DARPA gets serious with Internet security, schmoozes the dark side

WASHINGTON, D.C. -- The Defense Advanced Research Projects Agency (DARPA) had a big hand in creating the Internet and now its wants to get serious about protecting it.

At its Colloquium on Future Directions in Cyber Security this week, DARPA Director Regina Dugan said that since 2009, the agency has steadily increased its cyber research efforts and its budget submission for fiscal year 2012 increased cyber research funding by $88 million, from $120 million to $208 million. In addition, over the next five years, the agency plans to grow its top-line budget investment in cyber research from 8% to 12%.

MORE NEWS: The top 10 strategic technology trends for 2012

"DARPA's role in the creation of the Internet means we were party to the intense opportunities it created and share in the intense responsibility of protecting it. Our responsibility is to acknowledge and prepare to protect the Nation in this new environment," said Dugan. "We need more and better options. We will not prevail by throwing bodies or buildings at the challenges of cyberspace. Our assessment argues that we are capability limited, both offensively and defensively. We need to fix that."

The agency has been intently studying the cyber community to come up with what it calls the DARPA Cyber Analytic Framework which, among other things, found that over the past 20 years the effort and cost of information security software has grown exponentially -- from software packages with thousands of lines of code to packages with nearly 10 million lines of code. By contrast, over that same period, and across roughly 9,000 examples of viruses, worms, exploits and bots, the analysis revealed a nearly constant average of 125 lines of code for malware.

Dugan said the current U.S. approach to cybersecurity that layers security on top of a standard architecture is not working. "These efforts represent the wisdom of the moment. But if we continue only down the current path, we will not converge with the threat," she said.

So what to do? Well there are a number of ongoing efforts within DARPA that will move the cybersecurity effort forward. DARPA has built an expert cybersecurity teams composed of people from the "white hat" hacker community, academia, labs and nonprofits, and major commercial companies, in addition to the defense and intelligence communities.

It has also enlisted the help of security experts such as the inventor of L0phtCrack, a Microsoft password auditing tool, and ex-BBN scientist Peiter "Mudge" Zatko, who now runs a DARPA program called Cyber Fast Track that brings what he calls unique security technologies into the military realm.

"Having some of the best minds developing unique technologies and paying for what they do best is a key driver for Cyber Fast Track," Zatko told the Colloquium audience. "Within the first two months of the program we have received 30 submissions, we have funded eight of them and handled the negotiations for those within seven days -- four day has been the median. So we can now get prototypes delivered within months rather than years."

Other security experts enlisted include Dan Roelker, whose background includes a stint at Raytheon where he started the DC Black Ops security unit. He also helped start Sourcefire, the intrusion detection company, and was a lead Snort developer. For DARPA he is now developing what he calls offensive security software.

"The current hacker vs. hacker mentality doesn't work very well and it doesn't scale," Roelker said. One of the main areas his research is looking at is automation, where DARPA can develop technology that lets a single operator handle multiple security missions.

Still others, such as Tim Fraser, who came from Microsoft's anti-malware group, are looking at ways to exploit and reuse code from current malware strings. The idea, Fraser said, is to extract malware features, study their evolution of malware and come up with an automated way to compare malware components and rapidly figure what's old and what's new. That method would conserve analysts' time, reduce costs and let analysts concentrate on the new component of a threat, he stated.

Follow Michael Cooney on Twitter @nwwlayer8 and on Facebook.

Read more about wide area network in Network World's Wide Area Network section.