Air Force wants to target APTs with transparent computing
MIT researchers will explore a new approach to defending against advanced persistent threats under a $7 million contract.
The recently disclosed hacks of Office of Personnel Management databases, including information on military and intelligence personnel applying for security clearances, was detected by the federal government’s intrusion detection systems called Einstein, but not before the records of as many as 18 million people were breached.
The attackers—reportedly but not officially identified as from China—were able to lurk inside OPM’s systems for months, maybe longer, in a type of attack known as an Advanced Persistent Threat. APT has a fairly broad definition, but it generally refers to an ongoing, stealth attack of the kind often attempted against government and industry in search of personal information, intellectual property or classified documents. In style, APTs are the opposite of distributed denial of service attacks, which pretty much announce themselves with a bullhorn but cause more disruption than real damage. APTs try to stay under cover and mean harm.
The Air Force Research Laboratory now is joining the search to more effectively defend against APTs and other similar attacks through transparent computing. AFRL has awarded the Massachusetts Institute of Technology a $7.1 million contract aimed at identifying APTs, presumably more quickly than Einstein was able to.
Specifically, MIT researchers are to work on developing new ways of tagging and tracking activity on a network in order to distinguish the “low and slow” features of an APT from normal network activities.
Transparent computing is a forward-looking approach to what future computing environments could look like. In one sense it can mean that computers will be so pervasive that we won’t notice them—they’ll effective be invisible to us. In another sense, though, the term refers to computing environments whose inner workings are highly visible, with easily interchangeable parts.
It is in that second sense that AFRL and the Defense Advanced Research Projects Agency are pursuing transparent computing, with a particular focus on how visibility into a system can improve security.
Late last year, when DARPA announced its own Transparent Computing, or TC, program, researchers described current computer systems as “black boxes” that accept inputs and deliver outputs but don’t show much of what happens in between. Under that type of system, the malicious gremlins of APTs can sometimes hide out, too.
With the TC program, DARPA is looking to develop a multilayer data collection architecture and an analysis/enforcement engine that keeps track of a system’s components and any interactions between them. Getting a handle on normal systems activity would help identify activity that is out of order, such as that from an APT.
The Air Force seems to be on a similar track with the MIT award, although the posting of the contract announcement offered no other details.
Transparent computing is still a nascent idea, but it drawing interest, as evidenced by the fact that AFRL’s solicitation drew 51 offers. The contract with MIT covers work through August 2019.