November 8, 2011
DARPA To Increase Funding For Cyber Research
The US government´s advanced research unit said Monday it will boost investments in cyber research by 50 percent over the next 5 years, in response to the increased threat of cyber terrorism and warfare.
The Defense Advanced Projects Research Agency (DARPA) will increase its focus on offensive cyber capabilities and defensive cyber capabilities, both key elements in combating modern cyber threats.DARPA is looking for $208 million in cyber spending in the upcoming fiscal year, up from $120 million in the previous year.
The military needs “more and better options” to meet the growing number of cyber threats from hackers and cyber terrorists, Regina Dugan, director of DARPA, told a conference on Monday.
“Modern warfare will demand the effective use of cyber, kinetic, and combined cyber and kinetic means,” Dugan said at the DARPA Cyber Colloquium. “We need more options, we need more speed, and we need more scale. We must both protect its peaceful shared use as well as prepare for hostile cyber acts that threaten our military capabilities.”
The Office of the National Counterintelligence Executive, a US government body, said in a report to Congress last week that China and Russia are using cyber espionage to steal US trade and technology secrets to line their pockets at US expense.
DARPA officials told attendees of the meeting that a recent in-house analysis found that current layered US defenses were a losing proposition because of a cyber terrorists lopsided advantage. Their advantage comes from the fact that it is a lot quicker to write malicious code than it is to produce an effective security package.
“We will not prevail by throwing bodies or buildings at the challenges of cyberspace. Our assessment argues that we are capability limited, both offensively and defensively. We need to fix that,” said Dugan.
“DARPA´s role in the creation of the internet means we were party to the intense opportunities it created and share in the intense responsibility of protecting it. Our responsibility is to acknowledge and prepare to protect the nation in this new environment,” said Dugan
Over the past 20 years the effort and cost of information security software has grown significantly -- from software packages with thousands of lines of code to packages now with millions, according to DARPA.
However, over the same period, and throughout nearly 9,000 examples of viruses, worms, and threats, analysis revealed a nearly constant average of 125 lines of code for malware.
“This is not to suggest that we stop doing what we are doing in cyber security. On the contrary, our existing efforts are necessary,” Dugan said. “These efforts represent the wisdom of the moment. But if we continue only down the current path, we will not converge with the threat.”
“I should emphasize that national policymakers, not DARPA, will determine how cyber capabilities will be employed to protect and defend the national security interests of the United States,” said Dugan at the conference of nearly 700 attendees. “But the agency has a special responsibility to explore the outer bounds of such capabilities so that our nation is well prepared for future challenges.”
Monday´s conference was the first time that Dugan publicly discussed DARPA´s offensive cyber research, according to a spokesman for the Pentagon´s research unit. While she avoided going into advanced details, other military speakers mentioned DARPA´s offensive capabilities in more coded terms.
Army Cyber Command director Lieutenant General Rhett Hernandez called “cyber warriors” who could “operationalize cyberspace” with a “full range of cyber capabilities,” including offensive capabilities.
US Cyber Command commander General Keith Alexander outlined the scope of the challenge. He noted recent well-publicized attacks on NASDAQ, RSA, Sony, and Google, among others. “These organizations are supposed to be the best in the market, and in my opinion, they are,” he said. “But they´re the ones that recognized they were attacked. Most don´t.”
Dugan reiterated the idea that the current approach will not resolve the problem, but will only result in more complexity.
“We are losing ground because we are inherently divergent from the threat,” she said, noting that while the size of viruses has remained small over the years, the defensive security apparatus continues to grow. “Such divergences are the seeds of surprise, and this [size disparity] is a striking example of why it´s currently easier to play offense rather than defense in cyber.”
Daniel Roelker, a DARPA project manager who works on offensive cyber weapons, said the Pentagon needed technological breakthroughs to be able to fight at the speed of light in cyberspace.
The US and unspecified “adversaries” are locked in a struggle in cyberspace, said DARPA program manager, Timothy Fraser. “Their costs are very low, and our costs are very high,” he said.
Kathleen Fisher, another program manager at DARPA, said we also need to worry about things like brakes, accelerators and steering in modern vehicles that can be hacked by tapping into their diagnostic boards, even remotely.
There are concerns whether the US can currently even defend against many of these retaliatory cyber attacks targeting such things as transportation, banking systems and power grids. US officials are notoriously secretive about their cyber capabilities and normally do not talk about them publicly.
James Miller, principal deputy undersecretary of Defense for policy, told a separate event hosted by the Center for Strategic and International Studies that the United States had a “full spectrum of cyber capabilities,” by implication including existing cyber weapons.
On the Net: