WASHINGTON, D.C. -- The Defense Advanced Research Projects Agency (DARPA) had a big hand in creating the Internet and now its wants to get serious about protecting it.
At its Colloquium on Future Directions in Cyber Security this week, DARPA Director Regina Dugan said that since 2009, the agency has steadily increased its cyber research efforts and its budget submission for fiscal year 2012 increased cyber research funding by $88 million, from $120 million to $208 million. In addition, over the next five years, the agency plans to grow its top-line budget investment in cyber research from 8% to 12%.
"DARPA's role in the creation of the Internet means we were party to the intense opportunities it created and share in the intense responsibility of protecting it. Our responsibility is to acknowledge and prepare to protect the Nation in this new environment," said Dugan. "We need more and better options. We will not prevail by throwing bodies or buildings at the challenges of cyberspace. Our assessment argues that we are capability limited, both offensively and defensively. We need to fix that."
The agency has been intently studying the cyber community to come up with what it calls the DARPA Cyber Analytic Framework which, among other things, found that over the past 20 years the effort and cost of information security software has grown exponentially -- from software packages with thousands of lines of code to packages with nearly 10 million lines of code. By contrast, over that same period, and across roughly 9,000 examples of viruses, worms, exploits and bots, the analysis revealed a nearly constant average of 125 lines of code for malware.
Dugan said the current U.S. approach to cybersecurity that layers security on top of a standard architecture is not working. "These efforts represent the wisdom of the moment. But if we continue only down the current path, we will not converge with the threat," she said.
So what to do? Well there are a number of ongoing efforts within DARPA that will move the cybersecurity effort forward. DARPA has built an expert cybersecurity teams composed of people from the "white hat" hacker community, academia, labs and nonprofits, and major commercial companies, in addition to the defense and intelligence communities.
It has also enlisted the help of security experts such as the inventor of L0phtCrack, a Microsoft password auditing tool, and ex-BBN scientist Peiter "Mudge" Zatko, who now runs a DARPA program called Cyber Fast Track that brings what he calls unique security technologies into the military realm.
"Having some of the best minds developing unique technologies and paying for what they do best is a key driver for Cyber Fast Track," Zatko told the Colloquium audience. "Within the first two months of the program we have received 30 submissions, we have funded eight of them and handled the negotiations for those within seven days -- four day has been the median. So we can now get prototypes delivered within months rather than years."
Sign up for CIO Asia eNewsletters.