June 16, 2017

DARPA programs create systems for data, networks

Cheryl Pellerin
DOD News

The internet is an infrastructure that supports all aspects of modern life, and the Defense Advanced Research Projects Agency is creating technology to protect U.S. data, networks and national security, DARPA’s acting director said in Baltimore, Md., June 14.

Steven H. Walker spoke to an audience this morning at 2017 Armed Forces Communications and Electronics Association Defensive Cyber Operations Symposium in Baltimore, noting that the problems the United States faces in the cyber domain have are among the nation’s most serious.

“Even a combination of the most advanced technology cannot solve the problems America faces in the cyber domain entirely,” he said, and described DARPA’s efforts to “create technologies that protect our data, our networks and our national security when it comes to these threats.”

Walker said DARPA’s security research goals have three focus areas in the cyber security domain — hardening systems against cyber attack, operating through cyber attacks and winning in the cyber domain.

Hardening systems
As part of DARPA’s effort to harden systems against attack, the agency ran the Cyber Grand Challenge, or the CGC, in August.

“The CGC was very much in the vein of DARPA’s self-driving car challenges of the last decade, when we challenged the world to do something that had never been done before,” Walker said.

“In this case, [the challenge] was to defend a network and counterattack an adversary’s network in a matter of minutes with no human intervention — only machines playing machines in a game of capture the flag,” he added.

Pittsburgh-based team ForAllSecure’s Mayhem Cyber Reasoning System took first place at the August 2016 Cyber Grand Challenge finals, beating out six other computers. The Mayhem CRS is now on display at the Smithsonian’s National Museum of American History in Washington as a standalone exhibit titled “Innovations in Defense: Artificial Intelligence and the Challenge of Cybersecurity” produced by the Lemelson Center for the Study of Invention and Innovation. The exhibit will run through Sept. 17, 2017.

Seven finalist teams took their cyber reasoning systems to Def Con, the international hacker meeting in Las Vegas, and showed their systems’ ability to automatically identify and fix software flaws and maintain their own correct operation while scanning the CGC network to identify and exploit vulnerabilities in the other systems, Walker said.

“This changes the idea of zero-day exploits and causes one to think in terms of zero-second or zero-minute exploits,” the DARPA director said.

After the CGC success the agency is looking for ways to rapidly move the experiment into an operational capability, he added.

“Google and Microsoft are already employing some of these techniques and moving the technology forward,” Walker said, noting that DARPA is transitioning it to other parts of the government.

“You can imagine using it before we deploy a software product to test that software product against many different exploits,” he said, “and using it in sort of a pre-defense way as well.”

Operating through cyberattacks
To allow operations to continue during cyberattacks, DARPA is developing technologies to rapidly detect, isolate and characterize cyberattacks on the electric power grid, Walker said.

“The goal of our program is to, without … security upgrades or utility deployments prior to an attack, use skilled cyber and power engineers to restore power within seven working days after a cyber attack that overwhelms conventional recovery operations,” he added.

The program is working on anomaly-detection technologies that are sensitive but have low false-alarm rates in a U.S power grid system that’s made up of more than 3,500 different grids, Walker said.

DARPA is also working on network isolation and threat-characterization technologies for cyber systems that include normal information technology and integrated control systems hardware and software, he said.

Winning in cyber domain
Plan X is DARPA’s first-generation cyber mission framework tool to help mission commanders, planners and operators collaborate, understand, plan and manage cyber operations in real time against large-scale and dynamic network environments at tactical and strategic levels, Walker said.

Plan X was a DARPA effort to create for the first time a common operating picture for warriors in cyberspace. Related DARPA programs include Enhanced Attribution and the Network Defense Program.

Enhanced Attribution’s goal, Walker said, is to make transparent the opaque, malicious cyber-adversary actions and individual cyber-operator attribution by providing visibility into all aspects of malicious cyber actions.

The Defense Advanced Research Projects Agency’s Plan X program is working to help military cyber operators visualize the cyber battlespace and perform missions there based on an established cyber framework and a common operating picture. Plan X is a foundational cyberwarfare program whose engineers are developing platforms the Defense Department will use to plan for, conduct and assess cyberwarfare in a manner similar to that of kinetic warfare.

The Network Defense Program “has developed algorithms and data-analysis tools that enable cyber situational awareness for identifying illicit behavior in networks. This is the program that we see now transitioning to U.S. Cyber Command,” he added.

“Where I think we’re headed at DARPA in the Winning in the Cyber Domain set of programs is what I loosely referring to as creating a cyber system-of-systems approach,” Walker explained.

“By that I mean taking many of the technology, tools and programs that I’ve discussed today and putting them together into sort of a national network defense system for cyber security, and potentially a cyber warfare combat system for cyber response,” he said, noting that such a defense system would be voluntary, and domains and specific networks could sign up.

The system, Walker explained, would enable real-time monitoring of hundreds of U.S. internet domains to discover botnets, understand the command-and-control status of servers, correlate adversary probing of U.S. enterprise networks, provide indications and warning of enterprise network compromises and coordinate a national response to adversary activities on U.S. networks and domains.

“The likelihood of an adversary being discovered our networks by such a defensive system, and being able to attribute adverse cyber actions to that adversary, will have a strong deterrent effect on future attackers,” he added.

One gateway to creating such a system is called CHASE, for Cyber Hunting at Scale, Walker said, which will take DARPA’s work on network defense and scale it up to the DOD Information Network, Walker said.

“We’re working now with [the Defense Information Systems Agency] and Cybercom on that new program,” he said.

All of this week's top headlines to your email every Friday.



Headlines – December 13, 2017

News Pentagon unleashes 2,400 auditors for unprecedented financial review – After decades of false starts, the Defense Department aims to issue its first audit report in November 2018.   Court refuses Trump request to delay Jan. 1 transgender enlistments – A federal court has knocked down the Trump administration’s latest request to delay any transgender...

News Briefs – December 13, 2017

Military fails to disclose criminal convictions to FBI A recent lapse by the U.S. Army to disclose a Texas veteran’s criminal record to the FBI is the latest example of the military failing to document criminal convictions, according to a newspaper’s review. Former Army 1st Sgt. Gregory McQueen pleaded guilty two years ago to more...

Northrop Grumman, U.S. Army successfully demonstrate multi-domain, joint air, missile defense

The Northrop Grumman-developed Integrated Air and Missile Defense Battle Command System, the foundation of the U.S. Army IAMD, has successfully demonstrated extraordinary capabilities for improving joint force operational effec...