By GCN Staff

DARPA issues cyber Grand Challenge

Government computer security planners have been laying the groundwork for the next generation of cybersecurity technologies: software tools that can detect and respond automatically to increasingly sophisticated threats.

Now the Defense Advanced Research Projects Agency has set up a project to put some of newer technologies to the test by setting up, “the first-ever tournament for fully automatic network defense systems.”

“The growth trends we’ve seen in cyber attacks and malware point to a future where automation must be developed to assist IT security analysts,” Dan Kaufman, director of DARPA’s Information Innovation Office, said in a statement.

DARPA plans to hold a Cyber Grand Challenge at which unmanned systems would be pitted against each other. In a qualifying round, teams would score based on how well their system scanned a network for weaknesses, generated patches or remediation and maintained the operations of the network.  

DARPA will  invite a group of top competitors from the qualifying event to the final Cyber Grand Challenge , to be held early to mid-2016.

Posted on Oct 25, 2013 at 11:03 AM0 comments

Army alliance to explore cyber science

The U.S. Army Research Laboratory has established a Collaborative Research Alliance to explore the basic foundations of cyber science issues in the context of Army networks. The alliance – made up of ARL, U.S. Army Communications-Electronics Research, Development and Engineering Center, academia and industry researchers – gives the members “an opportunity to jointly advance the theoretical foundations of a science of cybersecurity in the context of Army networks,” said Dr. Ananthram Swami, who was recently announced as the Collaborative Alliance Manager, ARL, for the cybersecurity CRA.

ARL said it will research three interrelated aspects of cybersecurity and will add perspective on the human element of the network – the attackers, the defenders and the end users:

  • Risk Research will develop theories and models for dynamic risk assessment and explore risk-related properties of dynamic cyber threats, Army networks and defensive mechanisms.
  • Detection Research should shape cyber threat detection and recognition capabilities as new cyber threats emerge on the battlefield, he said.
  • Agility Research will support planning and control of cyber maneuvers, which help adjust networks and defenses to defeat or mitigate cyber threats.

Posted on Oct 21, 2013 at 9:39 AM0 comments

Could NSA spying cost US control of Internet infrastructure?

In wake of continuing revelations about the National Security Agency’s surveillance of Internet activities, the leaders of the Internet’s technical infrastructure want to take its governance global out of the hands of the United States.

In a statement issued at a conference in Montevideo, Uruguay, they “expressed strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance,” and called for efforts toward “the evolution of global multistakeholder Internet cooperation.”

The statement was signed by the leaders of the Internet Corporation for Assigned Names and Numbers (ICANN), Internet Engineering Task Force, Internet Architecture Board, World Wide Web Consortium, Internet Society and the five regional Internet address registries.

Among the proposals is accelerating the globalization of ICANN and the Internet Assigned Numbers Authority, control of which has been based in the United States, overseen by the Commerce Department. As Wired points out, ICANN, which was established by the Clinton administration, has consistently awarded contracts for managing major domains to U.S. companies. The .com domain, for instance, is managed by VeriSign and .org is managed by the Public Interest Registry. Both are based in Virginia, which means they fall under U.S. laws, including those regarding surveillance by the NSA.

Although the group’s statement doesn’t mention the NSA by name, its intentions are clear. A day after issuing the statement, Fadi Chehadi, ICANN’s president and CEO, met with Brazilian President Dilma Rousseff and later said he asked her “to elevate her leadership to a new level, to ensure that we can all get together around a new model of governance in which all are equal,” according to a post by the Internet Governance Project

Brazil has been highly critical of the NSA’s surveillance programs and recently announced plans to create a spy-proof email system and to cut the United States out of Brazil’s Internet activity, by building an undersea fiber-optic cable that would carry traffic directly between South America and Europe. Brazil will host an international conference on Internet governance in 2014. 

The Internet, of course, was originally a product of the U.S. government and although control of its infrastructure has largely remained in U.S. hands, its growth has been unregulated.  The idea of international control has led to fears of that its open environment would be threatened. Last year, a panel of government and industry officials warned that a proposal to give the U.N. International Telecommunications Union authority to regulate the Internet would thwart innovation and economic growth.

International groups have called before for an end to U.S. control of the Internet, though many have called for privatizing control, rather than giving it to the U.N. The Snowden leaks about NSA activity have greatly accelerated the effort.

Posted on Oct 16, 2013 at 8:38 AM5 comments

Amtrak moves real-time route maps to the Google cloud

Many urban public transportation systems offer riders GPS-based apps that show arrival times for the next bus or subway. Now Amtrak is jumping on the geospatial platform with a deal to have its national mapping data hosted in the Google cloud.

Amtrak said it would tap Google’s Maps Engine to offer an interactive train locator map, giving its 31 million customers way to see check a train’s position and when it will arrive at the station. After buying tickets, checking for train arrival times is the second most popular online activity at Amtrak.

The system works by taking near real-time train location data from GPS devices on each train. As a train passes by sensors near the tracks, location information is pushed into Google Maps Engine, along with station data from Amtrak’s content management system.

Steve Alexander, Amtrak’s creative director of e-commerce, said in a blog post that with Google handing the cloud infrastructure, Amtrak’s e-commerce team will be freed up to develop "more ways to make our map traveler-friendly, like adding information about local transit, restaurants and nearby tourist attractions."

Posted on Oct 10, 2013 at 10:26 AM1 comments

4 takeaways from HealthCare.gov launch

Call them glitches or failures, errors or slowdowns, but the Patient Protection and Affordable Care Act health exchanges off to a bumpy start. James Turner, writing for O’Reilly Programming, put together a list of what developers can learn from the launch of HealthCare.gov: 

Load testing: Because of the scale of the traffic, developers “need to really bang on the core functionality of the site, and tune the heck out of it.”

Functional design: Developers using JavaScript and AJAX for transitions and requests need to be very tolerant of intermittent failures on the back end.

Validation logic: Keep the client code, server code, error messages and instructions in sync.

User experience: Test, test, test. 

Posted on Oct 09, 2013 at 1:23 PM2 comments