Skip to Main Content U.S. Department of Energy
Information and Infrastructure Integrity Initiative

Vulcan: Improving Analyst Collaboration for Cyber Security

Principal Investigators: Glenn Fink, Joe Bruce

Purpose of research

  • Increase the speed with which cyber security analysts communicate to match that of their adversaries
  • Expand the domains where cyber security analysts communicate, beyond official channels to informal sources and even the queries they execute
  • Minimize the effort required for collaboration

Key idea

We wish to make collaboration among cyber security analysts effortless by increasing their ambient awareness of what other analysts are doing.

Discriminator

Most forms of collaboration require active user input. Our approach derives much of this information passively from the analysts' normal workflow.

Summary

By observing the questions cyber security analysts ask of their data and the other sources they commonly use to inform their work, Vulcan can inform the work of other analysts. The communication protocol can protect the identities and sensitivities of analysts and organizations involved. This enables rapid communication while protecting sensitive information and connecting the people who need to collaborate most. We strive to enhance collaboration by minimizing (1) the effort a required to provide shared information, (2) the effort required to use shared information, and (3) the risk associated with identifying the sources of information.

Project Management

Projects