DARPA’s Quest for a Beneficent Cyber Future

By Brian M. Pierce - February 21, 2019

“Plan X” was a $120 million program at the Defense Advanced Research Projects Agency, which currently is making it easier for humans to, among other things, visualize a network and its components, to automate the task of identifying as hostile or benign the anomalies that might appear on that network, to provide intuitive symbology that accurately conveys to users the status of various components of a network, and to make it easier for even inexperienced users to take action to prevent hostile parties from gaining access to and causing damage to a network. Army courtesy photo

Series: DARPA: 60 Years 1958-2018

Part 1: DARPA: The Innovation Icon at 60
Part 2: Autonomous Technology Cometh
Part 3: DARPA Tiles Together a Vision of Mosaic Warfare
Part 4: The Intertwined History of DARPA and Moore’s Law
Part 5: Fighting in Megacities: DARPA and Urban Combat
Part 6: DARPA’s Call to Academia
Part 7: Semiconductor Safari: Exotic Materials Beyond Silicon
Part 8: The Evolution of Defense Technology: DARPA’s Biological Technologies Office
Part 9: DARPA’s Enterprise Disruption
Part 10: A DARPA Perspective on the Development of the Internet
Part 11: Jump-starting Innovation: DARPA’s Grand Challenges
Part 12: DARPA’s Quest for a Beneficent Cyber Future
Part 13: DARPA and the Exploration of Artificial Intelligence
Part 14: DARPA Ushers Game-changing Technology into the Real World
Part 15: Spintronics: A DARPA-spurred Spin on Fundamental Electron Physics
Part 16: DARPA’s 60-Year Space Adventure
Part 17: DARPA’s X-Planes
Part 18: Artificial Intelligence to Accelerate Science

Much of modern life takes place online in cyberspace. A variety of threats have emerged to imperil the future of the cyber domain, where more and more of our commercial and social activity unfolds. Securing cyberspace has become a priority at the highest levels of government, including the White House. DARPA is at the leading edge of our nation’s pursuit of a beneficent cyber future.

Legacy of Cyber Past

Roughly a half-century ago, DARPA (when it was known as the Advanced Research Projects Agency, or ARPA) program managers conceived, implemented, and demonstrated the ARPANET, the proof-of-concept precursor of the internet. The principal advance of the ARPANET resided in the introduction of packet-switched communications to achieve a dramatic advance in the efficiency by which the information packets wound their way through available wires and other inter-computer linkages. By 1977, the ARPANET had grown into a national network connecting university, commercial, and government research activities.

The initial engineering of the ARPANET focused on providing basic communication services, and accountability was not included as a primary design goal. These design choices were intentional. According to an historical account of the original network protocols developed at ARPA, “… since this network was designed to operate in a military context … survivability was put as a first goal and accountability as a last goal … An architecture primarily for commercial deployment would clearly place these goals at the opposite end of the list.” Instead of building in reliable attribution mechanisms, user behavior was loosely governed by rules and norms. For example, at the MIT AI Lab circa 1982¹, it was simply decreed that “It is considered illegal to use the ARPANET for anything which is not in direct support of government business.” The critical need for stronger security and control mechanisms was not yet apparent.

Capt. James McColl and Capt. Justin Lanahan, both cyber officers at U.S. Army Cyber Command, took part in a weeklong “hackathon” in Arlington, Virginia, in July 2015, in support of the continued development of Plan X. Photo by Bill Roche

During the 1980s, a commercial version of the ARPANET, dubbed the internet, grew rapidly, and by 1988 served roughly 60,000 internet-connected computers (“hosts”)². Nov. 2, 1988, was an important reality-check day in the history of the internet, with the release and rapid spread of the Morris worm to approximately 10 percent of internet hosts³. It was a before-and-after moment. After the Morris worm, users became aware of the need for stronger security in computers and networks.

After the Morris worm, users became aware of the need for stronger security in computers and networks.

During the 1990s, the Department of Defense (DOD) recognized networking as a critical enabler for military operations⁴. As such, DOD aggressively integrated networking, computation, and automation throughout military systems. Adversary nation-states responded by exploiting these networks, and it was during this period that the notion of an “electronic Pearl Harbor” entered the public consciousness⁵ and the status of cyberspace ascended to that of a domain of active conflict alongside the traditional domains of sea, land, air, and space. The connected nature of cyberspace enables an adversary to strike at any geographic location in the United States, and at a wide range of targets, including the power grid, refineries, chemical plants, airline reservation systems, enterprise and wide area networks, the financial markets, the bulk power markets, communications systems, natural gas pipelines, and water and wastewater utilities.

Affecting the Cyber Present

During the 2000s, DARPA funded selected efforts in cybersecurity. In 2010, DARPA centralized cyber R&D within a new office – the Information Innovation Office (I2O). The creation of I2O included the hiring of several well-known computer science and cyber experts from academia and industry, and greatly expanded DARPA’s cyber program portfolio and investment. To stimulate the interest and involvement of the cyber community, DARPA hosted, on Nov. 7, 2011, a Cyber Colloquium that was attended by approximately 700 researchers, operators, and other stakeholders from industry, academia, and government^6,7. The DARPA Cyber Colloquium was a bright signal to the broad U.S. cyber R&D community that DARPA would bring its unique project-centric approach to the development of future cyber capabilities, both defensive and offensive.

In the seven years since the colloquium, DARPA’s programs have had great impact⁸. Recognizing that cyber threats to physical systems such as vehicles could be devastating for the military, DARPA in 2012 created the High-Assurance Cyber Military Systems (HACMS) program to secure embedded computing systems in mission-critical commercial and military assets against cyber attacks. DARPA’s work in this threat space resulted in heightened awareness of the need for improved automobile cybersecurity⁹ and led to changes throughout the industry. DARPA’s technical approach to secure software featured formal methods (based on mathematical techniques) to ensure that software reliably does what it is specified to do, and nothing else. DARPA demonstrated these formal methods by developing a secure mission system for an autonomous helicopter. The agency now is working with the DOD to transition tools for building software with much greater cyber resiliency, and envisions a day when formal methods and other advanced tools for creating provably secure software will be adopted by the defense procurement process.