If we are to deter cyber attacks, we must develop accurate and calibrated cyber response capabilities. This is how we will stop the stones from hitting our house.
Here is what a reliable cyber deterrence capability would have to include:
- Cyber resilience: In the event of a cyber attack, the information and operational technology the United States uses to manage and control its critical networks and systems must operate through the attack and be rapidly recoverable afterward.
- Cyber situational awareness: The United States must be able to detect, understand, and attribute in a timely fashion any subtle or overt escalations in the intensity of cyber conflict and adversary attacks on our critical networks and systems involving the cyber domain.
- Cyber accurate response: The United States must have the capability to mount an accurate, timely, effective, and appropriately scaled cyber response to any cyber attack in a calibrated way that discourages further escalation.
DARPA is sponsoring a broad portfolio of programs to develop the technologies necessary to realize these elements required for an effective cyber deterrence.
In the cyber-resilience category, DARPA’s approach includes techniques to harden systems against cyber attack and techniques to enable systems to operate correctly even when subject to cyber attack. DARPA’s initial investments featured formal methods but this portfolio has expanded to include other approaches. Inspired by big-data approaches that have impacted numerous industries, DARPA saw that big-data technology could improve the way we build, debug, verify, and maintain software. DARPA created a corpus of hundreds of billions of lines of code – so-called “big code” – and data-mining engines (specialized for use in software) to extract useful properties, behaviors, and vulnerabilities of the program components in the corpus. This knowledge opens the way toward new mechanisms for automatically constructing, improving, and repairing complex software.
DARPA is also developing the necessary design, analysis, and verification tools to allow system engineers to design in cyber resiliency and to manage trade-offs as they do other nonfunctional properties when designing complex embedded computing systems. In addition, DARPA is developing techniques that address the need for long-lived, survivable, and complex software systems that are robust to changes in the physical and logical resources provided by their underlying computational ecosystem. These will reduce high software maintenance costs and stave off premature obsolescence of otherwise functionally sound, legacy software systems. In principle, these abilities could enable the creation of “100-year software.”
A substantial and prolonged disruption of electric power would have profound economic and human costs for the United States. From a defense perspective, a major power outage could hamper military mobilization and logistics and impair the capability to project force. DARPA is developing technology that cybersecurity personnel, power engineers, and first responders can utilize to accelerate restoration of cyber-impacted electrical systems.
In the cyber-resilience category, DARPA’s approach includes techniques to harden systems against cyber attack and techniques to enable systems to operate correctly even when subject to cyber attack.
In the category of situational awareness in the cyber domain, the goal is to achieve a comprehensive ability to detect and monitor cyber attacks in the making. At present, cyber adversaries are often able to operate on U.S. networks for extended periods without discovery. DARPA is developing a number of technologies to enhance situational awareness of attacks on networks and systems by, for example, providing high-fidelity visibility into component interactions during system operation across all layers of software abstraction. These techniques will automatically or semi-automatically “connect the dots” across multiple activities that are individually legitimate, but collectively indicate malice or abnormal behavior. This should enable the prompt detection of advanced persistent threats. Malicious actors in cyberspace currently operate with little fear of being caught. This is because it is extremely difficult, in some cases perhaps even impossible, to reliably and confidently attribute actions in cyberspace to individuals. DARPA is developing techniques to enable reliable attribution of malicious cyber actions and to increase the government’s ability to reveal publicly the actions of individual malicious cyber operators without compromising sources and methods.
In the category of deploying accurate and calibrated cyber response capabilities, DARPA envisions high-intensity cyber operations executed by computers under human supervision. Such semi-automated response systems would enable operators to create and analyze cyber effects more rapidly and accurately than unaided human operators. Fully automated cyber defense capabilities, such as those developed in DARPA’s Cyber Grand Challenge, will help in this cause. These will be integrated with human-centric cyber operations planning and execution capabilities, such as those developed under DARPA’s Plan X program. This technology will automatically evaluate the defensive readiness of software and networks during operations, triage and verify system security issues, determine adversary intent, and guide operator responses. Because botnets pose a significant threat to national security, DARPA is exploring the feasibility of countering malicious botnets and similar large-scale malware.
Toward a Cyber-Safe Era
The cyber domain has become central to our modern way of life, and it is a matter of national security12. As such, the ability to deter cyber attacks has become a strategic technology priority. For its part, DARPA is working to develop technologies to enable U.S. cyber deterrence and is collaborating with DOD cyber stakeholders to deploy and improve cyber deterrence capabilities. This includes a variety of efforts with USCYBERCOM and the military Services to participate in exercises, develop concepts of operation, evolve prototype systems, mature the technology base, and transition cyber-deterrence technologies to operations. In addition, DARPA is developing technologies to create software systems that are secure by design rather than by constant patching in response to newly discovered vulnerabilities; provide greater visibility into network operations for enterprises and service providers; and enable cyber response capabilities that are accurate, robust, and safe. Taken together, the new cyber technologies DARPA is developing hold promise for a cyber future in which the benefits of the cyber domain are assured.
12. Richard Danzig “Surviving on a Diet of Poisoned Fruit: Reducing the National Security Risks of America’s Cyber Dependencies,” 2014 (https://s3.amazonaws.com/