IARPA’s new idea to stop cyber threats before they happen

A new program from IARPA plans to measure cyber threats the same way people monitor disease outbreaks or political upheaval.

If the past 18 months have taught us anything, it’s that the sooner organizations figure out they’ve been breached, the less damage they will have to mitigate.

Under a new program from the Intelligence Advanced Research Projects Agency, the government wants to detect attacks before there is any damage.

IARPA released a broad agency announcement Friday for its Cyber-attack Automated Unconventional Sensor Environment, or CAUSE, program, which looks to detect the warning signs of a cyber attack before one is carried out.

The agency is looking for a system that harnesses public data similar to what’s used to detect early signals of disease outbreaks or political upheaval. The program will research various detection models that focus on external sensors – behavioral, cultural, social, economic and other forms of publicly available data – as well as internal data from various organizations that is already used to detect malicious activity. CAUSE will explore how to combine external and internal data into what IARPA calls “unconventional sensors,” or what it says is “data not typically used in practice today for cybersecurity (at least not in the way the data was originally intended) and may come from non-typical disciplines that can be applied to the cybersecurity domain.”


The goal of the multiyear, multiphase project is to pinpoint what attacks will affect what organizations or industry segments before criminals can act.

“Detection typically occurs in the later phases of an attack and analysis often occurs post-mortem to investigate and discover indicators from earlier phases,” IARPA writes in the BAA. “Observations of earlier attack phases, such as target reconnaissance, planning, and delivery, may enable warning of significant cyber events prior to their most damaging phases.”

Officials would welcome anything to speed up the detection process. According the Mandiant, the average time it takes organizations to detect intrusions is 205 days. For example, when hackers first breached Office of Personnel Management databases in November 2013, officials didn’t detect it for nearly six months.

A key portion of the program will focus on the elimination of any manual processes. The program is expected to have automated warning generation, as well as the ability to explain “in natural language” what led to the warning being generated.

IARPA expects the program to begin in February 2016 and last 3 1/2 years. The agency is taking solicitations until Sept. 14.


See the full BAA on FedBizOpps.Gov.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts