Cyber Attack Protection via Crowdsourcing
In 2013, Imperva, a company providing information security products and services, published a study analyzing attack traffic against 60 web applications within the time period of January-March 2013. The study found that the sources of multiple attacks constitute a large percent of the total sources of attacks. For example, multiple target Remote File Inclusion (RFI) attackers generated 73% of the total RFI attacks. The study noted that the identification of sources of multiple attacks (e.g. an attacker or a tool that repeatedly attacks) can help organizations to adopt preventive measures against such sources.
This article proposes the creation of a global crowdsourcing platform (hereinafter, referred to as the “Platform”) that allows any Internet user to share information about sources of cyber attacks. After this information is processed, the Platform will provide its users with statistical reports identifying the sources of multiple attacks. Organizations will be able to use the reports to adopt preventive measures. Law enforcement authorities will be able to use the reports to identify attackers causing severe societal harm.
The Platform is described in more detail in Section 2. The building blocks of the Platform are provided in Section 3. Section 4 examines two disadvantages of the Platform. Section 5 discusses the role of governments for the creation of the Platform. In Section 6, a conclusion is drawn.
2. Overview of the Platform
The Platform needs to have two main characteristics, namely, a global character and the use of crowdsourcing. The Platform needs to have a global character because cyber attacks may be conducted from any country in which an attacker can access the Internet. The use of crowdsourcing will allow a large number of users to share information about cyber attacks.
It should be noted that there are existing crowdsourcing platforms that are used for sharing information related to various events. For example, the crowdsourcing platforms provided by Ushahidi, Inc., a Kenyan company, allows anyone with access to text messaging, email, Twitter, or the Web to share information in real time about anti-immigrant violence, crimes, corruption cases, natural disasters, and violations related to political elections. Fig.1 contains a screenshot of a crowdsourcing platform developed by Ushahidi, Inc.
Fig.1 A screenshot of a crowdsourcing platform developed by Ushahidi, Inc. Photo: whiteafrican, www.flickr.com
Similarly to the platforms developed by Ushahidi Inc., the Platform needs to visualize the collected information on an interactive map. This will allow organizations and law enforcement authorities to take into account the geographical locations of the cyber attacks. The Platform can be designed in such a way as to display only sources which attacked a certain number of times. This will allow organizations to focus their preventive measures on major sources of multiple attacks.
It should be noted that the Platform may not only allow organizations to receive and share information about sources of multiple cyber attacks, but also may allow these organizations to contact each other and exchange information about the nature of the sources. Thus, the Platform will be a tool for finding organizations that can be interested in cooperating in order to prevent cyber attacks.
3. The building blocks of the Platform
A framework describing the building blocks of the Platform will provide a better understanding of the Platform. Because the framework provided by Malone, Laubacher, and Dellarocas is used to describe the building blocks of crowdsourcing systems, it can be used to describe the building blocks of the Platform.
The framework established by Malone, Laubacher, and Dellarocas consists of four building blocks. The term “building blocks” refers to elements that are common to any crowdsourcing system. These building blocks can be regarded as the “genes” of the crowdsourcing systems.
The framework of Malone, Laubacher, and Dellarocas consists of the following building blocks:
(1) Staffing (the people participating in the system).
(2) The incentives that motivate the people to participate in the system.
(3) The goal that the system aims to achieve.
(4) The organizational structure and process of the system.
The four building blocks are classified by using two pairs of related questions. Pair 1 is focused on staff and incentives. Pair 2 is focused on the goal and how it is achieved.
Pair 1: Who is performing the task? Why are they doing it?
The answer of the question “Who” refers to the crowd and, more particularly, the organizations having information about information security incidents. Reliance on the crowd is a central feature of crowdsourcing systems. The answer of the question “Why” refers to the incentives motivating the members of the crowd to participate in crowdsourcing systems. In the context of the Platform, the incentives can be, for example, the sense of service to the community or avoidance of legal sanctions.
Pair 2: What is being accomplished? How is it being done?
The answer of the question “What” refers to the goals of the crowdsourcing systems. The goal of the Platform will be to provide organizations with information allowing them to defend against cyber attacks. The answer of the question “How” refers to the organizational structure and process of crowdsourcing systems. The creators of the Platform will need to answer various questions related to the structure and process of the platform. Such questions include: What information related to information security incidents will need to be reported through the Platform? What information will be publicly displayed? How many sources of attacks will classify an attack source as a “source of multiple attacks”?
Fig. 2 contains a graphical representation of the four building blocks.
Fig. 2 The four building blocks of the platform
The framework developed by Malone, Laubacher, and Dellarocas indicates that crowdsourcing is not merely a process that happens randomly, but a process that can be customized. The customization of the crowdsourcing process allows companies to match the right crowdsourcing process to their specific organizational needs.
4. Disadvantages of the Platform
The Platform may have two main disadvantages. Firstly, the Platform can allow the attackers to hide from the law enforcement authorities. Secondly, the information published by the Platform will provide other potential attackers with information that can be used by them to conduct information security attacks. These two disadvantages are examined in Sections 3.1 and 3.2, respectively.
3.1 Hampering the law enforcement authorities
The information shared through the Platform may be used by the attackers in order to hide their activities. For example, when the Platform shows to the attacker that his malicious software is regarded as a “source of multiple attacks”, the attacker may release a new version of the malicious software. The Platform will not detect the new version until it is used for multiple attacks. This can hamper the law enforcement authorities in their efforts to identify the attacker.
3.2 Providing information that can be used for conducting cyber attacks
If a potential attacker notices that certain malicious software is used for conducting a large number of information security attacks, he/she may decide to use the software because of its popularity. This “free advertisement” of malicious software can lead to an avalanche of attacks conducted by different attackers using the same software.
5. Role of governments for the creation of the Platform
Governments will have a very important role for the creation of a Platform. In particular, they will need to either incentivise or oblige organizations to use the Platform. For example, governments can provide incentives for sharing information about cyber attacks, endorse information sharing initiatives, and adopt legislative acts obliging the companies to share information about cyber attacks.
It should be noted that the US and the UK governments already stimulate the sharing of information concerning cyber attacks. In February 2013, President Obama issued Executive Order 13636 entitled “Improving Critical Infrastructure Cybersecurity”. Section 4 of the Order states that: “It is the policy of the United States Government to increase the volume, timeliness, and quality of cyber threat information shared with U.S. private sector entities so that these entities may better protect and defend themselves against cyber threats.”
In March 2013, the UK government launched the Cyber Security Information Sharing Partnership (CISP). The CISP facilitates the sharing of information on cyber threats with the aim to make UK business more secure. The CISP implemented a key component of the UK’s cyber security strategy. The CISP includes the introduction of a “collaboration environment” allowing government and industry partners to exchange information related to information security incidents. The CISP is based on the experience acquired by the UK government during a pilot scheme launched by the UK Prime Minister. The pilot scheme included over 160 companies across a variety of sectors.
Crowdsourcing is already used for reporting and making publicly available information about various events ranging from anti-immigrant violence to natural disasters. Companies producing crowdsourcing platforms for sharing information about events, such as Ushahidi, Inc., have acquired in a short time extensive expertise about the operation of such platforms. Therefore, the development of the Platform needs to be based on the existing expertise in the field.
Besides that, the Platform needs to mitigate the drawbacks related to sharing information about information security incidents and, in particular, the use of the information to prevent criminal investigations and the use of the information for conducting information security attacks. The Platform should be designed in such a way that the value of sharing information related to security incidents outweighs the value of keeping this information in confidence.
Finally, governments will have an important role for the success of the Platform. By incentivising the sharing of information about security incidents through the Platform or making the sharing of such information mandatory, governments will demonstrate the importance of the Platform.
- Affeldt, B., “Aspects and potentials of Crowdsourcing“, Grin Verlag, 2012.
- Bell, D., “The Crowdsourcing Handbook: The How to on Crowdsourcing, Complete Expert’s Hints and Tips Guide by the Leading Experts, Everything You Need to Know About Crowdsourcing“, Emereo Pty Limited, 2009.
- Brabham, D., “Crowdsourcing“, MIT Press, 2013.
- Crowe, A., “Leadership in the Open: A New Paradigm in Emergency Management“, CRC Press, 2013.
- Gigler, B., Bailur, S., “Closing the Feedback Loop: Can Technology Bridge the
- Accountability Gap?“, World Bank Publications, 29 May 2014.
- “Government launches information sharing partnership on cyber security”, Press release, UK Government, 27 March 2013. Available on https://www.gov.uk/government/news/government-launches-information-sharing-partnership-on-cyber-security .
- Hsu, D., Marinucci, D., “Advances in Cyber Security: Technology, Operation, and Experiences“, Fordham University Press, 2013.
- Imperva, “Hacker Intelligence Initiative, Monthly Trend Report # 16”, April 2013. Available on www.imperva.com/download.asp?id=394 .
- Malone, T., Laubacher, R., Dellarocas, C., “Harnessing Crowds: Mapping the Genome of Collective Intelligence”, Center For Collective Intelligence, Massachusets Institute of Technology, Working Paper No 2009-001, February 2009.
- “Improving Critical Infrastructure Cybersecurity”, Executive Order 13636 issued by the President of the United States of America, 19 February 2013. Available on www.gpo.gov/fdsys/pkg/FR-2013-02-19/pdf/2013-03915.pdf
- Poremba, S., “Using Crowdsourcing to Improve Security”, ITBusinessEdge, 6 May 2013. Available on http://www.itbusinessedge.com/blogs/data-security/using-crowdsourcing-to-improve-security.html .
- Savage, J., McGoun, C., “Technology, Culture and communication“, Taylor & Francis, 2013.
- Shiffman, G., Gupta, R., “Crowdsourcing Cyber Security: A Property Rights View of Exclusion and Theft on the Information Commons”, 7 International Journal of the Commons 92, 2013.
- Sloane, P., “A Guide to Open Innovation and Crowdsourcing: Advice from Leading Experts in the Field“, Kogan Page Publishers, 2011.