The networks of government agencies and the military are under constant attack from a variety of sources, and the U.S., like most other countries, relies on those networks to not just run daily operations, but to support missions around the world. In the face of those attacks, the Department of Defense’s advanced research group, DARPA, is looking for new technologies that can collect and analyze massive amounts of network data and enable security teams to get quick reads on attacks happening across a broad, department-level network.
DARPA has taken on a major role in recent years in the search for new technologies to defend the country’s own networks and to help the U.S. military conduct offensive cyber operations. Last month, for example, the agency announced that it was looking for research proposals to help shore up the military’s cyberwar capabilities. Known as Plan X, the DARPA initiative is designed to develop and deploy an entirely new set of technologies.
“Specifically excluded is research that primarily results in evolutionary improvements to the existing state of practice,” the agency’s announcement said.
In August 2012, the Air Force put out an even more plainly worded solicitation, saying that the agency was looking for offensive cybersecurity technologies that would enable the Air Force to “destroy, deny, degrade, disrupt, deceive, corrupt, or usurp the adversaries [sic] ability to use the cyberspace domain for his advantage.”
That Air Force cyberwarfare solicitation was among the first handful of public acknowledgments that the military and the U.S. government in general is actively looking for help in not just defending its own networks but also with attacking those owned by hostile nations. The latest broad-agency announcement from DARPA is somewhat less specific than the earlier ones, but it opens a small window into the way that government officials are thinking about these problems and what potential solutions they’re seeking.
The DARPA Cyber Targeted-Attack Analyzer program is designed to “to automatically correlate all of a network’s disparate data sources—even those that are as large and complex as those within the DoD — to understand how information is connected as the network grows, shifts and changes.” That’s a tall order, and one that security teams in large enterprises have been trying to fill for years now. Large networks like those that the DoD operates constantly expand, contract and morph as new devices and capabilities are added and removed. The various security and performance-monitoring systems attached to the networks collect massive amounts of data on a daily basis, and the challenge for security teams is finding the few nuggets in that pile that actually matter at any given time.
DARPA officials are hoping that someone–or more likely, a group of companies–can build a system to accomplish that task.
“The Cyber Targeted-Attack Analyzer program relies on a new approach to security, seeking to quickly understand the interconnections of the systems within a network without a human having to direct it,” said Richard Guidorizzi, DARPA program manager. “Cyber defenders should then be capable of more quickly discovering attacks hidden in normal activities.
DARPA plans to issue the BAA for this program within the next month or so.