Pentagon officials are seeking $500 million for cutting-edge research that could help protect the department from emerging cyber threats.
Security experts give the department high marks on cybersecurity, but note that most of the Pentagon’s efforts have centered on immediate threats.
DARPA pushes the envelope on military research. Because it has no actual laboratories, the agency works closely with defense firms to experiment with groundbreaking technologies.
The $500 million will start with $50 million in 2012 if Congress signs on. The rest would be spread across the next four years.
The stakes are high for the Pentagon. Everything from classified data about military planning to the specs for advanced fighter jets and nuclear subs are stored on the Defense Department’s servers.
Pentagon brass want DARPA to “challenge conventional perspectives” on cyber threats, DARPA Deputy Director Kaigham Gabriel told The Hill in a recent interview.
“There is already really good cyber R&D going on within the department and the services,” Gabriel said. “Most of that is aimed at defenses against cyber attacks. But if that is all we do, it’s not clear we are convergent with the true nature of the threat.”
U.S. foes are routinely developing new tools for cyber attacks, experts say. That development is happening so fast, U.S. government entities and corporations are having a hard time keeping pace.
To not only keep up, but also anticipate enemy cyber capabilities down the road, “requires a completely different view,” Gabriel said.
The agency plans to start with “a clean-slate view” and hopes to partner with industry to develop cyber platforms “that will reverse that asymmetry” that now gives U.S. adversaries an advantage, he said.
The projects that will be funded by the DARPA cash infusion will allow its researchers to “step back and look forward,” as Gabriel put it.
For instance, the agency likely will do work aimed at determining whether “we can design computers with fundamentally different architectures,” he told The Hill. The idea behind such new mainframes would be to design them “so not one malware file could get into it.”
Another threat that the agency might examine is enemy attempts to access encrypted data.
Data typically is encrypted before it is shared on government networks. The problem is such files must be decrypted before users can make changes.
With its cyber research funding increase, DARPA will study whether the impossible is indeed possible.
Gabriel said cyber researchers recently set out to prove that there was no way to make edits to encrypted data. “But they actually proved the opposite,” he said.
As of now, however, “it is not practical or effective,” Gabriel said. “We want to see if we can make it more practical and more effective.”
DARPA officials have taken their plans to Capitol Hill, where Gabriel says “the reaction has been very, very positive.”
Gabriel explained agency officials’ approach with lawmakers this way: “We share our technical understanding in a way they see the exact nature of the problem, where the gaps are, and say, ‘Here are the ways we can get convergent with those threats.’ ”
For their part, senior lawmakers are still grappling with a laundry list of
cyber-related policy questions.
“What do we expect — or should we expect — if a bunch of malicious, or potentially malicious, packets come barreling toward that same factory or facility in cyberspace?” Rep. Mac Thornberry (R-Texas), chairman of the House Armed Services Emerging Threats and Capabilities subcommittee, said recently. “And then the question will be whether the Department of Defense or the federal government is able and is authorized to do what we expect.”
Thornberry added the federal government appears largely unprepared.
“Cyber is a new domain of vandalism, crime, espionage and, yes, warfare,” he said. “But we are not very well-equipped to deal with any of those challenges.”