Wednesday, October 1, 2014

October is National Cyber Security Awareness Month: DARPA Director Discusses Cyber Security Challenges

Jim Garamone at DoD News offers the below piece:

FORT MEADE, Md., Oct. 1, 2014 - The Defense Advanced Research Projects Agency is working on new ways to protect information and systems that use the Internet, said Arati Prabhakar (seen in the above DoD photo), the agency's director.

The current mode of protection "patch and pray" really doesn't work anymore, Prabhakar told the Washington Post's Cybersecurity Summit today.

DARPA is working to improve cyber security, and Prabhakar discussed the historical background as National Cyber Security Awareness Month kicked off.

The Agency's Early Days

The agency formed after the Soviet Union shocked the world with the launch of the world's first satellite in 1957. Many Americans believed the United States had lost the space race and Soviet domination of space threatened the existence of the free world.

President Dwight D. Eisenhower created DARPA in response to this threat. The agency mission was not to develop the next technology, but to leap ahead to a whole new generation of technology.

And the agency has been successful. DARPA developed what became the Internet and the first information began flowing on it in 1969. The Pentagon agency has been working on cyber security ever since.

Current Projects

One of the agency's projects is to build software that is not hackable. "What that means is there is a mathematical proof that this particular function can't be hacked from a pathway that wasn't intended," Prabhakar said in response to a reporter's question. "That won't solve the entire problem, but it might make it more manageable."

The idea, she said, is to reduce the attack surface hackers can approach.

DARPA is also plumbing the dark depths of the Internet to find those who want to do harm. "You start by creating a different way to look at this vast information environment," she said. A current project was based on the thesis that law enforcement might find a way to detect hidden networks that relate with hidden trafficking.

"We worked with law enforcement and found that the way they looked at the information space was the same way you or I would look at it," she said. "You know: a Google search, a single-threaded walk through this environment."

Finding Patterns

DARPA tools dig deep holes through the Web to find patterns and linkages among sites.

"We were able to find a set of phone numbers that were very heavily linked to each other in back page ads where the sex trade is advertised," she said. The agency gave 600 phone numbers to law enforcement, and they found "466 numbers that tied to criminal violations and they also found numbers that tied to fund transfers in the region around North Korea and they are working to find a human trafficking network."

New Moon Shot

One of the hardest challenges for cyber is maintaining web security while the information explosion continues. There are 3 billion people already on the Internet, and that will only increase, Prabhakar said. She feels the same pressure for solutions as the DARPA director who helped with the moon shot in the 1960s.

"The moon shot for cyber security, in my view, is to find techniques that scale faster than the explosion in information," she said.

It will not be a silver bullet, she said, but a combination of advancements where the cyber security problem will be manageable.

Incredible Challenges

This movement is already underway, Prabhakar said. "The most critical systems get the most critical focused attention, whether in DoD or throughout our economy. It is incredibly challenging technically and very challenging from a practical and policy perspective."

Prabhakar noted security would be absolute if the Internet was sealed off and only select people could use it.

"The power of information technology, and the reason we put up with all these problems, is that it is phenomenally capable for all the things that change how we live and how we work and how create national security," she said. "You don't want to cut out any of that capability off in the process of building cyber security."

No comments:

Post a Comment