mead cohen berger shevtsova garfinkle michta grygiel blankenhorn
Cyberdefense
The Internet’s Creators Sound the Cybersecurity Alarm

The Defense Advanced Research Project Agency (DARPA), whose Arpanet turned into the modern internet, sees a real catastrophe looming in the virtual world. As it stands, our cyber security basically isn’t up to the task of guarding against the havoc that hacking is already beginning to wreak.

It sure doesn’t seem like they’re just crying wolf; this week’s grim update on the recent hacking of the Office of Personnel Management revealed that it’s actually 25 million people whose sensitive information was stolen, up from a previous estimate of around 4 million.

To deal with the problem, the Pentagon wants to take virtual defense to a new, automated level, which would represent a fundamental shift. The Washington Post reports:

Today, most network protective systems are like fire alarms; they sound when there’s smoke, and then the firefighters arrive to extinguish the flames. But the Defense Advanced Research Projects Agency, dubbed the “Department of Mad Scientists,” envisions a massive, automated computer system that not only detects the smoke, but prevents the fire from happening in the first place — or snuffs it out almost immediately.

“The computer security industry is basically a bunch of automated detectors set up to let us know when it’s time to call the cavalry — those people who can do the job computers can’t,” said Michael Walker, a DARPA program manager. “And when we call in the cavalry, most of the time we’ve already lost.”

To build a fully automated, computer-driven system that would find bugs in software and patch them on its own, DARPA has invited teams from all over the country to compete in a major cyberbattle it calls the Grand Cyber Challenge, with a $2 million first prize.

The goal is to level a playing field that today is wildly in favor of hackers, Walker said. If a computer system could be envisioned as being 1 million miles long, he said, hackers only have to find a single crack, while “the defense has to guard the entire wall.”

The pace and the scale of hacks is getting scary, as the OPM hack starkly highlighted. There is an asymmetry between the capacity to attack in cyberspace and even the best currently available virtual defenses. The fact that NATO and the U.S., among others, have said that cyberattacks can in principle constitute acts of war does nothing to quell our concern about this issue.

Here’s hoping that the agency which created the internet can figure out how to keep it from turning into the front line of the future’s battles. Otherwise, we’ll be hearing about a lot more about things like high profile hacks of sensitive information and (though we happen to like this one) computer viruses that make Iranian nuclear centrifuges destroy themselves. Talk about opening Pandora’s box.

Features Icon
Features
show comments
  • FriendlyGoat

    There are not too many things more important than this. We really do not want the exceptional nation (no, I’m being serious with that word, not snarky) converted suddenly into something like a beached whale. We know that we have adversaries. We know we have vulnerabilities. There is no reason to wait and price had better not be an obstacle on this one. Even conservatives are going to think this is a great reason to spend a lot of government money, printed or whatever.

    • f1b0nacc1

      OK, I am a conservative who believes that this would be an excellent place to spend money. Are YOU a liberal who is willing to concede that the work should be done by qualified groups, not simply the usual mass of set-asides and AA retreads? Are you willing to have real live standards applied to the work and have those that cannot hack it (forgive the pun) fired?
      If not, you aren’t serious, you are just looking for talking points.

      • FriendlyGoat

        Will wonders never cease? I’m with you on this. We should hire the best, period, and the private sector would be a fine place to get them, provided of course, that the private sector contractors do not become the source of leaks, pre-engineered weaknesses, hacks or theft themselves. We do recall, for instance, that Edward Snowden was a smart guy hired by a supposedly-smart contractor, not a public-sector hire.

        As a liberal, I do still support net neutrality, of course. But the cyber games are very serious cat and mouse stuff for the rest of our lives. (Or maybe more like Boris vs. Bullwinkle and Rocky.) We really need to waste no time and spare no expense on moving to “next-gen” again and again. The stakes are higher than most people imagine, I think.

  • rocinante

    Goat, there are very many things important this. Getting the debt down, getting unemployment down would be a few things. But the reason that this will not be a big priority because security is a double edged sword. The government wants less security, so they can read your email. texts and tweets. Companies want to track you so they can sell you stuff, which maybe a good thing.

    And so competing interests are going to make this issue less than paramount. I wish this weren’t so but it will be. You would think that after the OPM hack there would be something done to address that issue. All they can come up with is to fire the head of OPM. Wow, and that solves the problem completely. And these are the best and brightest minds in the government (they don’t think its snarky).

    What is so sad is that DARPA might come up with a process but there will be some bureaucrat or group of bureaucrats that will make certain it never gets implemented. Why, because it does not help them, because they would be out of a job.

    • FriendlyGoat

      We could get both the debt and unemployment down by stopping all future high-end tax cuts and reversing some we have already done which had the reverse effect of how they were “advertised” from the right. But that’s not the subject.

      We need to understand that if the electric power goes off in this country, we have no economy and no security. If business, market and bank networks go down, we have utter chaos. If the military is successfully hacked or thwarted in cyberspace, we have no weapons or defense. It’s a big dang deal. Did I mention “big”?

  • f1b0nacc1

    As long as you have security programs being overseen by political appointees with no computer background (and there are no penalties for ignoring basic security procedures), none of this will make much difference. We have literally thousands of obsolete applications running on insecure platforms in wide open environments accessed by organ-donors who leave their passwords taped to their monitors. We hire innumerable contractors with questionable backgrounds from politically connected companies who then outsource the work to foreign nationals (this is how Chinese nationals IN CHINA had root access to some of the OPM boxes), and the ‘crats just keep signing the waivers and pretending that all is well.
    When people start losing their jobs (not being allowed to resign) and going to jail, things MAY change…until then, don’t expect much.

© The American Interest LLC 2005-2016 About Us Masthead Submissions Advertise Customer Service