with saying, 'I’m a retail provider,’ or they want to share their name, but most companies are not comfortable putting themselves out there yet."

Editor's Note: The headline and the lead section of this article have been updated to better characterize the remarks of participants at the event.

(Image via Ai825/

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.