“Invulnerability is not a future state,” says Arati Prabhakar, head of the Defense Advanced Research Projects Agency.
DARPA’s mission is to develop breakthrough technologies to help the US military. It’s the influential agency that fueled the creation of the Internet in the first place. Yet the asymmetrical nature of digital conflict means increasingly sophisticated hackers will always pose a threat, no matter how advanced the solutions become – even the ones DARPA is developing. That’s because “human beings are so creative,” Dr. Prabhakar said at a roundtable discussion on Wednesday.
This, however, is not stopping DARPA from trying to shift the balance. “We have to change the cybersecurity game we’re in right now,” Prabhakar said. “All the prowess of our conventional capabilities is meaningless in this environment.”
It’s a critical problem for the US military. Its superiority, military leaders lament, does not carry over from the traditional battlefield into cyberspace. Meanwhile, US intelligence officials say the cyberthreat posed by Russia is more severe than previously assessed; Iran is exponentially increasing its cybersecurity budget; and China publicly revealed its numerous military and intelligence cyberwar units.
Yet Prabhakar is optimistic that the US military can ultimately develop an edge over other countries, even if it will never be totally impenetrable. “A significant advantage [in cyberspace], yes, I think that is something we can achieve,” she said, “by using these tools and techniques but also having the people that know how to use them, use them to great effect.”
Several in-progress DARPA projects could ultimately give the US military the upper hand, Prabhakar said.
A program known as Plan X, for example, is designed to give the military’s cyberwarriors greater visibility into their networks. It would translate attacks into smart display graphics, so they’re harder to miss, and streamline the military’s ability to defend against them by building an “app store” where cyberoperations could stored, ready to deploy.
This kind of simplification of cybersecurity could be critical for the Pentagon, which announced last year it would triple the number of its cybersecurity professionals to 6,000 by 2016 – no easy feat in such a technical field where skilled workers are in high demand across the globe.
“The military takes young kids and gets them very confident in operating complex systems,” Prabhakar said. “Can we start building tools so that with a modest amount of training, a lot of people can understand and see what’s happening in cyber?”
(To learn more about Plan X, see Passcode’s exclusive first look at Plan X – complete with photos and concept art – and watch the video of our February event starring DARPA’s live demo of the program.)
Separately, DARPA is building another program to develop what Prabhakar calls “provably correct software, systems that can’t be hacked for specified security properties.” This is, she said, particularly important to guard against those seeking to break into the operating systems of small unmanned aerial vehicles, commonly known as drones.
The agency is also hosting a Cyber Grand Challenge to automate defensive operations. The competition – for millions of dollars in prizes – will have computers automatically defend against cyberattacks in “a much more scalable, machine-speed fashion than human beings typing as fast as they can,” Prabhakar said.
At next year’s DEF CON Hacking Conference, computers will face off against other computers, but Dan Kaufman, who directs DARPA’s Information Innovation Office, said recently at a Passcode event that he wants to eventually compete the agency’s computers against human hackers in the actual DEF CON conference sometime in the future. "If we finish not last, I'm going to do a victory lap," said Mr. Kaufman.
These three key programs, Prabhakar said, are already encouraging those at DARPA building new frontiers in cybersecurity. “When you start taking those pieces together, you start having some sense you’re driving your future a little bit.”