Home News Stories 2005 June Sharing Information Real-Time Stops Cyber Attacks
This is archived material from the Federal Bureau of Investigation (FBI) website. It may contain outdated information and links may no longer function.

Sharing Information Real-Time Stops Cyber Attacks

Sharing Information Real-Time
When It Comes to Stopping Cyber Attacks, That’s the Ticket


Cyber Incident Detection & Data Analysis Center logo

You know it...and we know it. Those pesky hackers and cyber villains can do a lot more than just create a little mischief. They can—and have—attacked what we call “major infrastructure”—hospitals, water systems, power grids, banks, 911 services, universities, transportation systems, etc. And that can cause big-time trouble for us all.

For example: two years ago, the “Slammer” computer worm temporarily shut down safety monitoring systems at a nuclear power plant in Ohio. Enough said.

But here’s the rub: 85 percent of these infrastructures are owned by private industry and state and local governments. To do our part in protecting these systems, it’s helpful for us to have real-time attack data from the agencies and organizations being targeted.

That’s why we’re pleased to be working with a new non-profit, private sector organization called CIDDAC. CIDDAC stands for Cyber Incident Detection & Data Analysis Center, and it began as a project of the Philadelphia chapter of InfraGard. It’s physically located at the University of Pennsylvania Institute for Strategic Analysis and Response.

What is CIDDAC and how will it work? CIDDAC is a cyber threat reporting system, centralizing information from participating organizations. Companies that join CIDDAC connect “Real-time Cyber Attack Detection Sensors,” or RCADSs, to their computer networks. If these networks are attacked, the sensors instantly send valuable forensic data to the CIDDAC operations center for analysis. CIDDAC personnel monitor the situation, analyze the data, and quickly send information to our cyber investigators and to the Department of Homeland Security when they notice criminal activity.

If you’re wondering about privacy and potential risks, please note: these sensors aren’t connected to critical network services or applications and proprietary data is not at risk. All participating agencies remain entirely anonymous to law enforcement unless they decide to voluntarily provide their identities. And CIDDAC only provides information to law enforcement when it thinks a crime is being committed.

The potential benefit of the CIDDAC model to the participants? They can find out about attacks hitting other networks and the business sector as a whole. They can also get trend analysis reports that help them better assess the actual risks to their networks and make more informed decisions about their network security needs.

The potential benefits to us? We can learn more about how and when attacks happen, which helps us more quickly identify, locate, and stop cyber threats.

Interested in joining this private sector initiative? Visit the CIDDAC website for membership details and more information on the center.