NITRD Panel: Big Data for Security - Can We Improve Security and Preserve Privacy?

Moderator: Tomas Vagoun, PhD, Cybersecurity and Privacy R&D Technical Coordinator, Federal Networking and IT R&D Program (NITRD)  SLIDES

Panelists:
Dr. Joshua Baron, Program Manager, DARPA  SLIDES
Jeremy Epstein, Deputy Division Director, NSF  SLIDES
Dr. Steven King, Deputy Director, Cyber Technology, Office of the Assistant Secretary of Defense  SLIDES
Scott Tousley, Deputy Director, Cyber Security Division, DHS S&T 

Abstract:
The use of big data analytics for monitoring and detecting malicious activities within enterprise networks and systems is increasingly becoming a key element in achieving cyber resilience. The core of this approach relies on the ability to identify changing use patterns, execute complex analysis in near real time, perform correlations across a variety of data sources, and interpret results in the context of a risk model and external threat intelligence. This is possible now due to the commoditization of the storage, computing hardware, and analytical frameworks capable of collecting, storing, and analyzing massive amounts of unstructured data in real time. The improvements in security and cyber resilience are convincing and the scale and reach of such techniques continues to grow. However, these improvements come with a price--the users' privacy is often at risk. Ensuring conformance to privacy norms, terms, and regulations is highly constrained in current big data analytics practices. In fact, current best practices for minimizing privacy risks continue to rely on the Fair Information Practice Principles, which exhort, for example, to minimize data collections and data use, to provide for individual participation and consent, and to be transparent about the data collection and processing activities that may put an individual's privacy at risk. What is clear though, is that the opportunity of making substantial improvements in security by utilizing big data analytics will be significantly abridged unless we can find ways to reduce and minimize negative effects on people’s privacy. Are the tensions between technological and social objectives irreconcilable or can both objectives be satisfied simultaneously?

The panel, consisting of program managers overseeing Federal Government’s cybersecurity and privacy R&D activities will discuss federal research efforts in advancing the use of big data analytics for security and in advancing privacy-preserving technologies and will attempt to reconcile the conflicting objectives.