The Defense Advanced Research Project Agency (DARPA), whose Arpanet turned into the modern internet, sees a real catastrophe looming in the virtual world. As it stands, our cyber security basically isn’t up to the task of guarding against the havoc that hacking is already beginning to wreak.
It sure doesn’t seem like they’re just crying wolf; this week’s grim update on the recent hacking of the Office of Personnel Management revealed that it’s actually 25 million people whose sensitive information was stolen, up from a previous estimate of around 4 million.
To deal with the problem, the Pentagon wants to take virtual defense to a new, automated level, which would represent a fundamental shift. The Washington Post reports:
Today, most network protective systems are like fire alarms; they sound when there’s smoke, and then the firefighters arrive to extinguish the flames. But the Defense Advanced Research Projects Agency, dubbed the “Department of Mad Scientists,” envisions a massive, automated computer system that not only detects the smoke, but prevents the fire from happening in the first place — or snuffs it out almost immediately.
“The computer security industry is basically a bunch of automated detectors set up to let us know when it’s time to call the cavalry — those people who can do the job computers can’t,” said Michael Walker, a DARPA program manager. “And when we call in the cavalry, most of the time we’ve already lost.”
To build a fully automated, computer-driven system that would find bugs in software and patch them on its own, DARPA has invited teams from all over the country to compete in a major cyberbattle it calls the Grand Cyber Challenge, with a $2 million first prize.
The goal is to level a playing field that today is wildly in favor of hackers, Walker said. If a computer system could be envisioned as being 1 million miles long, he said, hackers only have to find a single crack, while “the defense has to guard the entire wall.”
The pace and the scale of hacks is getting scary, as the OPM hack starkly highlighted. There is an asymmetry between the capacity to attack in cyberspace and even the best currently available virtual defenses. The fact that NATO and the U.S., among others, have said that cyberattacks can in principle constitute acts of war does nothing to quell our concern about this issue.
Here’s hoping that the agency which created the internet can figure out how to keep it from turning into the front line of the future’s battles. Otherwise, we’ll be hearing about a lot more about things like high profile hacks of sensitive information and (though we happen to like this one) computer viruses that make Iranian nuclear centrifuges destroy themselves. Talk about opening Pandora’s box.