Home  /  Empower and Protect  /  Cybersecurity is like a snowstorm, or not.

Cybersecurity is like a snowstorm, or not.

By Rick Tracy •  February 11, 2014

When the forecast for a snowstorm — or a cyber event — ranges between nothing and a disaster, it isn’t really a forecast at all.  It is a bad guess.

This has been an interesting winter.  There have been lots of snowy forecasts, many of which failed to live up to their billing.  As I write this post there is yet another forecast for perhaps somewhere between zero and 24 inches of snow scheduled to start less than 48 hours from now.

How is that forecast helpful? When the range of possibility is somewhere between nothing and a disaster or when forecasts are wrong more than they are right, they aren’t forecasts at all.  They are bad guesses.  The truth is, when it comes to snow, we don’t know what’s going to happen until it happens. It’s all a big guess. This winter has proven that.

When you think about it, that’s where we are with cybersecurity.  We have just enough threat and vulnerability data to know that something bad could happen, but we don’t have the ability to predict, when, where, or how bad an event will be. We deal with cyber events after the fact… once the damage is done… after the bad guys are in.  Alternatively, as happens with snow forecasts, sometimes we sound the alarm for a cyber event that doesn’t happen.  Such false alarms can be disruptive and can cause people to ignore legitimate warnings.

Big data and analytics could give us the ability to radically change our current cybersecurity strategies by allowing us to move beyond purely reactive behavior to be more predictive and enable us to implement preventative solutions in a proactive manner. To achieve this it will be necessary to harness vast amounts of security-related data very quickly in order to recognize meaningful patterns and trends that could be indicators of clear and present danger, rather than low probability guess-work.

The ability to anticipate cybersecurity events with a high degree of accuracy will be very valuable as it will give us the ability to recognize legitimate threats and prevent them from happening, instead of reacting to such events after they occur, or overreacting to non-events.

Now, let’s see what happens with this snow storm. The forecast is somewhere between 0 and 24 inches.  Plan accordingly.

Rick Tracy

Rick Tracy is the senior vice president and chief security officer at Telos Corporation. Follow him on Twitter: @rick_tracy See full bio...

The Empower and Protect Blog brings you cybersecurity and information technology insights from top industry experts at Telos.


  • James Madison says:

    Are you kidding. This makes absolutely no sense at all. You can predict a storm, you can not predict an attack. I am surprised someone even let you post this.

  • Rick Tracy says:

    James: Thanks for taking the time to comment. Government and industry research into these capabilities — such as predictive analysis and others — has been ongoing for more than a decade. As recently as this past month, researchers at the University of Michigan revealed a mathematical model that experts believe could provide an understanding behind the strategy and timing of attacks and help predict the “next move” in cyber conflicts.

    We may never have the ability to predict the exact time and place of a cyber attack, and I didn’t claim that those capabilities exist today. (The fact that they don’t exist was actually the point of the post, which is why I wrote about them in future tense.) But thanks to advances in Big Data and analytics, we are making (and will continue to make) great strides in our ability to anticipate and counter cyber threats.

    Thanks again for your comment.


  • John Williams says:

    Proven methodologies are highly likely to predict cybersecurity events. These methodologies have been successful for decades in a variety of applications, notably by NSA to decrypt enemy communications. The methodologies have been successful when the enemy regularly changes coding methods, just as today’s cyber criminal regularly changes attack profiles.

  • Rick Tracy says:

    John, thanks for your post. It will be interesting to see what’s possible by combining proven methodologies, like those you refer to, with emerging Big Data and Analytics technologies. Anticipating with accuracy will be much better than reacting to crises. Thanks again for taking the time to comment.

  • Darrel Lowery says:

    James – As Rick points out, “predicting” an attack is not 100% and should be used to prepare for not just one potential attack but for all identified potential threats than could become reality given the intelligence and known vulnerabilities. Great military leaders (e.g., Gen Patton) have ‘predicted’ attacks and prepared their contingencies accordingly for thousands of years…they just didn’t have “predictive analytics” as a tool like we do today. Their success was based on preparing for more than one outcome, which is another way to say they “predicted” what their enemy would do. Today’s predictive analytics will do the same in near real time and enable an enterprise to overcome enemies because they are better prepared, not because they are good fortune tellers.

  • Rick Tracy says:

    Darrel, thanks for the insightful comment.

  • Rick Tracy says:

    Here is a link to more information about how Big Data can benefit Cybersecurity. Let’s keep the dialog going! http://fcw.com/articles/2014/0

  • Darrel Lowery says:

    Rick, timely article and I concur; however…I would expand on Mr. Boyle’s comment “Enhancing our ability to analyze data in motion can provide faster insight…” true but we should not just focus big data analytics on “data in motion.” If you refer to Dan Sherman’s thread – http://multimedia.telos.com/bl…, the example discusses processes and tools to stop cyber threats using real-time analytics (supporting the focus on data in motion), but there is also a use case in this example of analytics applied to static data – in this case supply chain risk management (SCRM) data associated with vendors.

    There are significant big data rewards and challenges here as well even though it is not ‘real time’ analytics. For example, think about the paper trail associated with vendor relationships and consider the structured and unstructured data sources and systems where you manage your supply chains. Performing predictive analytics on such data sources can be even more productive in determining potential threats (e.g., identifying Target’s HVAC vendor as having weak enterprise security). And, mitigating such threats before an actual real time threat is underway is truly ‘predicitve analytics’. The challenge here is that a single network tool cannot assess potential threats across disparate data sources and formats and requires more sophisticated algorithms, semantic inferencing and other techniques applicable to unstructured data.

Leave a Reply

Your email address will not be published.

3 × two =