What are the best data sources to use when evaluating a cyber-attack?
Specifically, IARPA wants to increase its understanding of current structured databases (which report on cyber-attacks with minimal latency between the cyber event and the follow-up report); real-time enterprise data (such as host logs, security application alerts and help desk tickets that cover the period of a cyber event; and ground truth data (which would be suitable for training purposes) within different industries?
IARPA’s request for information, which was published on March 4 and requires responses by April 2, asks a series of questions, including:
- Which existing structured databases report on cyber-attacks?
- What real-time data is most relevant to characterize a cyber-attack?
- Are there good test cases (from specific industries or organizations) for which data are available?
- What organizations provide “base rates” for cyber events within different industries?
- Is there a large organization (with more than 5,000 users) that would work with a sponsored research program to provide data that could be used as a real-world test case?
IARPA invites submissions from interested parties, which should consist of a one-page cover letter, a half-page executive summary and a description of the technical challenges of no more than five pages.
Further information is available from Dewey Murdick, of IARPA, at firstname.lastname@example.org.