DARPA still seeking to lay foundation for cybersecurity
The Pentagon's research arm wants to take "whole classes of vulnerabilities" off the table when it comes to cybersecurity.
DARPA Director Arati Prabhakar said the agency is focused on technologies that will outpace cyberthreats.
Decades after getting to work on computing technology, the Defense Advanced Research Projects Agency is still trying to shore up the foundations of IT security.
DARPA's objective in cybersecurity remains laying "a foundation for technologies that will outpace the growth of the threat," DARPA Director Arati Prabhakar said Oct. 8 at a Christian Science Monitor Passcode conference. Doing that means taking "whole classes of vulnerabilities off the table" and scaling defense techniques at machine speed to remove the human from the equation, she added.
The Defense Department's cyber capabilities are to some degree reliant on DARPA investments. About $58 million of DARPA's fiscal 2015 budget funded a cyber sciences project that seeks to ensure that the Pentagon's cyber capabilities "survive adversary attempts to degrade, disrupt or deny military computing, communications and networking systems," according to the DOD comptroller.
The Internet of Things poses a stiff test for DARPA's efforts to strengthen the web's underlying security. Devices that fall under the heading of IoT, which are built to connect automatically to increasingly ubiquitous Wi-Fi connections without security in mind, are "horrible," Prabhakar said.
"I think the Internet of Things is either going to figure out security and we will get all of the benefits that people are imagining, or it's going to be really painful," she added.
Although a July demonstration that a Jeep Cherokee could be hacked drew wide media attention, Prabhakar said that threat had been on her agency's radar for some time. She pointed to a DARPA program called High-Assurance Cyber Military Systems, whose goal is to scale techniques for securing operating systems. The program's source code is available on DARPA's open-source catalog, Prabhakar added.
Another DARPA program, Plan X, factors in the cyber dimension to armed conflicts. Noting that the Army has expressed interest in the $120 million program, she said she could see a day when soldiers would use Plan X to "be aware, for example, of a Wi-Fi router that has been previously implicated in an [improvised explosive device] attack."
For Prabhakar, there is almost no cybersecurity conundrum whose solution does not involve a slick gadget -- even the thorny issue of public/private information sharing. The agency's Brandeis program tries to build tools for compartmentalizing the use of private data in an effort to "change this really painful trade-off we have right now between privacy and security," she said.