Johns Hopkins University Applied Physics Laboratory (APL) and the Financial Services Information Sharing and Analysis Center (FS-ISAC) launched efforts to operationalize the Integrated Adaptive Cyber Defense (IACD) framework for cybersecurity automation, orchestration and information sharing.
The initiative will enable companies to improve the ability to quickly and broadly share information and prevent and respond to cyberattacks. Developed by APL in collaboration with the financial industry under sponsorship of the Department of Homeland Security (DHS), IACD showed reductions in the time needed to detect and respond to cyber events, while increasing cyber investigation capacity.
The IACD framework helped reduce investigation and response time from 11 hours to 10 minutes. In some instances, the time for pre-approved responses was down to one second. IACD also enabled an operations team handling 65 events per day to automatically process up to 95 events at the same time.
IACD focuses on combining and coordinating commercial technologies in new and adaptable ways to respond to cyber-threats. The IACD framework provides a path to expand the speed and scale of existing cyber-defenses through adjustable use of automation combined with enhanced support to operators. It defines a set of services and information allowing defenders to selectively:
• Interconnect multiple sources of information
• Automate risk determinations and the decision to act
• Synchronize incident responses to assure business continuity
• Automatically share with and derive knowledge from communities of trust
Collaboration with the financial sector on IACD operationalization will allow critical national infrastructure members in the private sector to leverage existing technologies to improve security and resilience.
APL integrated over 50 commercially available security and information technology management products, information feeds and cybersecurity services into the IACD framework. In 2016, APL provided technical assistance and consultation to the first financial institution implementation of IACD.
“This partnership represents the scaling and adoption of the IACD framework,” said Wende Peters, APL’s Principal Technical Lead for Integrated Cyber Defense and lead of the IACD initiative. “Enabling a critical infrastructure sector to leverage scalable, adaptive defenses is a natural extension of our role as a university-affiliated research center – ensuring that challenges crucial to national security are addressed.”
Following the success of these initial public-private partnerships, the FS-ISAC endorsed expanding IACD implementation. FS-ISAC expects to use IACD-based concepts and incorporate feedback from member financial services companies into the program. FS-ISAC provides the protocols and controls that enable its members to properly share information, typically anonymously. Information flows between members and remains within the sharing community.
“FS-ISAC is committed to advancing the IACD framework to help our members get actionable threat intelligence quickly,” said Bill Nelson, president and chief executive of the FS-ISAC. “The financial sector continues to make significant investments in security and resilience. This framework helps make global information sharing more efficient for our members; when adopted it will help members become more responsive and more secure.”
With this expanded collaboration, APL will provide trusted technical assistance to FS-ISAC and its participating financial institutions. The IACD team will also continue to evolve the framework through experimentation and collaboration across industry, critical infrastructure sectors, government and academia.