June 16, 2017

DARPA programs create systems for data, networks

Cheryl Pellerin
DOD News

The internet is an infrastructure that supports all aspects of modern life, and the Defense Advanced Research Projects Agency is creating technology to protect U.S. data, networks and national security, DARPA’s acting director said in Baltimore, Md., June 14.

Steven H. Walker spoke to an audience this morning at 2017 Armed Forces Communications and Electronics Association Defensive Cyber Operations Symposium in Baltimore, noting that the problems the United States faces in the cyber domain have are among the nation’s most serious.

“Even a combination of the most advanced technology cannot solve the problems America faces in the cyber domain entirely,” he said, and described DARPA’s efforts to “create technologies that protect our data, our networks and our national security when it comes to these threats.”

Walker said DARPA’s security research goals have three focus areas in the cyber security domain — hardening systems against cyber attack, operating through cyber attacks and winning in the cyber domain.

Hardening systems
As part of DARPA’s effort to harden systems against attack, the agency ran the Cyber Grand Challenge, or the CGC, in August.

“The CGC was very much in the vein of DARPA’s self-driving car challenges of the last decade, when we challenged the world to do something that had never been done before,” Walker said.

“In this case, [the challenge] was to defend a network and counterattack an adversary’s network in a matter of minutes with no human intervention — only machines playing machines in a game of capture the flag,” he added.

Pittsburgh-based team ForAllSecure’s Mayhem Cyber Reasoning System took first place at the August 2016 Cyber Grand Challenge finals, beating out six other computers. The Mayhem CRS is now on display at the Smithsonian’s National Museum of American History in Washington as a standalone exhibit titled “Innovations in Defense: Artificial Intelligence and the Challenge of Cybersecurity” produced by the Lemelson Center for the Study of Invention and Innovation. The exhibit will run through Sept. 17, 2017.

Seven finalist teams took their cyber reasoning systems to Def Con, the international hacker meeting in Las Vegas, and showed their systems’ ability to automatically identify and fix software flaws and maintain their own correct operation while scanning the CGC network to identify and exploit vulnerabilities in the other systems, Walker said.

“This changes the idea of zero-day exploits and causes one to think in terms of zero-second or zero-minute exploits,” the DARPA director said.

After the CGC success the agency is looking for ways to rapidly move the experiment into an operational capability, he added.

“Google and Microsoft are already employing some of these techniques and moving the technology forward,” Walker said, noting that DARPA is transitioning it to other parts of the government.

“You can imagine using it before we deploy a software product to test that software product against many different exploits,” he said, “and using it in sort of a pre-defense way as well.”

Operating through cyberattacks
To allow operations to continue during cyberattacks, DARPA is developing technologies to rapidly detect, isolate and characterize cyberattacks on the electric power grid, Walker said.

“The goal of our program is to, without … security upgrades or utility deployments prior to an attack, use skilled cyber and power engineers to restore power within seven working days after a cyber attack that overwhelms conventional recovery operations,” he added.

The program is working on anomaly-detection technologies that are sensitive but have low false-alarm rates in a U.S power grid system that’s made up of more than 3,500 different grids, Walker said.

DARPA is also working on network isolation and threat-characterization technologies for cyber systems that include normal information technology and integrated control systems hardware and software, he said.

Winning in cyber domain
Plan X is DARPA’s first-generation cyber mission framework tool to help mission commanders, planners and operators collaborate, understand, plan and manage cyber operations in real time against large-scale and dynamic network environments at tactical and strategic levels, Walker said.

Plan X was a DARPA effort to create for the first time a common operating picture for warriors in cyberspace. Related DARPA programs include Enhanced Attribution and the Network Defense Program.

Enhanced Attribution’s goal, Walker said, is to make transparent the opaque, malicious cyber-adversary actions and individual cyber-operator attribution by providing visibility into all aspects of malicious cyber actions.

The Defense Advanced Research Projects Agency’s Plan X program is working to help military cyber operators visualize the cyber battlespace and perform missions there based on an established cyber framework and a common operating picture. Plan X is a foundational cyberwarfare program whose engineers are developing platforms the Defense Department will use to plan for, conduct and assess cyberwarfare in a manner similar to that of kinetic warfare.

The Network Defense Program “has developed algorithms and data-analysis tools that enable cyber situational awareness for identifying illicit behavior in networks. This is the program that we see now transitioning to U.S. Cyber Command,” he added.

“Where I think we’re headed at DARPA in the Winning in the Cyber Domain set of programs is what I loosely referring to as creating a cyber system-of-systems approach,” Walker explained.

“By that I mean taking many of the technology, tools and programs that I’ve discussed today and putting them together into sort of a national network defense system for cyber security, and potentially a cyber warfare combat system for cyber response,” he said, noting that such a defense system would be voluntary, and domains and specific networks could sign up.

The system, Walker explained, would enable real-time monitoring of hundreds of U.S. internet domains to discover botnets, understand the command-and-control status of servers, correlate adversary probing of U.S. enterprise networks, provide indications and warning of enterprise network compromises and coordinate a national response to adversary activities on U.S. networks and domains.

“The likelihood of an adversary being discovered our networks by such a defensive system, and being able to attribute adverse cyber actions to that adversary, will have a strong deterrent effect on future attackers,” he added.

One gateway to creating such a system is called CHASE, for Cyber Hunting at Scale, Walker said, which will take DARPA’s work on network defense and scale it up to the DOD Information Network, Walker said.

“We’re working now with [the Defense Information Systems Agency] and Cybercom on that new program,” he said.

All of this week's top headlines to your email every Friday.



Headlines – October 15, 2018

News Some Air Force, Navy F-35s resume flying after grounding – The Air Force and Navy said Oct. 12 that some of their F-35 Lightning IIs are once again flying, a day after the military grounded the entire fleet of its most advanced fighters.   Mattis pushes closer ties to Vietnam amid tension with China...

News Briefs – October 15, 2018

Tyndall Air Force Base sustains ‘catastrophic’ damage Tyndall Air Force Base suffered catastrophic damage when Hurricane Michael tore through the Florida Panhandle, ripping roofs off airplane hangars, tossing vehicles around a parking lot and leaving a fighter jet that had been on display flipped over on the ground. The home to the nation’s 325th Fighter...
Army photograph by Sgt. Jacob Kohrs

Second phase of Multi-Domain Task Force pilot headed to Europe

Army photograph by Sgt. Jacob Kohrs Soldiers with the 17th Field Artillery Brigade fire a High Mobility Artillery Rocket System at Yakima Training Center, Wash., Feb. 28, 2017. The brigade served as the foundation of a Multi-Do...