US establishes national cyber-threat agency

A new early-response cyber-security organisation has been set up in the US to help protect the country’s critical infrastructure.

The Cyber Incident Detection Data Analysis Center (CIDDAC) has its national operations centre at the University of Pennsylvania’s Institute of Strategic Threat Analysis and Response laboratory. 

The private sector initiative has the support of US law enforcement agencies and the Department of Homeland Security Science and Technology Directorate, which is helping to fund the organisation. 

CIDDAC (www.ciddac.org) will respond to criminal and terrorist use of the internet by providing automated incident reporting to law enforcement agencies when security breaches occur. At the same time it is promising to protect the identity and privacy of its reporting members and their data. 

CIDDAC will collect data from private companies that help make up the country’s critical infrastructure, such as banking systems or essential utilities.

“The CIDDAC method of gathering cyber-threat data is done in such a way that the private sector can both report and benefit from such data without worrying about the government accessing their internal network,” said Charles “Buck” Fleming, executive director of CIDDAC. “The rapid sharing of such crucial information will allow US companies and the nation as a whole to operate more securely and smoothly."

CIDDAC works by connecting an intrusion-monitoring machine, known as a real-time cyber-attack detection sensor, to a corporate network. While the sensor is not connected to any actual corporate production systems, it appears to intruders as just another machine on the network.  

The sensor is also linked to the CIDDAC national operating centre, which quickly alerts both law enforcement agencies and other member organisations once it detects a threat. 

The identity of the reporting company remains confidential. While law enforcement agencies do not access private corporate data, they are able to compile attack signatures. These cyber-signatures are then profiled to provide government investigators with the data to rapidly identify, locate and neutralise cyber-threats.

Companies, organisations and government agencies involved in critical national infrastructure sectors such as banking, electrical power, gas and oil, telecoms, water, transportation and government services are being encouraged to join CIDDAC. 

The US also benefits from early-warning cyber-threat reports supplied by CERT and the SANS Institute. CIDDAC is the only one of the three that specialises in critical infrastructure.