Modern field guide to security and privacy

DARPA director on the future of war and securing the Internet of Things

At a Passcode event on Thursday, Defense Advanced Research Projects Agency Director Arati Prabhakar, along with leading government figures in cybersecurity, offered a rare glimpse into research happening in government labs.

Melanie Stetson Freeman/The Christian Science Monitor
At a Passcode event on Thursday, Arati Prabhakar, director of the Defense Advanced Research Projects Agency, outlined some of the biggest cybersecurity challenges facing the nation.

The Defense Advanced Research Projects Agency has lived at the sharp edge of military research ever since its creation in the wake of Russia’s Sputnik satellite to ensure America "avoided that kind of surprise again," Arati Prabhakar, the agency’s director, said Thursday in a Passcode event highlighting advancements in cybersecurity research.

Dr. Prabhakar, along with a panel of cybersecurity experts, outlined what the Pentagon – and the rest of the US government – is doing to preparing for the next wave of cyberthreats. Here's what we learned:

1. DARPA’s Plan X might make cyberdefense intuitive

Plan X started with the premise that part of what makes cyberwarfare tricky is that looking at computer code is "abstract and arcane," Prabhakar says. "It’s like ... talking dolphin to you."

The question that intrigued Plan X developers is how to show threats in a way people could visualize – showing an explosion on screen, for example.

US troops could use Plan X to be aware of a Wi-Fi router that has previously been used to trigger an improvised explosive device. In other words, she adds, Plan X could create "a level of intelligence that hadn’t been possible before."

2. DARPA is building a better way to rate security software

The agency recently awarded a contract to former DARPA employee Peiter Zatko (a security researcher also known as Mudge) to create a way to rate software when it comes to security, thus creating "a little bit better understanding" about how well they work, Prabhakar says.

"This could be important," she adds, in the effort to create a more "robust economic model" for security and the private sector. 

What's more, Prabhakar says, the security community as a whole should be working vigorously to secure the burgeoning Internet of Things marketplace. Or else, she says, "It's going to be really painful."

3. Data manipulation is a top concern

Director of National Intelligence James Clapper and the head of US Cyber Command, Adm. Mike Rogers, cited the danger of data manipulation by enemy hackers as one of their top concerns in congressional testimony earlier this month.

For her part, Prabhakar said that "about a year ago," she spoke with then-Chairman of the Joint Chiefs of Staff Martin Dempsey about the dangers of, for example, the military receiving the wrong information. "His reaction was, 'It’s one thing if my systems just go down – I can deal with that – but it’s a different thing altogether if I can’t trust what my systems are telling me.' "

​4. Consumers are often unfairly blamed 

​"I’m of the belief that we can’t expect the users to be cybersecurity geniuses," says Doug Maughan, director of the Cyber Security Division at the Department of Homeland Security’s Science & Technology Director. "Grandma’s not going to know anything."

Instead, "I think it’s high time we start holding people accountable for producing products that may be insecure," he argues. 

"It’s just like water and air," he adds. "Cyber should be secure, and you shouldn’t have to worry about whether it is or not."

Watch the full Cutting Edge of Cybersecurity Research event here

5. Top cybersecurity officials still concerned about Senate's Cyber Information Sharing Act

One of DHS's key concerns about the information-sharing bill is the provision that the agency should serve as the point of contact for any national cyberthreat.

"I certainly share those concerns," Maughan says. The problem is that any national cyberthreat must go through DHS first to coordinate threats that might directly impact the Pentagon, for example, or the National Security Agency.

"I think there is this question of, in the event of a cyberincident of some kind, do you really want some centralized entity [like DHS] being the router for everybody?" he says. "Isn’t there a better way to share information?"

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.