Classified Threat Sensors
by Steve Weis, Amina Asim, and Aloni Cohen
Foreign nation-state cyberattacks against US-based companies create a national security risk and the potential loss of intellectual property. Yet industry and government struggle to engage in data-sharing that could mitigate these risks due to the sensitive nature of classified data. Recent developments in secure enclave technology could help companies and government act on classified intelligence without requiring declassification. This project recommends using secure enclaves to operate classified threat sensors on the servers of private companies. These threat sensors would be able to scan a company’s local security data for signs of cyberattack without revealing the company’s proprietary data, or the information that the sensors were searching for. The project recommends a measured rollout to pilot this new technology.
Click below to view the Classified Analysis of Network Attacks in a Restricted Execution Environment (or CANAREE) website, to view a short video on how CANAREE works, or to read a policy brief, operational plan, or grant proposal for implementing CANAREE.