DARPA still seeking to lay foundation for cybersecurity
- By Sean Lyngaas
- Oct 08, 2015
DARPA Director Arati Prabhakar said the agency is focused on technologies that will outpace cyberthreats.
Decades after getting to work on computing technology, the Defense Advanced Research Projects Agency is still trying to shore up the foundations of IT security.
DARPA's objective in cybersecurity remains laying "a foundation for technologies that will outpace the growth of the threat," DARPA Director Arati Prabhakar said Oct. 8 at a Christian Science Monitor Passcode conference. Doing that means taking "whole classes of vulnerabilities off the table" and scaling defense techniques at machine speed to remove the human from the equation, she added.
The Defense Department's cyber capabilities are to some degree reliant on DARPA investments. About $58 million of DARPA's fiscal 2015 budget funded a cyber sciences project that seeks to ensure that the Pentagon's cyber capabilities "survive adversary attempts to degrade, disrupt or deny military computing, communications and networking systems," according to the DOD comptroller.
The Internet of Things poses a stiff test for DARPA's efforts to strengthen the web's underlying security. Devices that fall under the heading of IoT, which are built to connect automatically to increasingly ubiquitous Wi-Fi connections without security in mind, are "horrible," Prabhakar said.
"I think the Internet of Things is either going to figure out security and we will get all of the benefits that people are imagining, or it's going to be really painful," she added.
Although a July demonstration that a Jeep Cherokee could be hacked drew wide media attention, Prabhakar said that threat had been on her agency's radar for some time. She pointed to a DARPA program called High-Assurance Cyber Military Systems, whose goal is to scale techniques for securing operating systems. The program's source code is available on DARPA's open-source catalog, Prabhakar added.
Another DARPA program, Plan X, factors in the cyber dimension to armed conflicts. Noting that the Army has expressed interest in the $120 million program, she said she could see a day when soldiers would use Plan X to "be aware, for example, of a Wi-Fi router that has been previously implicated in an [improvised explosive device] attack."
For Prabhakar, there is almost no cybersecurity conundrum whose solution does not involve a slick gadget -- even the thorny issue of public/private information sharing. The agency's Brandeis program tries to build tools for compartmentalizing the use of private data in an effort to "change this really painful trade-off we have right now between privacy and security," she said.
Sean Lyngaas is an FCW staff writer covering defense, cybersecurity and intelligence issues. Prior to joining FCW, he was a reporter and editor at Smart Grid Today, where he covered everything from cyber vulnerabilities in the U.S. electric grid to the national energy policies of Britain and Mexico. His reporting on a range of global issues has appeared in publications such as The Atlantic, The Economist, The Washington Diplomat and The Washington Post.
Lyngaas is an active member of the National Press Club, where he served as chairman of the Young Members Committee. He earned his M.A. in international affairs from The Fletcher School of Law and Diplomacy at Tufts University, and his B.A. in public policy from Duke University.
Click here for previous articles by Lyngaas, or connect with him on Twitter: @snlyngaas.