DARPA's Plan X: Cyber warfare on autopilot

The Defense Advanced Research Projects Agency expects cyber warfare to be such a recurring reality that it wants to put responding to cyberattacks on autopilot, sort of.

At least, the agency used that word in describing one of the functions it is looking for in a classified cyber warfare program it’s calling “Plan X.”

In an announcement unveiling the plan, DARPA said one of its goals is “developing high-level mission plans and automatically synthesizing a mission script that is executed through a human-on-the-loop interface, similar to the auto-pilot function in modern aircraft.” The idea is to use established methods to quantify potential battle damage from each synthesized mission plan, the announcement said.


Related stories:

‘Destructive’ cyberattacks ahead, NSA’s Alexander warns

DARPA’s new cyber tack: Think, act like a hacker


As with conventional warfare, it seems the Pentagon wants to have battle plans ready for any number of cyber scenarios.

DARPA emphasized that Plan X, which also carries the more formal title of “Foundational Cyberwarfare,” is not out to explore cyber vulnerabilities or create new cyber weapons — like the U.S.-Israeli program that reportedly produced Stuxnet, Duqu and Flame — but is intended “to create revolutionary technologies for understanding, planning, and managing cyberwarfare in real-time, large-scale, and dynamic network environments.”

Among the other goals of the program, according to the announcement, is to create automated analysis techniques for assessing the cyber battle space; develop operating systems and platforms that function in hostile environments, performing tasks such as monitoring battle damage, deploying weapons and adapting defense; and creating interactive visualizations of large-scale battle spaces.

DARPA has scheduled a Proposer’s Day Workshop for Sept. 27 that will include an afternoon session classified as secret and open only to attendees with Defense Department Secret or higher clearance levels.

Pentagon leaders have been talking about the potential threats of cyber war for years, but recently those calls have become more urgent. In July, Gen. Keith Alexander, director of the National Security Agency, warned about the potential for cyberattacks in calling for greater information sharing between the public and private sectors.

In April, a panel of cybersecurity experts, also pushing for strong legislation that would help improve the nation’s cyber defense, told a House subcommittee that a major attack was “inevitable.”

And the appearance of Stuxnet, described as the first weaponized malware for the damage it did to Iranian nuclear processing, also has raised fears that similar programs could be used against the United States.

China’s apparent role in a number of cyberattacks and breaches involving both government and private-sector organizations — and potential threats from other countries such as Russia and Iran — has also contributed to concerns that cyberspace has become an active battlefield.

With Plan X, DARPA is recognizing that cyber altercations are becoming an everyday thing.

Reader Comments

Thu, Aug 23, 2012 George Kincer TN

Plan X seems to be nothing more than the type of efforts expended during the cold war where in atomic tests were conducted to perfect predictive models to be used in planning for the eventual atomic attack on the U.S. (It has not happened yet.) The predictive models work and are used today for weather forecasting, environmental hazards and global warming. When we can assess the damage caused then appropriate responses can be defined, but before that happens there needs to be a legal/moral framework established. If you don’t define right and wrong, how can you gauge what is an appropriate or adequate response.

Thu, Aug 23, 2012

"With Plan X, DARPA is recognizing that cyber altercations are becoming an everyday thing." Does this mean that the United States is willing to accept hostile and damaging actions against our military and industrial infrastructure as normal? When do these attacks constitute an Act of War sufficient to elicit a physical response against the perpetrators? Are we discriminating these attacks among nuisance acts, criminal acts, state-sponsored acts and terrorist acts and dealing with them appropriately? When do we take severe public action to demonstrate to would be perpetrators of whatever ilk that we won't stand for this crap anymore? We are being too nice. Lock them up, shut them down, go after them like we have been doing with the spammers - only with greater determination and effect.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above