way we build, debug, verify, and maintain software. DARPA created a corpus of hundreds of billions of lines of code – so-called “big code” – and data-mining engines (specialized for use in software) to extract useful properties, behaviors, and vulnerabilities of the program components in the corpus. This knowledge opens the way toward new mechanisms for automatically constructing, improving, and repairing complex software. DARPA is also developing the necessary design, analysis, and verification tools to allow system engineers to design in cyber resiliency and to manage trade-offs as they do other nonfunctional properties when designing complex embedded computing systems. In addition, DARPA is developing techniques that address the need for long-lived, survivable, and complex software systems that are robust to changes in the physical and logical resources provided by their underlying computational ecosystem. These will reduce high software maintenance costs and stave off premature obsolescence of otherwise functionally sound, legacy software systems. In principle, these abilities could enable the creation of “100-year software.” A substantial and prolonged disruption of electric power would have profound economic and human costs for the United States. From a defense perspective, a major power outage could hamper military mobilization and logistics and impair the capability to project force. DARPA is developing technology that cybersecurity personnel, power engineers, and first responders can utilize to accelerate restoration of cyber-impacted electrical systems. In the category of situational awareness in the cyber domain, the goal is to achieve a comprehensive ability to detect and monitor cyber attacks in the making. At present, cyber adversaries are often able to operate on U.S. networks for extended periods without discovery. DARPA is developing a number of technologies to enhance situational awareness of attacks on networks and systems by, for example, providing high-fidelity visibility into component interactions during system operation across all layers of software abstraction. These techniques will automatically or semi-automatically “connect the dots” across multiple activities that are individually legitimate, but collectively indicate malice or abnormal behavior. This should enable the prompt detection of advanced persistent threats. Malicious actors in cyberspace currently operate with little fear of being caught. This is because it is extremely difficult, in some cases perhaps even impossible, to reliably and confidently attribute actions in cyberspace to individuals. DARPA is developing techniques to enable reliable attribution of malicious cyber actions and to increase the government’s ability to reveal publicly the actions of individual malicious cyber operators without compromising sources and methods. In the category of deploying accurate and calibrated cyber response capabilities, DARPA envisions high-intensity cyber operations executed by computers under human supervision. Such semi-automated response systems would enable operators to create and analyze cyber effects more rapidly and accurately than unaided human operators. Fully automated cyber defense capabilities, such as those developed in DARPA’s Cyber Grand Challenge, will help in this cause. These will be integrated with human-centric cyber operations planning and execution capabilities, such as those developed under DARPA’s Plan X program. This technology will automatically evaluate the defensive readiness of software and networks during operations, triage and verify
U.S. commercial and government networks are subject to nearly continuous cyber attack. DARPA is developing automated, scalable algorithms that identify anomalous behavior in networks indicative of these threats and the security compromises that can result. system security issues, determine adversary intent, and guide operator responses. Because botnets pose a significant threat to national security, DARPA is exploring the feasibility of countering malicious botnets and similar large-scale malware.
Toward a Cyber-Safe Era The cyber domain has become central to our modern way of life, and it is a matter of national security 12. As such, the ability to deter cyber attacks has become a strategic technology priority. For its part, DARPA is working to develop technologies to enable U.S. cyber deterrence and is collaborating with DOD cyber stakeholders to deploy and improve cyber deterrence capabilities. This includes a variety of efforts with USCYBERCOM and the military Services to participate in exercises, develop concepts of operation, evolve prototype systems, mature the technology base, and transition cyber-deterrence technologies to operations. In addition, DARPA is developing technologies to create software systems that are secure by design rather than by constant patching in response to newly discovered vulnerabilities; provide greater visibility into network operations for enterprises and service providers; and enable cyber response capabilities that are accurate, robust, and safe. Taken together, the new cyber technologies DARPA is developing hold promise for a cyber future in which the benefits of the cyber domain are assured.
1. https://dspace.mit.edu/bitstream/handle/1721.1/41180/AI_WP_235.pdf, Section 2.4.2 Etiquette 2. http://www.computerhistory.org/internethistory/1970s/ 3. https://en.wikipedia.org/wiki/Morris_worm 4. https://en.wikipedia.org/wiki/Network-centric_warfare 5. http://www.washingtonpost.com/wp-srv/washtech/daily/may98/cyberattack052498.htm 6. http://archive.defense.gov/news/newsarticle.aspx?id=65988 7. https://www.wired.com/2011/11/darpa-hackers-cybersecurity/ 8. https://www.youtube.com/watch?v=mgAjvmgr08w 9. https://cyber.stanford.edu/spotlight-research-automobile-cybersecurity-policy 10. https://www.army.mil/article/182571/plan_x_harnesses_collaboration_innovation_to_ build_mission_command_system_for_cyberspace 11. https://www.nbcnews.com/tech/tech-news/inside-government-agency-designing-techfight-fake-news-n865586 12. Richard Danzig “Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America’s Cyber Dependencies,” 2014 (https://s3.amazonaws.com/files.cnas.org/ documents/CNAS_PoisonedFruit_Danzig.pdf?mtime=20161010215746)