The Information Marketplace for Policy and Analysis of Cyber-risk & Trust (IMPACT)
The Information Marketplace for Policy and Analysis of Cyber-risk & Trust (IMPACT) is an initiative from the US Department of Homeland Security (DHS) for enabling empirical data and information sharing between, and among, the global cyber security research and development (R&D) community in academia, industry and the government.
More specifically, IMPACT provides a distributed repository for cyber security/risk-assessment data and tools, supported by a streamlined, DHS-managed policy framework, and a centralized web gateway offering data-to-research matching, catalogue searching and social networking facilities. Taken as a whole, IMPACT seeks to address the various costs and challenges for building sustainable and scalable data sharing for cyber security R&D across a large spectrum of devices and systems.
IMPACT is the successor of PREDICT, which was initially established for US usage, but has since grown internationally to include Japan, UK, Israel, Canada, Netherlands, Singapore and Australia.
What does this mean for researchers in Australia?
With an IMPACT account, researchers in Australia would be able to access large volumes of data to conduct responsible cyber security R&D. The datasets can be used for verifying and validating existing cyber defence solutions, risk assessments, threat analysis, simulation, training, and more. IMPACT is currently used by many organisations in the US and other countries, including Japan, Canada and Israel. In some cases there are previous publications about existing datasets.
What kinds of data does IMPACT provide access to?
Visit the IMPACT website for the latest list of datasets available for download. There is a 'Search' button in the top right corner. Some examples include DNS, Netflow, IDS and traceroute data. New feeds are being added weekly and many are ongoing.
IMPACT datasets are community-created and distributed via a number of clearing houses, but the vast majority are available under single-banner licences and agreements. Datasets have several dissemination classifications, ranging from unrestricted to restricted. Those labelled as 'Restricted' have curated access. To obtain access, you need to apply and be vetted by a regional approver, normally a government department. The data itself is unclassified.
What is DST's role in IMPACT?
DST has signed an agreement with the US Department of Homeland Security to become the regional IMPACT Approval Coordinator (IAC) for Australia. DST is thus responsible for the appropriate vetting of IMPACT applicants within Australia, and has formed an IAC committee (AIACC) to execute this function.
The committee draws from DST's Cyber and Electronic Warfare Division. Suneel Randhawa, Ag/Research Leader for Cyber Assurance and Operations Branch, is the named Approval Coordinator and chair of the committee.
How do I access IMPACT datasets?
You can sign up via the IMPACT website. Account requests will come through to the Australian IAC Committee for assessment. Please ensure you nominate a POC who would be reachable and responsive via e-mail and phone for at least one to two weeks following your request.
Once DST's verification component is completed, the process will be continued and finalised by the US IAC team.
How can I contribute to IMPACT?
If you or your research team are interested in providing data for use by the broader cyber R&D community, please get in touch with us – the contact details of the Australian IAC Committee POC (delegate for the Approval Coordinator) are shown at the top right of this page.
For more detailed information on IMPACT, please refer to the DHS Cyber Security Division's IMPACT page.
