DAVID R. TRIBBLE PHOTO VIA WIKIMEDIA COMMONS
Because a widespread, prolonged loss of electrical power would pose a grave threat to the United States, DARPA is developing technology that cyber security personnel, power engineers, and first responders can employ to rapidly restore electrical systems subjected to cyber attack.
1. An exponentially growing domestic attack surface: Our modern society depends on information and information systems, and information technology (IT) is deeply embedded in critical infrastructure, commercial services, cyber-physical systems, and other components of the constructed landscape. Our dependence on IT and the cyber domain is growing exponentially both in terms of scale (i.e., number of users/hosts, number of networks and network nodes, volume of storage) and in terms of the complexity of the applications (e.g., self-driving cars and other autonomous systems). Few of these systems are resilient to cyber attack, and so they present an inviting attack surface for potential adversaries. Metaphorically, we have built for ourselves a “cyber glass house” at which adversaries may freely cast stones, and we want our house to be resilient against these attacks. The way we construct our cyber structures, therefore, plays a foundational role in determining how resilient these structures will be amidst those who will throw stones. 2. Lack of visibility and limited intelligence: Many cyber attacks, the so-called advanced persistent threats, remain undiscovered for extended periods, while other attacks have never been conclusively attributed even with significant forensics effort. As a result, it is difficult, if not impossible, to estimate with confidence the cyber capabilities of a potential cyber adversary. Moreover, while defensive cyber technology development is a large and growing commercial activity, offensive cyber technology is typically developed in secret by both nation-states and diverse criminal enterprises; the potential for technological surprise by one or more of these entities cannot be ignored. In the cyber domain, we need far greater visibility into and situational awareness of adversarial activity. We need to know who is throwing stones against our house. 3. Empowered adversaries that act with impunity: Software is the ultimate democratic technology. It is proving to be a facile weapon for adversaries ranging from so-called “script kiddies” to
peer-nation intelligence agencies. These adversaries are empowered by the ability to re-use readily available malwares, access large-scale computing resources – both legal (commercial cloud) and illicit (botnet) – and hide their activities in the flood of internet communications and transactions. Few cyber attackers ever suffer any consequences, and so they act without restraint. If we are to deter cyber attacks, we must develop accurate and calibrated cyber response capabilities. This is how we will stop the stones from hitting our house. Here is what a reliable cyber deterrence capability would have to include: • Cyber resilience: In the event of a cyber attack, the information and operational technology the United States uses to manage and control its critical networks and systems must operate through the attack and be rapidly recoverable afterward. • Cyber situational awareness: The United States must be able to detect, understand, and attribute in a timely fashion any subtle or overt escalations in the intensity of cyber conflict and adversary attacks on our critical networks and systems involving the cyber domain. • Cyber accurate response: The United States must have the capability to mount an accurate, timely, effective, and appropriately scaled cyber response to any cyber attack in a calibrated way that discourages further escalation. DARPA is sponsoring a broad portfolio of programs to develop the technologies necessary to realize these elements required for an effective cyber deterrence. In the cyber-resilience category, DARPA’s approach includes techniques to harden systems against cyber attack and techniques to enable systems to operate correctly even when subject to cyber attack. DARPA’s initial investments featured formal methods but this portfolio has expanded to include other approaches. Inspired by big-data approaches that have impacted numerous industries, DARPA saw that big-data technology could improve the