If you read this site regularly, or any other security-related site, hearing that some new hack has occurred, more personal data was leaked somewhere, or that new threats are being suspected against critical infrastructures should not come as much of a surprise. The latest in this never-ending series is a recent report in the Wall Street Journal pointing at Iran potentially being behind some intrusions detected in the power industry. Various gas and and oil companies believe that their control systems may have been compromised by IP addresses coming from Iran, and the possibility of such a critical infrastructure being compromised is obviously unnerving
The Pentagon is not sitting still as these attacks proliferate. All of these events are understandably causing people high up in the government to want a proper plan of action, and that’s what DARPA, the research arm of the Department of Defense, was tasked in constructing early last year. The project to create a cyber warfare defense infrastructure, a system that could monitor and respond to online attacks by foreign states or actors, was named Plan X.
Last autumn, Plan X was just starting to get underway and while they are still a long way from having a fully functional program, last week DARPA showed off what it had achieved so far to various high ranking members of the military, along with other government officials.
The first hurdle that DARPA needed to overcome was how to make cyber defense much easier for people who may not know how to create rootkits, or know whether a worm should attach itself to a system’s kernel or firmware. In the words of the researchers, they needed the interface to be as easy as World of Warcraft or Angry Birds. So during the first six months, they looked at many industries in order to get a new kind of interface for their system. They looked at well known gaming companies, Hollywood studios, and others to reinvent how a typical Network Operation Center (NOC) should look. Many ideas were considered, from virtual reality helmets to controlling botnets with gestures, using Microsoft Kinect.
While there were many interesting ideas, the execution of them was pretty weak. In the end, DARPA picked a giant touch screen table based on the PixelSense table. In their demonstration, generals could stand around the table and view a bunch of information about cyber attacks in real time. Nodes could be displayed at the touch of a button, and the display would constantly change to show the latest important information about the network. Of course this was a very early prototype, but it conveyed the message of what the future could look like for this type of work.
One example that the researchers gave was a mission to take down a new botnet. In this case, the table would show the mission name in the upper right corner of the screen. Then, each hacker team would be grouped together like battle squadrons, using names like Angry Squirrel or Battle Swarm. Each type of attack has a distinctive icon, such as a lightning bolt or a wrench. Right now, the focus is on technology to provide a much more intuitive interface to conduct these operations, and not on actual keyloggers, rootkits, or exploits.
So far the researchers spent $5 million on making this demo, out of the $110 million allocated to Plan X. The plan will take four years to come to fruition, and this coming August, the first contracts will be given out to create the actual working device. During the rest of the year, developers will be creating the software to run this table in “sprint” coding runs of six weeks, with an actual product launch set for early next year. According to the creators of this project, the goal is not to go on the offensive, but to protect the US critical online infrastructure.
So far, Plan X seems to be the first time that the U.S. government and the Pentagon are backing a single, large scale project to create brand new technologies in order to tackle the issue of online security. Will this project provide something of value? Let’s not forget that DARPA was in large part behind the invention of the Internet. To this day, many companies have their own NOCs functioning in basically the same way that they did a decade ago, using a number of seats with computer screens looking at logs from firewalls and IDS devices. If Plan X proves to provide a significant advantage to cyber defense, using an interface that makes tackling these attacks much quicker and easier, then it’s likely that in a few years, this technology will end up in the enterprise as well.