DARPA's new cyber tack: Think, act like a hacker

The Defense Department is taking a page from the hacker’s playbook to launch a series of research programs to provide warfighters and federal employees with the tools to counter the threats they encounter online.

The new programs were discussed at the Defense Advanced Research Projects Agency’s Cyber Colloquium in Arlington, Va., Nov 7. Some of the projects underway at DARPA look at new ways to develop and fund cyber programs, fight cyber warfare, study malware, provide new forms of user identification and to search out insider threats.

The goal of DARPA’s Cyber Fast Track program is to fund small groups of researchers, and sometimes individuals, to develop new cyber technologies, said Program Manager Peiter Zatko. The programs are designed to be approved rapidly, often in less than a week, and to run only a few months, he said. The idea is to emulate how small software development teams work on projects in the online developer and hacker worlds to both encourage creativity and get rapid results.

Related stories:

DOD is looking to fund a few good hackers

Cyber war: How close are we to the real thing?

DARPA is also working on new ways to fight in cyberspace, such as its Foundational Cyberwarfare program. That program's manager, Daniel Roelker, said the effort seeks to develop technical skills and techniques for cyber combat. The program will examine areas such as network analysis, planning and execution, cyber warfare platform development and visualization that allows commanders to view the cyber domain, he said.

Another new program is named Cyber Genome. Its goal is to apply analysis to strains of malware to track their origins, said Program Manager Timothy Fraser. Malware writers often reuse pieces of code in their programs. By studying different bits of old code in malware, Cyber Genome may help analysts determine the origins and pedigrees of different strains of malware, he said.

Security and securing networks remains a key part of cyber operations. One program, Beyond Passwords, looks at new ways to provide user authentication by having computers assess users' identities through several methods, from biometrics to how users search and click with a mouse. But the goal is to move away from passwords, a security weak point. “Humans aren’t built to recognize long strings of characters,” Program Manager Richard Guidorizzi said about the long and cumbersome DOD passwords his program seeks to replace.

Humans are also a source for unwitting and potentially malicious insider threats. The Anomaly Detection At Multiple Scales program is an attempt to analyze and counter insider threats, said Program Manager Rand Walzman. The project looks at four areas of online user behavior: topic analysis, system use, social interactions and networks, and user psychological state, he said.


  • automated processes (Nikolay Klimenko/Shutterstock.com)

    How the Army’s DORA bot cuts manual work for contracting professionals

    Thanks to robotic process automation, the time it takes Army contracting professionals to determine whether prospective vendors should receive a contract has been cut from an hour to just five minutes.

  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

Stay Connected