ARMY COURTESY PHOTO PHOTO BY BILL ROCHE
cybersecurity9 and led to changes throughout the industry. DARPA’s technical approach to secure software featured formal methods (based on mathematical techniques) to ensure that software reliably does what it is specified to do, and nothing else. DARPA demonstrated these formal methods by developing a secure mission system for an autonomous helicopter. The agency now is working with the DOD to transition tools for building software with much greater cyber resiliency, and envisions a day when formal methods and other advanced tools for creating provably secure software will be adopted by the defense procurement process. Understanding that cyberspace had become a warfighting domain, DARPA initiated the Plan X program in late 2012 to create a mission command system on which the military can plan, conduct, and assess cyberwarfare in a manner similar to kinetic warfare. DARPA coordinated closely with multiple DOD cyber stakeholders, most notably U.S. Army Cyber Command (ARCYBER), to develop the Plan X prototype system. In 2017, according to an article posted on the U.S. Army website by ARCYBER, “Plan X is a battle command system for cyberspace operations which possesses technology that firmly places our forces at significant advantage in cyberspace.”10 Recognizing the need to engage cyber attackers at machine speed rather than human speed, DARPA created and executed the Cyber Grand Challenge (CGC) program to automate the process of finding, fixing, and exploiting software vulnerabilities. CGC featured a capture-the-flag-style competition in which so-called Cyber Reasoning Systems devised by the CGC teams competed to find and patch flawed code and to prove the
TOP: “Plan X” was a $120 million program at the Defense Advanced Research Projects Agency, which currently is making it easier for humans to, among other things, visualize a network and its components, to automate the task of identifying as hostile or benign the anomalies that might appear on that network, to provide intuitive symbology that accurately conveys to users the status of various components of a network, and to make it easier for even inexperienced users to take action to prevent hostile parties from gaining access to and causing damage to a network. ABOVE: Capt. James McColl and Capt. Justin Lanahan, both cyber officers at U.S. Army Cyber Command, took part in a weeklong “hackathon” in Arlington, Virginia, in July 2015, in support of the continued development of Plan X.