DARPA’s Plan X to bring ‘military mindset’ to cyber-war
DARPA’s Plan X to bring ‘military mindset’ to cyber-war | ExtremeTech
Ask most “real” computer security experts, the guys and gals who have been cracking and/or protecting networks since before Windows were NT, and they’ll tell you the best way to protect a network is simply to know everything about it. They take pride in being able to quickly navigate arcade database structures and monitor access using only a text-based interface — but with virtually every organization of any real size now turning to computer security experts to protect their business, these sorts of security hardcores are getting washed out by snot-nosed millennials who think Unix is how you used to play Ubisoft games online.
That’s especially true in the military, which misses a good portion of the libertarian-minded hacking set right off the bat. What is the biggest military in the world to do, when one of the most important upcoming industries simply can’t provide the volume of talent they require to keep their operations safe?
DARPA’s Plan X is an attempt to answer that question.
Plan X takes a very simple approach to solving the talent crisis: Rather than increasing the amount of talent being produced (this has been tried for several years), instead try simply lowering the amount of talent needed to do the job. The goal is to make basic monitoring of network security a whole lot more approachable, using an intuitive user interface and easily digested symbology to make it easy — and, more importantly, quick — to keep tabs on the source and type of any access to a particular network.
This includes, but is not limited to, interactive touchscreen interfaces, and
Oculus-powered VR info-spaces. With easily digested information presented in a creative way, even someone with minimal training should be able to tell the difference between anomalous, non-threatening activity (like an automatic software update) and anomalous, threatening activity (like a cyberattack by
Chinese government hackers). Plan X would make flags for malicious activity as obvious as possible, by changing the color of an icon or even animating it to pulsate menacingly.
Of course, in order to animate an icon differently, Plan X has to have already identified it as under attack, or at least questionable activity — meaning that Plan X is fundamentally an automated security effort with a heavy emphasis on human supervision. Once the threat is identified, all the operator would need to do is drag the appropriate response tool over the offending node in the network, and let Plan X do the rest.
Overall, DARPA wants to make cyber-warfare a lot more like “kinetic” warfare, the fast, aggressive style of conventional combat which the US has been slowly perfecting for several decades. DARPA describes it as “bringing the military operational mindset” to computer security, which seems to mean that basic network monitoring might soon be able to be farmed out to disinterested Privates, a cyber version of sentry duty. For a fighting force that prides itself on agility and adaptability, the sluggish helplessness they often display in the face of cyber-warfare threats is, evidently, quite galling.
DARPA
recently held a “hackathon” to get security experts to help improve its security measures. These are the “real” security gurus mentioned above, and their contributions will go to improving the basic algorithms at the heart of Plan X. They mostly contributed ideas and software designed to identify malicious activity in a complex network. They’ve also collaborated with design firms to create novel (and media-friendly) data visualizations, like the conceptual demonstration shown off using the Oculus Rift.
The official
project page for Plan X states somewhat defensively: “Plan X will not develop cyber offensive technologies or effects. National policymakers, not
DARPA, will determine how the cyber capabilities developed under Plan X will be employed to serve the national security interests of the United States.” That’s certainly true, though by designing the platform they dictate how it can be deployed.
The bigger issue is: how long will the logic behind Project X continue to put value on having an under-trained recruit at the end of the decision-making process? If Plan X is suggesting the best response to a particular issue, and time is of the essence in stopping an infiltration, why not just let Plan X deploy the appropriate countermeasure automatically? Aside from providing someone to blame should something go wrong, why should they choose to continue to put up with human fallibility?
High level security will probably always have to involve a highly skilled, creative specialist working in real time to stop real-time threats. But basic network monitoring and simple, reflexive reactions don’t necessarily require that sort of expertise. If DARPA is successful in creating a set of algorithms that can make basic network security at least mostly automatic, the next big question will become when the general public will get its hands on the code.