Technology

June 16, 2017
 

DARPA programs create systems for data, networks

Tags:
Cheryl Pellerin
DOD News

The internet is an infrastructure that supports all aspects of modern life, and the Defense Advanced Research Projects Agency is creating technology to protect U.S. data, networks and national security, DARPA’s acting director said in Baltimore, Md., June 14.

Steven H. Walker spoke to an audience this morning at 2017 Armed Forces Communications and Electronics Association Defensive Cyber Operations Symposium in Baltimore, noting that the problems the United States faces in the cyber domain have are among the nation’s most serious.

“Even a combination of the most advanced technology cannot solve the problems America faces in the cyber domain entirely,” he said, and described DARPA’s efforts to “create technologies that protect our data, our networks and our national security when it comes to these threats.”

Walker said DARPA’s security research goals have three focus areas in the cyber security domain — hardening systems against cyber attack, operating through cyber attacks and winning in the cyber domain.

Hardening systems
As part of DARPA’s effort to harden systems against attack, the agency ran the Cyber Grand Challenge, or the CGC, in August.

“The CGC was very much in the vein of DARPA’s self-driving car challenges of the last decade, when we challenged the world to do something that had never been done before,” Walker said.

“In this case, [the challenge] was to defend a network and counterattack an adversary’s network in a matter of minutes with no human intervention — only machines playing machines in a game of capture the flag,” he added.

Pittsburgh-based team ForAllSecure’s Mayhem Cyber Reasoning System took first place at the August 2016 Cyber Grand Challenge finals, beating out six other computers. The Mayhem CRS is now on display at the Smithsonian’s National Museum of American History in Washington as a standalone exhibit titled “Innovations in Defense: Artificial Intelligence and the Challenge of Cybersecurity” produced by the Lemelson Center for the Study of Invention and Innovation. The exhibit will run through Sept. 17, 2017.

Seven finalist teams took their cyber reasoning systems to Def Con, the international hacker meeting in Las Vegas, and showed their systems’ ability to automatically identify and fix software flaws and maintain their own correct operation while scanning the CGC network to identify and exploit vulnerabilities in the other systems, Walker said.

“This changes the idea of zero-day exploits and causes one to think in terms of zero-second or zero-minute exploits,” the DARPA director said.

After the CGC success the agency is looking for ways to rapidly move the experiment into an operational capability, he added.

“Google and Microsoft are already employing some of these techniques and moving the technology forward,” Walker said, noting that DARPA is transitioning it to other parts of the government.

“You can imagine using it before we deploy a software product to test that software product against many different exploits,” he said, “and using it in sort of a pre-defense way as well.”

Operating through cyberattacks
To allow operations to continue during cyberattacks, DARPA is developing technologies to rapidly detect, isolate and characterize cyberattacks on the electric power grid, Walker said.

“The goal of our program is to, without … security upgrades or utility deployments prior to an attack, use skilled cyber and power engineers to restore power within seven working days after a cyber attack that overwhelms conventional recovery operations,” he added.

The program is working on anomaly-detection technologies that are sensitive but have low false-alarm rates in a U.S power grid system that’s made up of more than 3,500 different grids, Walker said.

DARPA is also working on network isolation and threat-characterization technologies for cyber systems that include normal information technology and integrated control systems hardware and software, he said.

Winning in cyber domain
Plan X is DARPA’s first-generation cyber mission framework tool to help mission commanders, planners and operators collaborate, understand, plan and manage cyber operations in real time against large-scale and dynamic network environments at tactical and strategic levels, Walker said.

Plan X was a DARPA effort to create for the first time a common operating picture for warriors in cyberspace. Related DARPA programs include Enhanced Attribution and the Network Defense Program.

Enhanced Attribution’s goal, Walker said, is to make transparent the opaque, malicious cyber-adversary actions and individual cyber-operator attribution by providing visibility into all aspects of malicious cyber actions.

The Defense Advanced Research Projects Agency’s Plan X program is working to help military cyber operators visualize the cyber battlespace and perform missions there based on an established cyber framework and a common operating picture. Plan X is a foundational cyberwarfare program whose engineers are developing platforms the Defense Department will use to plan for, conduct and assess cyberwarfare in a manner similar to that of kinetic warfare.

The Network Defense Program “has developed algorithms and data-analysis tools that enable cyber situational awareness for identifying illicit behavior in networks. This is the program that we see now transitioning to U.S. Cyber Command,” he added.

“Where I think we’re headed at DARPA in the Winning in the Cyber Domain set of programs is what I loosely referring to as creating a cyber system-of-systems approach,” Walker explained.

“By that I mean taking many of the technology, tools and programs that I’ve discussed today and putting them together into sort of a national network defense system for cyber security, and potentially a cyber warfare combat system for cyber response,” he said, noting that such a defense system would be voluntary, and domains and specific networks could sign up.

The system, Walker explained, would enable real-time monitoring of hundreds of U.S. internet domains to discover botnets, understand the command-and-control status of servers, correlate adversary probing of U.S. enterprise networks, provide indications and warning of enterprise network compromises and coordinate a national response to adversary activities on U.S. networks and domains.

“The likelihood of an adversary being discovered our networks by such a defensive system, and being able to attribute adverse cyber actions to that adversary, will have a strong deterrent effect on future attackers,” he added.

One gateway to creating such a system is called CHASE, for Cyber Hunting at Scale, Walker said, which will take DARPA’s work on network defense and scale it up to the DOD Information Network, Walker said.

“We’re working now with [the Defense Information Systems Agency] and Cybercom on that new program,” he said.




All of this week's top headlines to your email every Friday.


 
 

 

Headlines – June 28, 2017

News VA to open emergency rooms to ‘bad paper’ vets on July 5 – Veterans with other-than-honorable discharges will be able to access Veterans Affairs emergency rooms for urgent mental health care starting July 5, under new rules outlined by department leaders June 27.   Japan fitting F-35 fighters with advanced missile system brings it...
 
 

News Briefs – June 28, 2017

Pentagon: ‘active preparations’ by Syria for chemical attack The Pentagon on June 27 said it detected “active preparations” by Syria for a chemical weapons attack, giving weight to a White House statement hours earlier that the Syrian government would “pay a heavy price” if it carried out such an attack. A Pentagon spokesman, Navy Capt....
 
 
eafb-parachute1

Test team looks at new parachute for ACES II ejection seat

Air Force photograph by Brad White GR7000 parachute along with dummy descends over a drop zone near Edwards Air Force Base, Caif. A team from the 418th Flight Test Squadron conducted several drops using the parachute, which has...