Major Sources of Data Characterizing the Cyberthreat
There are many sources of data characterizing the nature of the cybersecurity threat. The sources of data and analysis described in this box are (or are planned to be) updated on an ongoing (e.g., annual) basis. (In a few instances reports have been issued consistently for more than 10 years.) Sponsoring organizations include academic institutions, federal agencies, and a range of private-sector companies working either alone or in collaboration.
The first two sources listed here focus on the frequency of incidents and the type of attacks observable through the monitoring of Internet traffic. The others are surveys measuring the scope, impact, and cost of incidents to organizations and firms, although the purpose, scope, and methods of these surveys vary considerably.
CERT/CC Statistics: The Computer Emergency Response Team Coordination Center (CERT/CC) has collected statistics on vulnerabilities and incidents since 1988. CERT is a center of Internet security expertise located at the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. In addition to maintaining incident and vulnerability statistics, CERT/CC works with US-CERT to coordinate defense against and response to cyberattacks. Further information is available at http://www.cert.org/stats/cert_stats.html.
Symantec Internet Security Threat Report: First published in January 2002 by Riptech, Inc. (acquired by Symantec in July 2002), this report has been published twice annually since 2002, for a total of 10 reports. Using network data collected by sensors monitoring network activity globally, these reports summarize and analyze network attack trends, vulnerability trends, and malicious code trends. Metrics used to measure the “threat landscape” have continued to evolve along with the types of attacks. All of the reports are available at http://www.symantec.com/enterprise/threatreport/index.jsp.
E-Crime Watch Survey: This annual survey, started in 2004, is conducted by CSO (Chief Security Officer) magazine in cooperation with the U.S. Secret Service’s Electronic Crimes Task Force, CERT/CC, and Microsoft Corporation. The purpose of the survey is to identify electronic-crime trends and techniques and to gather data on their impact. The 2006 report is available at http://www.cert.org/archive/pdf/ecrimesurvey06.pdf.
FBI Computer Crime Survey: Conducted in 2005, the purpose of this survey is to “gain an accurate understanding of what computer security incidents are being experienced by the full spectrum of sizes and types of organizations within the United States.”1