Site Overview
IMPACT, the Information Marketplace for Policy and Analysis of Cyber-risk & Trust, is a community of providers and seekers of cyber-risk-relevant data, tools and analytics to inform policy and analysis of cyber-risk and trust. The distributed repository provides researchers, developers and evaluators with current and longitudinal empirical data relevant to cyber threat prevention, detection and mitigation R&D.

IMPACT's public pages offer an overview of the program, its participants and project areas, research publications that used IMPACT datasets, and allows access to the metadata catalogs.
The Data & Tool Matchmaking section displays information on:

  • FINDING data
  • USING Tools to enable data access, use and analysis
  • GETTING data and tools- which is to say, how to join IMPACT


  • For more detail on our matchmaking catalogs, see the next section below.

The Data and Tools (forthcoming) Catalogs are available from the IMPACT home page. You do not need an account to browse entries in the catalog, aka, 'goods in the marketplace'. However, you must hold an account on the IMPACT portal to be able to select data and tools to include in a request.

Available Data and Tools

IMPACT's metadata catalog lists data and tools available for use in research and development projects. Data providers submit metadata to the repository about the data/tools that they want to make available to approved researchers.

The Data Catalog is administered by Blackfire Technology, Inc. The datasets and tools themselves are stored at the various distributed, external hosting facilities of the Hosts and are transferred directly from the hosts to approved researchers.

Browse Data and Tool Catalog

Any portal user may browse the Data and Tool Catalog from the IMPACT Home page; however only researchers who hold an active IMPACT account may request data and tools.

You must log into the portal before you can select data/tools from the catalog and submit a request.

Catalog Organization

Datasets are grouped by class and organized by categories and sub-categories for each Data Provider. Metadata provides details regarding the data class, category, sub-category, datasets within the sub-category, a description of the data and restrictions on usage.

Data class is a designation chosen by a Data Provider to align data with terms and conditions for release and use and a sharing approval mechanism.

IMPACT has two sharing approval mechanisms: one is a click-through agreement between the ICC and the data requester; the other is a bilateral, signature-based agreement between the ICC and the data requester. The class of data you request determines the sharing mechanism you will use.

IMPACT currently uses three classes and associated sharing approval mechanisms and agreements: (1)Unrestricted (Non-Commercial, Commercial) via a click-through ToU; (2) Quasi-Restricted (Non-Commercial, Commercial) via a click-through ToU; and (3) Restricted via an MoA between the Researcher and ICC.

All Unrestricted data and tools may be used by approved Researchers without the approval of the relevant Provider(s). All Quasi-Restricted data and tools may only be used by Researchers upon the approval of the relevant Provider(s) and ICC. Restricted data requires approval by the relevant Provider(s) and the ICC.

The classes are defined as follows:

  • Unrestricted: Data and Tools in this class are released upon request after the click-through terms are agreed to by the requester and subject to the ICC's validation, through its application review process, that the data/tool requested are reasonably consistent with the stated use for the data in the request and the researcher's agreeing to the ToU.

  • Unrestricted Non-Commercial: Data and tools in this class are released for non-commercial use upon request after the click-through terms are agreed to by the requester and subject to the ICC's ensuring, through its application review process, that the data/tool requested are reasonably consistent with the stated use in the request.

  • Quasi-Restricted: Data and tools in this class are released upon request after the click-through terms are agreed to by the requester and subject to both the ICC's ensuring, through its application review process, that the data/tool requested are reasonably consistent with the stated use in the request, and the relevant Providers' approving the request.

  • Quasi-Restricted Non-Commercial: Data and tools in this class are released for non-commercial use upon request after the click-through terms are agreed to by the requester and subject to both the ICC's ensuring, through its application review process, that the data/tool requested are reasonably consistent with the stated use in the request and the relevant Providers' approving the request.

  • Restricted: Data and tools in this class require the execution of a written MoA by the requester with the ICC and approval from the relevant Data Provider(s). The MoA may contain additional terms and conditions specific to the Provider.
  • Categories group data by like kind and may contain data from more than one provider. Categories may contain multiple sub-categories. A sub-category may contain any number of relevant datasets from one provider. Data Categories are listed on the portal under Data Repository/Data Classes and Categories.

    The default view is all datasets from all classes. You may filter this view to browse the catalog using Advanced Search options. However, data may only be requested from one class at a time.

    Metadata Table
    Name Description

    Dataset Name

    Text name. Required to be unique in combination with a provider name. Researchers can use these tags for reference purposes and acknowledgment.

    Data Class Designation chosen by a Data Provider to align data with terms and conditions for release and use and a sharing approval mechanism.

    Data Category

    Descriptive name given to distinguish a general grouping of datasets.

    Data Sub-Category

    Descriptive name given to distinguish a particular grouping of datasets within a Data Category which have the same terms of use and which are described in an Attachment of the associated legal document. 

    Data Host

    The organization hosting the data.

    Short Description

    Brief description of the dataset.

    Long Description

    Lengthy description of the dataset.

    Data Structure

    Description of how data are stored.

    Keywords

    One or more selections from ICC Keyword List.

    Dataset Size

    Size in bytes of the dataset.

    Formats

    Format(s) of the dataset.

    Collection Start Date/Time

    Date & time the data collection was begun.

    Collection End Date/Time

    Date & time the data collection ceased.

    Ongoing Measurement

    Indicator that data collection is ongoing.

    Checksum Value

    Checksum of the data set. (Not shown in data catalog.)

    Checksum Type

    Type of the checksum.  One or more values from a list, for example: crc32, rsa-md4, etc.

    Anonymization

    Indicates whether data is anonymized 

    Anonymization Method

    Indicates how data is anonymized

    Metadata Version Date/Time

    Date & time this version of the metadata was defined by the Data Provider; not the date/time it was supplied or recorded.

    Availability Start Date/Time

    Date & time the dataset is first available.

    Availability End Date/Time

    Date & time the dataset is no longer available (when it's scheduled to be purged).

    Application Review Required

    Yes/No indicating whether the Data Provider is required to be included in the ARB for any dataset request approval involving this dataset.

    Publication Review Required

    Yes/No indicating whether Data Provider requires publication review of Researcher work related to dataset.

    Access Restrictions

    Yes/No indicating whether remote access is required.

    Access Types

    One or more access type specifications from a list, such as items like HDD, tape only, downloadable, etc.

    Data Use Restrictions

    Specific restrictions on use, such as not trying to reverse anonymized fields, monitoring if remote access, or whether Data Use Agreement is required.

    Archiving Allowed

    Yes/No indicator specifying whether archiving of the dataset is allowed to enable Researcher to reproduce research results. 

    The Ecosystem section displays information concerning:

    • WHO: The IMPACT Team of providers, hosts, the IMPACT Coordinating Center (ICC), our sponsors, and international partners
    • WHAT: The core dimensions of the IMPACT ecosystem
    • WHY and ETHOS: IMPACT's philosophy and sociotechnical activities aimed at driving advances in responsible and trusted R&D and innovation.
    The Headlines section highlights recent news and announcements related to IMPACT R&D. It is frequently updated to keep the IMPACT community informed of cyber security R&D success stories and other ROI indicators.
    The Knowledge Base section displays information on:

    • Frequently Asked Questions - a thorough inventory of common questions for both new and seasoned IMPACT participants; and
    • Research Publications - a constantly-updated list of the various data science for cyber security publications using IMPACT data. The Publications page is being updated to allow advanced search and sorting similar to our Data and Tool search pages.
    The Contact section gives you a quick way to find where we live- virtually- and get in touch by your stellar comments and feedback.

    You must have an account on the IMPACT portal before you can participate in project activities, including applying for access to data or submitting information to the data catalog. All accounts default to the researcher role. If you participate in IMPACT as a Data Provider, Data Host or in any other capacity, your roles will be adjusted after your initial request.

    Accounts are available to U.S.-based researchers and those in DHS-approved locations. U.S. accounts are reviewed and approved by the ICC. International accounts are processed by the IMPACT Approval Coordinator (IAC) in the respective country.

    Your account is active for 12 months. Your portal activity (logging in, requesting datasets, etc.) during that time confirms your interest. Account holders who do not log into the portal during that time will receive an email reminder after 11 months of inactivity. If you do not log in within 30 days of the reminder, your account will be suspended.

    U.S.-based researchers: After you submit your account request, the ICC will verify the information by:

    • Vetting your organization according to our Organization Policy.
    • Contacting the person you listed as the point of contact to verify your association with the organization.

    International researchers: You must be based in a DHS-approved location. The IMPACT Approval Coordinator (IAC) for your country will be notified. Each country has its own review process. The ICC will complete international account requests based on the IAC's recommendation.

    When your account is approved, return to the IMPACT portal and log in using the user name and temporary password you created on your application. You will be asked to change the password on your first log in. This is required as the temporary password will not work twice.

    If your account is not approved, you will be notified by email.

    Data Host and Data Provider Accounts

    To request either a Data Host or a Data Provider account you must contact the ICC directly by email (IMPACT-contact@rti.org) or by phone (USA) 1 800 957 6422.

    IMPACT provides a standard log-in page where registered users can input their user names and passwords to gain access to the portal. Access the Log-In page from the link on the Home page.

    If you have forgotten your password, you may request a password reset from this page. The system will send you a temporary password, which can be used on your next log in.

    Password Standards

    Passwords are used by the portal in conjunction with user IDs to uniquely identify individual users. Passwords may not be shared with, used by or disclosed to others. Generic or group passwords cannot be used. To preclude password guessing, an intruder lock-out feature will suspend accounts after a certain number of invalid attempts to log on. Manual action by the Portal Administrator is required to reactivate the account.

    All user and system passwords, even temporary passwords set for new user accounts, have to meet the following criteria:

    • They must be at least eight (8) characters in length;
    • They can not contain any white space (spaces, tabs, etc.); and
    • They must contain at least one lowercase and one uppercase character.

    Users should immediately change their password if they suspect it has been compromised.