Saturday, June 25, 2011

Cyber-War Heats Up With Pentagon's Virtual Firing Range

From The Guardian and Common Dreams.org:

Published on Friday, June 17, 2011 by The Guardian/UK




Cyberwar Heats Up with Pentagon's Virtual Firing Range



National Cyber Range intended as replica of internet allowing US scientists to test defences against hackers



by Charles Arthur and agencies









The US defence agency that invented the forerunner to the internet is working on a "virtual firing range" intended as a replica of the real internet so scientists can mimic international cyberwars to test their defences.



Called the National Cyber Range, the system will help the Pentagon to train its own hackers and refine their skills to guard US information systems, both military and domestic. Of course, the system could also serve to test "offensive strategies".The US and Israel are believed to have collaborated on a sophisticated piece of malware called Stuxnet that targeted computers controlling Iran's nuclear centrifuge scheme. (Image: Scientific American) Called the National Cyber Range, the system will be ready by next year and will also help the Pentagon to train its own hackers and refine their skills to guard US information systems, both military and domestic.



The move marks another rise in the temperature of the online battlefield. The US and Israel are believed to have collaborated on a sophisticated piece of malware called Stuxnet that targeted computers controlling Iran's nuclear centrifuge scheme. Government-authorised hackers in China, meanwhile, are suspected to have been behind a number of attacks on organisations including the International Monetary Fund, French government and Google.



The Defense Advanced Research Projects Agency (Darpa), which developed Arpanet, the forerunner of the internet, in the 1960s, is working on a number of fronts to boost the US's defences against computer-generated attacks. Barack Obama has asked Congress for more than $250m (£154m) to fund Darpa's cyber initiatives in the coming year, double his fiscal 2011 request.



The National Cyber Range is expected to be working by mid 2012, four years after the Pentagon approached contractors to build it at an estimated $130m.



One of these companies is Lockheed Martin, the Pentagon's No 1 supplier by sales – and itself the target of what it called "a significant and tenacious" cyber-attack in May.



Lockheed, the US government's top information technology provider, was awarded a $30.8m contract in January 2010 to continue to develop a prototype. Johns Hopkins University's applied physics laboratory won a similar deal at that time.



Darpa will this summer select one of them to operate a prototype test range during a year-long test.



It will also help train cyberwarriors such as those in the American military's Cyber Command, ordered up by the secretary of defence, Robert Gates, in June 2009 after he concluded the threat of digital warfare had outgrown the country's existing defences.



The "firing range" actually will be a collection of "testbeds" that can carry out independent drills or be woven into one or more larger pieces, depending on the challenge. The range is to test such things as new network protocols, as well as satellite and radio frequency communications. A key goal is to run classified and unclassified experiments in quick succession "in days rather than the weeks it currently takes," said Eric Mazzacone, a Darpa spokesman.



That would require a system capable of being completely reset after an experiment, in which it can be reconfigured and all data purged from related memory, hard drives and storage devices. That ability to reboot and start over is central to the plan, keeping the facility available "at all times for both experimentation and training," without fear of corruption or compromise, Mazzacone said.



Darpa is also working on other plans to advance the US's cyber defences. A program known as Crash – for Clean-slate design of Resilient, Adaptive, Secure Hosts – seeks to design computer systems that evolve over time, making them harder for an attacker to target.



The Cyber Insider Threat program, or Cinder, would help monitor military networks for threats from within by improving detection of threatening behaviour from people authorised to use them. The problem has loomed large since Bradley Manning allegedly passed confidential state department documents to WikiLeaks, the anti-secrecy website.



Another is a Cyber Genome, aimed at automating the discovery, identification and characterisation of malicious code. That could help figure out who was behind a cyber-strike.



The US defence department, meanwhile, is preparing an expanded pilot programme to boost the sharing of cybersecurity information with the companies that provide it with arms, supplies and other services costing some $400bn a year. The new effort, like a predecessor that began in 2007, is voluntary and is aimed at protecting sensitive but unclassified information on or passing through computers owned by companies that make up what the Pentagon calls the "defence industrial base", or DIB.



About 35 companies took part in the initial programme, including Lockheed Martin, which said last month its computer networks had become "a frequent target of adversaries around the world".



The expanded "DIB Opt-In" program will be open to many more companies. It is "vital to the nation's military readiness and the government's overall efforts to enhance cybersecurity," air force lieutenant-colonel April Cunningham, a defence department spokeswoman, said in a statement to Reuters.



Ultimately, the new programme may be a step towards putting major Pentagon contractors behind military-grade network perimeter defences, like those that protect the Pentagon's own classified networks.



© 2011 Guardian News and Media Limited

No comments:

Post a Comment