US establishes national cyber-threat agency

A new early-response cyber-security organisation has been set up in the US to help protect the country’s critical infrastructure.

The Cyber Incident Detection Data Analysis Center (CIDDAC) has its national operations centre at the University of Pennsylvania’s Institute of Strategic Threat Analysis and Response laboratory. 

Download this free guide

From forensic cyber to encryption: InfoSec17

Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

The private sector initiative has the support of US law enforcement agencies and the Department of Homeland Security Science and Technology Directorate, which is helping to fund the organisation. 

CIDDAC (www.ciddac.org) will respond to criminal and terrorist use of the internet by providing automated incident reporting to law enforcement agencies when security breaches occur. At the same time it is promising to protect the identity and privacy of its reporting members and their data. 

CIDDAC will collect data from private companies that help make up the country’s critical infrastructure, such as banking systems or essential utilities.

“The CIDDAC method of gathering cyber-threat data is done in such a way that the private sector can both report and benefit from such data without worrying about the government accessing their internal network,” said Charles “Buck” Fleming, executive director of CIDDAC. “The rapid sharing of such crucial information will allow US companies and the nation as a whole to operate more securely and smoothly."

CIDDAC works by connecting an intrusion-monitoring machine, known as a real-time cyber-attack detection sensor, to a corporate network. While the sensor is not connected to any actual corporate production systems, it appears to intruders as just another machine on the network.  

The sensor is also linked to the CIDDAC national operating centre, which quickly alerts both law enforcement agencies and other member organisations once it detects a threat. 

The identity of the reporting company remains confidential. While law enforcement agencies do not access private corporate data, they are able to compile attack signatures. These cyber-signatures are then profiled to provide government investigators with the data to rapidly identify, locate and neutralise cyber-threats.

Companies, organisations and government agencies involved in critical national infrastructure sectors such as banking, electrical power, gas and oil, telecoms, water, transportation and government services are being encouraged to join CIDDAC. 

The US also benefits from early-warning cyber-threat reports supplied by CERT and the SANS Institute. CIDDAC is the only one of the three that specialises in critical infrastructure.