I attended a DARPA cybersecurity workshop yesterday. Three program managers spoke about programs that I found especially interesting:
1) Dan Roelker. “His research and development interests relate to cyberwarfare strategy, remote software deployment, network control theory, and binary analysis.” Two programs of note:
a) “Foundational cyberwarfare.” This topic includes exploit research, network analysis, planning and execution, cyberwarfare platform development, and visualization.
b) “Binary executable transforms.” This topic is narrowly focused on low-level code analysis and modification tools.
2) Peiter ‘Mudge’ Zatko. He’s introduced a new program designed to award small amounts of funding (~$50K) for small efforts (~months) in as little as four days after proposal submission, a timescale that I think is pretty exciting. The program:
c) “Cyber fast track.” “The program will accept proposals for all types of cyber security research and development. Of particular interest are efforts with the potential to reduce attack surface areas, reverse current asymmetries, or that are strategic, rather than tactical in nature. Proposed technologies may be hardware, software, or any combination thereof.”
3) Tim Fraser. “He is interested in cyber-security, specifically in using automation to give cyber defenders the same advantages in scope, speed, and scale that are presently too-often enjoyed only by the cyber attacker.” He has an ongoing program:
d) “Moving malware research forward.” I know one of his performers (SENTAR Inc.), they are working on malware classification technology that can extract distinguishing features from malware.
700 people attended the workshop. Other noteworthy themes from the event:
- Across the board, DARPA seemed to be trying to be less quiet about its work on offensive cyber technologies — lending hope to our eventual ability to speak about such topics outside of a Top Secret darkroom. Several speakers (and me, previously) have mentioned that the CNE (computer network attack and exploitation) and CND (defense) sides of the house absolutely must inform each other to be effective. A speaker brought up the point that effective deterrence requires that your adversary understand what you are capable of.
- Richard Clarke gave a fascinating talk where he questioned the U.S.’s ability to wage physical war on other countries when our own critical infrastructure is so devastatingly susceptible to cyber attack and disruption by those other countries.
- He further stated that the only organization capable of defending the U.S. is the department of defense — that it is folly to rely on either the DHS or commercial entities themselves to adequately protect themselves against nation-state adversaries. Several people recommended that I read his new book, “Cyber War: The Next Threat to National Security and What to Do About It”.
- Several speakers suggested that there needs to be true repercussions for anyone (a person or a state) that perpetuates a cyber attack against the United States. This is an interesting legal position that I had not heard advanced before.
- Jim Gosler spoke to convey how we consistently underestimate the adversary, including his motives, resources, and capabilities. He gave an example of the Soviets successfully implanting keylogger-equivalents in typewriters in sensitive environments (project Gunman). If that is possible, anything is possible…and we need to adjust our thinking to what 100, or 1000, red teams could do in parallel with you as a target.