Scroll Top

DATA & METRICS

DATA & METRICS

DATA & METRICS

Data is the foundation of the science of Cyber Public Health. The challenge is that, even compared to the 19th century pioneers of public health and epidemiology, we have very limited access to the kind of consistent, large scale data necessary to study collective risk.

CyberGreen is committed to solving the data problem through collaboration with partners around the world and investing in the collection of publicly observable data. This data combined with meaningful metrics and scoring systems will enable experts to evaluate the effectiveness of mitigation strategies, identify the wider determinants of cybersecurity risk, and predict future outcomes.

“Without the aid of statistics nothing
like real medicine is possible.”

Pierre Charles Alexandre Louis

“Without the aid of statistics nothing
like real medicine is possible.”

Pierre Charles Alexandre Louis

“Without the aid of statistics nothing
like real medicine is possible.”

Pierre Charles Alexandre Louis

STATISTICS

CyberGreen currently conducts five whole-internet scans per week to assess the potential impact of DDoS attacks from open services. Our data includes weekly scans of DNS, NTP, SNMP, SSDP, and CHARGEN and can be downloaded for use by other researchers.

STATISTICS

CyberGreen currently conducts five whole-internet scans per week to assess the potential impact of DDoS attacks from open services. Our data includes weekly scans of DNS, NTP, SNMP, SSDP, and CHARGEN and can be downloaded for use by other researchers.

STATISTICS

CyberGreen currently conducts five whole-internet scans per week to assess the potential impact of DDoS attacks from open services. Our data includes weekly scans of DNS, NTP, SNMP, SSDP, and CHARGEN and can be downloaded for use by other researchers.

Date_Metrics_bottom
INTERNET INFRASTRUCTURE
HEALTH METRICS FRAMEWORK

The Internet Infrastructure Health Metrics Framework (IIHMF) is a set of models and metrics for measuring the “public health” of internet infrastructure. It will allow nations to measure their overall risk, understand how it changes over time, and take steps to mitigate that risk for their citizens.

Date_Metrics_bottom
INTERNET INFRASTRUCTURE
HEALTH METRICS FRAMEWORK

The Internet Infrastructure Health Metrics Framework (IIHMF) is a set of models and metrics for measuring the “public health” of internet infrastructure. It will allow nations to measure their overall risk, understand how it changes over time, and take steps to mitigate that risk for their citizens.

INTERNET INFRASTRUCTURE
HEALTH METRICS FRAMEWORK

The Internet Infrastructure Health Metrics Framework (IIHMF) is a set of models and metrics for measuring the “public health” of internet infrastructure. It will allow nations to measure their overall risk, understand how it changes over time, and take steps to mitigate that risk for their citizens.

Date_Metrics_bottom

FAQ

Our most ambitious project is the Internet Infrastructure Health Metrics Framework (IIHMF). The IIHMF is a set of models and metrics for measuring the “public health” of internet infrastructure. It allows nations to measure their overall risk, understand how it changes over time, and take steps to mitigate that risk for their citizens. CyberGreen scans the internet to detect those risks and bring attention to them.

CyberGreen currently scans the following services:

DNS 53
NTP 123
SNMP 161
SSDP 1900
CHARGEN 19
TLS 443
SMTP 25, 465, 587, 2525

 

We publish statistics for the first five services listed above. Please visit our stats site to learn more.

CyberGreen scans the Internet to detect vulnerabilities that exist within the cyber ecosystem in an effort to compile data and statistics regarding the state of global Cyber Public Health. The cyber ecosystem is composed of any device which connects to the Internet, for example, but not limited to: clients, servers, virtual instances, embedded systems, and the Internet of Things. At CyberGreen, our work hinges on high quality, reliable data to enable us to provide the most accurate measurements and visualizations.

In the past, some data sets had been highly volatile, with a large replacement rate for IP addresses in consecutive scans. At that time, we identified a need to cross-reference multiple data sources, as different techniques provide different results. Hence, the start of our in-house scanning in 2017. And while this sort of data, in its essence, will always be imperfect, CyberGreen seeks to better understand and analyze the imperfections rather than to rely on assumption.

By conducting our own scans at CyberGreen, we can hold true to our value of transparency by devising our own scanning method and publishing that method for the broader community. By doing so, our hope is to elicit feedback and maintain trust as we endeavor to make the cyber ecosystem a healthier place for the global good.

  1. CyberGreen conducts seven internet scans per week, each of which focuses on a different service (DNS, NTP, SNMP, SSDP, CHARGEN, TLS, and SMTP).
  2. CyberGreen does not scan unscannable space (e.g., RFC 1918 addresses, multicast or future use addresses
  3. CyberGreen does not scan addresses which have opted out of scanning
  4. The addresses are assigned fixed DNS names of the form scannerX.scanning.cybergreen.net, where X is a number.
  5. CyberGreen does not publicly release individual host vulnerability information; we publish aggregate information as shown on https://stats.cybergreen.net.

Over time, our intent is to add more scans to this set to identify other vulnerabilities and risk. Our intention is not to cause disruption to networks. As always, CyberGreen values the engagement of the community to help us move forward in the most constructive and unobtrusive way.

Our engagement policy lays out the following principles:

  1. CyberGreen’s constant goal is gold standard — where the standards exist, follow them. Where the standards don’t exist, define them. This includes both research and community engagement. We are, after all, committed to helping the community.
  2. CyberGreen seeks community involvement. The accuracy and quality of our data requires buy-in and cooperation from the scanners. The more actively they are involved, the better. If you are scanning the Internet, contact us about data partnership.
  3. CyberGreen will always be crystal-clear in communicating our intents, and in following the intents of those we engage with. In particular, if your organization wants to not be scanned by CyberGreen, we actively encourage you to contact us via our opt-out form rather than blocking our scanners. Blocking the scans introduces false negatives, as we cannot distinguish between a policy decision to protect the network and the absence of vulnerable hosts.

CyberGreen’s engagement policy is focused on providing the rest of the Internet a clear understanding of our goals, access to our data, and a mechanism for positively supporting or disengaging from our efforts.

We are currently working on collecting data and producing metrics for additional components as part of our comprehensive IIHMF project. In the meantime, CyberGreen has published metrics for calculating the risk that five open services pose. We focus on open DNS, NTP, SNMP, SSDP, and CHARGEN services.

Version 2.0 – Risk to Others
simple counts | weight j = 1 ∀ j

Version 2.0 reports a crude measure of DDoS risk to others by country, by Autonomous System (AS), and by such alternate entities (e.g., enterprises) as seem relevant. That crude measure is the count of nodes within the scope of control of the country, the AS, or the entity otherwise defined that have the configuration that allows them to participate in a DDoS. The count will be reported by protocol and in sum across all four protocols. Countries, ASs, and alternate entities will be ranked by the count of nodes available to the operator of a DDoS amplification attack, i.e.,a rank of 1 is that of the highest risk. It is that rank that is the v2.0 CyberGreen Index value.
In short, the v2.0 CyberGreen Index equates risk to others to the size of unmet mitigation tasks required to zero the country’s, the AS’s, or the alternate entity’s risk to others.

Version 2.1 – Offensive Potential
+ amplification factor | weight j = AF j

CyberGreen’s v2.1 metrics report risk to others in terms of “How bad could it be?” This means that CyberGreen v2.1 metrics factor in the scale potential for amplification by protocol by node. Whereas the v2.0 Index is a rank order by the size of the unmet mitigation need, the v2.1 Index is a rank order by the size of the DDoS that could be mounted from the country, the AS, or the alternate entity should all of their nodes currently available to attackers were to be used in a single attack. In short, the v2.1 Index measures “offensive potential” — with the obvious caveat that we do not mean intentional offense but rather the degree to which the country, the AS, or the alternate entity can be made to engage in offense whether it wanted to or not.

Note: This formula for offensive potential does not take into account maximum upstream speeds of the observed unit.

At the moment, our focus is on measurement rather than mitigation. At a high level, for open services, we suggest the following:

For systems developers: Default configurations should not ship with services open unless needed.

For systems operators: There should be processes in place for checking deployed configurations and turning off unneeded services. There should also be mechanisms to detect potential abuse or abnormal behavior such as traffic volume monitoring.

For more details, please contact us.

CyberGreen is committed to being compliant with GDPR. Our compliance efforts have been certified by the Institute for Social Internet Public Policy (ISIPP).

While the purpose of our scans is benevolent in nature, CyberGreen recognizes and respects the rights of users who wish to opt out of the process. If you wish to opt out CyberGreen’s scans, please use our opt-out form. If you want to talk with us about our scans, please contact us.

Opt Out of CyberGreen Scanning

CyberGreen helps policy makers and Computer Security Incident Response Teams (CSIRTs) focus their remediation efforts on key systemic risks; to help understand where improvements can be made and how, together, we can achieve a more sustainable, secure, and resilient cyber ecosystem.

If you would not like CyberGreen to scan your IP address or range of addresses, please complete this form. We require a valid email address linked to the IP to verify ownership of the address. Generally, an IP address will be removed within 24 hours (unless otherwise specified).

If you require further help to remove your IP address from CyberGreen scanning, please contact us.

    Privacy Preferences
    When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.

    PRIVACY POLICY

    CyberGreen (“us”, “we”, or “our”) operates the CyberGreen website (the “Website Service”).

    This page informs you of our policies regarding the collection, use and disclosure of Personal Information when you use our Website Service.

    We will not use or share your information with anyone except as described in this Privacy Policy.

    We use your Personal Information for providing and improving the Website Service. By using the Website Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Use, accessible at https://www.cybergreen.net.

    MANUAL INFORMATION COLLECTION AND USE

    While using our Website Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information (“Personal Information”) may include, but is not limited to:

    • Name
    • Email address
    • Affiliation
    • Internet Protocol (“IP”) address/range (if requesting opt out from CyberGreen scans)

    BROWSER INFORMATION (LOG DATA)

    We collect information that your browser sends whenever you visit our Website Service (“Log Data”). This Log Data may include information such as your computer’s IP address, browser type, browser version, the pages of our Website Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.

    COOKIES

    Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.

    We use cookies to collect, store, and/or correlate information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Website Service.

    SERVICE PROVIDERS

    We may employ third-party companies and individuals to facilitate our Website Service, to provide the Website Service on our behalf, to perform Website Service-related services or to assist us in analyzing how our Website Service is used.

    These third parties have access to your Personal Information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

    SECURITY

    The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.

    LINKS TO OTHER SITES

    Our Website Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

    We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

    CHILDREN’S PRIVACY

    Our Website Service does not address anyone under the age of 18 (“Children”).

    We do not knowingly collect personally identifiable information from children under 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us. If we discover that a child under 18 has provided us with Personal Information, we will delete such information from our servers immediately.

    COMPLIANCE WITH LAWS

    We will disclose your Personal Information where required to do so by law or subpoena.

    CHANGES TO THIS PRIVACY POLICY

    We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

    You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

    CONTACT US

    If you have any questions about this Privacy Policy, please contact us.

    TERMS OF USE

    The CyberGreen Institute (“CyberGreen”) Is a non-profit, charitable organization dedicated to the creation and dissemination of metrics measuring the Cyber health of networks along with related data, metrics, and analysis. We also assist network operators with the adoption of Cyber hygiene best practices and risk remediation. A big part of our mission is the collection, calculation, and public distribution of our CyberGreen Index. The CyberGreen Index and the other data that we publish on this website is released under the Affero General Public License (version 3) (the “License”). The use of License ensures that our data remains freely accessible and freely useable by members of the public. (In rare circumstances, we may use another license to distribute data, in which case the specific data set will not be available without a click-thru notice specifying the specific license that applies.)

    We do ask that you cite us properly in any academic work as the source for anything that you take from this website. If you are a commercial firm and wish to incorporate our data into a commercial product, you must acknowledge CyberGreen as the source of the data that you used and provide your customers with a link to this website with simple instructions on how to find the data that you took from our site.

    We do not publish personally identifiable information (PII) or other information that implicates third party privacy rights. CyberGreen is committed to being compliant with GDPR. Our compliance efforts have been certified by the Institute for Social Internet Public Policy (ISIPP).

    TERMS OF USE

    The CyberGreen Institute (“CyberGreen”) Is a non-profit, charitable organization dedicated to the creation and dissemination of metrics measuring the Cyber health of networks along with related data, metrics, and analysis. We also assist network operators with the adoption of Cyber hygiene best practices and risk remediation. A big part of our mission is the collection, calculation, and public distribution of our CyberGreen Index. The CyberGreen Index and the other data that we publish on this website is released under the Affero General Public License (version 3) (the “License”). The use of License ensures that our data remains freely accessible and freely useable by members of the public. (In rare circumstances, we may use another license to distribute data, in which case the specific data set will not be available without a click-thru notice specifying the specific license that applies.)

    We do ask that you cite us properly in any academic work as the source for anything that you take from this website. If you are a commercial firm and wish to incorporate our data into a commercial product, you must acknowledge CyberGreen as the source of the data that you used and provide your customers with a link to this website with simple instructions on how to find the data that you took from our site.

    We do not publish personally identifiable information (PII) or other information that implicates third party privacy rights. CyberGreen is committed to being compliant with GDPR. Our compliance efforts have been certified by the Institute for Social Internet Public Policy (ISIPP).

    TERMS OF USE

    The CyberGreen Institute (“CyberGreen”) Is a non-profit, charitable organization dedicated to the creation and dissemination of metrics measuring the Cyber health of networks along with related data, metrics, and analysis. We also assist network operators with the adoption of Cyber hygiene best practices and risk remediation. A big part of our mission is the collection, calculation, and public distribution of our CyberGreen Index. The CyberGreen Index and the other data that we publish on this website is released under the Affero General Public License (version 3) (the “License”). The use of License ensures that our data remains freely accessible and freely useable by members of the public. (In rare circumstances, we may use another license to distribute data, in which case the specific data set will not be available without a click-thru notice specifying the specific license that applies.)

    We do ask that you cite us properly in any academic work as the source for anything that you take from this website. If you are a commercial firm and wish to incorporate our data into a commercial product, you must acknowledge CyberGreen as the source of the data that you used and provide your customers with a link to this website with simple instructions on how to find the data that you took from our site.

    We do not publish personally identifiable information (PII) or other information that implicates third party privacy rights. CyberGreen is committed to being compliant with GDPR. Our compliance efforts have been certified by the Institute for Social Internet Public Policy (ISIPP).