Argonne pushes global adoption of Cyber Fed Model
- By Patrick Marshall
On the theory that more is better -- especially it comes to cyber threat information --scientists from the Argonne National Laboratory will be making a pitch at the World Economic Forum meeting that runs Jan. 23-26 for global adoption of its Cyber Fed Model for cybersecurity.
The Cyber Fed Model, developed by Argonne for the Department of Energy and launched in 2009, is a web-based platform for reporting and monitoring cyber threats and disseminating alerts through machine-to-machine information sharing. CFM creates "a uniquely customizable payload-agnostic communications framework that enables coordinated global defense through collective intelligence gathering and tactical information sharing," according to the lab.
That approach, lab officials said, decreases the costs of cyber defense and increases the costs to attackers.
At the WEF meeting in Davos, Switzerland, Argonne staff will offer attendees a simulated cyberattack on a U.S. city along with a demonstration of the largely automated cyber threat information sharing implemented in CFM.
According to Argonne's CFM Program Manager Scott Pinkerton, the key to the model's effectiveness is removing humans from the process. As demonstrated by the recent WannaCry ransomware attacks -- which exploited vulnerabilities in unpatched Windows operating systems -- counting on humans to communicate cyberthreats and implement fixes is likely to result in ongoing exposures.
CFM’s machine-to-machine communications means that as soon as a cyber threat is detected, it is transmitted immediately to the entire network within milliseconds. It was developed as part of DOE's Cybersecurity Risk Information Sharing Program that works with utilities to use sensors to monitor IT networks and share threat data in real time.
"We are looking at how to defend ourselves in the here and now," Pinkerton said. "This system is focused on providing operational benefits immediately."
Still, while CFM operates in near-real time and employs automated machine-to-machine communications, it does not automatically install patches or take other proactive measures. Instead, Argonne sees CFM as an information-sharing complement to security monitoring and responses performed by each organization’s security units.