DARPA's new cyber tack: Think, act like a hacker

The Defense Department is taking a page from the hacker’s playbook to launch a series of research programs to provide warfighters and federal employees with the tools to counter the threats they encounter online.

The new programs were discussed at the Defense Advanced Research Projects Agency’s Cyber Colloquium in Arlington, Va., Nov 7. Some of the projects underway at DARPA look at new ways to develop and fund cyber programs, fight cyber warfare, study malware, provide new forms of user identification and to search out insider threats.

The goal of DARPA’s Cyber Fast Track program is to fund small groups of researchers, and sometimes individuals, to develop new cyber technologies, said Program Manager Peiter Zatko. The programs are designed to be approved rapidly, often in less than a week, and to run only a few months, he said. The idea is to emulate how small software development teams work on projects in the online developer and hacker worlds to both encourage creativity and get rapid results.


Related stories:

DOD is looking to fund a few good hackers

Cyber war: How close are we to the real thing?


DARPA is also working on new ways to fight in cyberspace, such as its Foundational Cyberwarfare program. That program's manager, Daniel Roelker, said the effort seeks to develop technical skills and techniques for cyber combat. The program will examine areas such as network analysis, planning and execution, cyber warfare platform development and visualization that allows commanders to view the cyber domain, he said.

Another new program is named Cyber Genome. Its goal is to apply analysis to strains of malware to track their origins, said Program Manager Timothy Fraser. Malware writers often reuse pieces of code in their programs. By studying different bits of old code in malware, Cyber Genome may help analysts determine the origins and pedigrees of different strains of malware, he said.

Security and securing networks remains a key part of cyber operations. One program, Beyond Passwords, looks at new ways to provide user authentication by having computers assess users' identities through several methods, from biometrics to how users search and click with a mouse. But the goal is to move away from passwords, a security weak point. “Humans aren’t built to recognize long strings of characters,” Program Manager Richard Guidorizzi said about the long and cumbersome DOD passwords his program seeks to replace.

Humans are also a source for unwitting and potentially malicious insider threats. The Anomaly Detection At Multiple Scales program is an attempt to analyze and counter insider threats, said Program Manager Rand Walzman. The project looks at four areas of online user behavior: topic analysis, system use, social interactions and networks, and user psychological state, he said.


Reader Comments

Thu, Nov 10, 2011 Larry

I agree with the post on hiring already proved hackers. There will need be care taken in this case as some will work for you, but some may attempt to"use" the job. But I believe he is correct in stating that you can train a wannabee as well as the real mccoy. another suggestion is to get those who have been testor or analysts in the role of stress testing systems, or otherwise in the rale of finding the break points. they may be another resource.

Wed, Nov 9, 2011

Don't expect to get these people to work a govt std 40 hour work week or to have much structure. The power is in the freedom to do what they do. And no, I have no hacker relations, I can barely operate a pc. It's very obvious and we should use common sense.

Wed, Nov 9, 2011 jaime nm

I was at a security presentation once and they were talking about training computer geeks on the ways of hackers. The problem is that it is easy to learn nbasics. There are a lot of wannabee hackers and then there are the real hackers. These guys-gals live for the thrill of doing this. I suggested that we hire hackers (real good ones) and the guy said it would be too expensive and how could we trust them. Well, reality says that you cannot trust anyone, but if you pay them enough and give them the right support, they will work for you. We will never catch up with the hackers. The real hackers are super smart and good at what they do, for us to teach anyone would require that kind of expertise. Hire real hackers and pay them insane money.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above