Pentagon to Create New Cybersecurity Tools

Researchers are expected to unveil new tools allowing government organizations to quickly recover from “denial-of-service” attacks.

A top U.S. commander works on his computer inside a C-130 Hercules airplane on the way to Kabul. 
National Journal
Aliya Sternstein, Nextgov
Add to Briefcase
See more stories about...
Aliya Sternstein, Nextgov
Aug. 18, 2015, 8:18 a.m.

The Pentagon has in mind a three-pronged coun­ter­at­tack against a dec­ades-old form of cy­ber as­sault that con­tin­ues to para­lyze gov­ern­ment and in­dustry net­works, des­pite its low cost of some­times $10 a hit.

Be­gin­ning next spring, mil­it­ary-fun­ded re­search­ers are sched­uled to pro­duce new tools that would quickly en­able or­gan­iz­a­tions to bounce back from so-called dis­trib­uted deni­al-of-ser­vice at­tacks.

A re­cov­ery rate of at most 10 seconds is the goal, ac­cord­ing to the De­fense De­part­ment.

Today, at­tack­ers have a re­l­at­ively easy time aim­ing bogus traffic at com­puter serv­ers to knock them off­line. One reas­on is that com­puter sys­tems of­ten are con­sol­id­ated, mak­ing for a wide tar­get area. An­oth­er weak­ness is the pre­dict­able be­ha­vi­or of sys­tems that sup­port Web ser­vices. And fi­nally, cer­tain types of DDoS at­tacks that evince little ma­li­cious traffic go un­detec­ted.

Re­search­ers chosen by the De­fense Ad­vanced Re­search Pro­jects Agency will at­tempt to deny at­tack­ers such open­ings through a three-year pro­gram called Ex­treme DDoS De­fense, ac­cord­ing to Pentagon of­fi­cials. The tent­at­ive start date is April 1, 2016.

The sta­bil­ity of agency op­er­a­tions, bank­ing, on­line gam­ing and many oth­er daily activ­it­ies are at stake here.

A DDoS at­tack against Es­to­nia in 2007 al­legedly or­ches­trated by Rus­si­an-backed hack­ers downed gov­ern­ment and in­dustry In­ter­net ac­cess na­tion­wide for two weeks. More re­cently, crooks have be­gun of­fer­ing Lud­dites DDoS-for-hire ser­vices at sub­scrip­tion rates of $10-$300 a month, ac­cord­ing to journ­al­ist Bri­an Krebs.

Liz­ard Squad, a ma­jor pro­vider, al­legedly was be­hind sev­er­al per­sist­ent at­tacks on on­line gam­ing ser­vices Xbox and Play­Sta­tion. A string of 2011 cy­ber as­saults against Wall Street banks, in­clud­ing Cap­it­al One and Sun­Trust Banks, was at­trib­uted to Ir­a­ni­an hack­ers.

Just this month, at the an­nu­al Black Hat se­cur­ity con­fer­ence in Las Ve­gas, Trend Mi­cro re­search­ers said they ob­served at­tack­ers try­ing to over­power sys­tems in Wash­ing­ton that mon­it­or the phys­ic­al se­cur­ity of gas pumps. Luck­ily, the devices were fake “hon­ey­pot” traps.

“Re­sponses to DDoS at­tacks are too slow and manu­ally driv­en, with dia­gnos­is and for­mu­la­tion of fil­ter­ing rules of­ten tak­ing hours to for­mu­late and in­stan­ti­ate. In con­trast, mil­it­ary com­mu­nic­a­tion of­ten de­mands that dis­rup­tions be lim­ited to minutes or less,” DARPA of­fi­cials said in an Aug. 14 an­nounce­ment about the new pro­gram.

The fund­ing level for the pro­ject was not dis­closed but mul­tiple grants are ex­pec­ted to be awar­ded. In­ter­ested re­search­ers must sub­mit pro­pos­als by noon Oct. 13.

XD3 will en­deavor to thwart DDoS at­tacks by “dis­pers­ing cy­ber as­sets” in fa­cil­it­ies and on net­works, of­fi­cials said. Cur­rently, the prob­lem is that cloud com­put­ing ar­range­ments and oth­er crit­ic­al in­fra­struc­ture sys­tems “rely heav­ily on highly shared, cent­ral­ized serv­ers and data cen­ters,” they ad­ded.

The new tools also will try “dis­guising the char­ac­ter­ist­ics and be­ha­vi­ors of those as­sets” to com­plic­ate the plan­ning of DDoS launches, of­fi­cials said.

The trick with so-called “low-volume” DDoS at­tacks is they do not look like traffic over­loads. The ex­tern­al com­puter mes­sages seem be­nign but are ac­tu­ally ex­haust­ing a sys­tem’s memory or pro­cessors. One work­around here might be shar­ing in­form­a­tion among sys­tems that then can “de­cide col­lect­ively wheth­er at­tacks have oc­curred, and/or to de­term­ine what mit­ig­a­tions might be most ef­fect­ive,” of­fi­cials said.

One group of XD3 re­search­ers will be as­signed to in­spect the designs for un­in­ten­ded se­cur­ity holes.

Any­one want­ing to be a re­view­er must hold a top-secret clear­ance, ac­cord­ing to the con­tract rules.

“The ob­ject­ive of design re­views is the pro­act­ive iden­ti­fic­a­tion of weak­nesses and vul­ner­ab­il­it­ies that would re­duce the ef­fect­ive­ness of DDoS at­tack de­tec­tion or mit­ig­a­tion,” of­fi­cials said. The idea also is to “ap­prise per­formers of po­ten­tial DDoS at­tack meth­ods or fea­tures that they might not have con­sidered.”

What We're Following See More »
U.S. May House 20K Immigrants on Military Bases
1 days ago

"The United States is preparing to shelter as many as 20,000 migrant children on four American military bases" in Texas and Arkansas, "as federal officials struggled to carry out President Trump’s order to keep immigrant families together after they are apprehended at the border."

Vote on Compromise Immigration Bill Gets Bumped to Next Week
1 days ago

"House Republican leaders are further delaying a vote on a compromise immigration bill, planning to make changes to the legislation for a vote next week. The news comes after a two-hour Republican Conference meeting Thursday, in which authors of the bill walked through its contents and members raised concerns about issues the bill doesn’t address, multiple GOP lawmakers said. Many members requested the addition of a provision to require employers to use the E-Verify database to cheek the legal status of their employees."

Conservative Immigration Bill Goes Down to Defeat
1 days ago

After a conservative-backed immigration bill failed in the House, 193-231, leaders "postponed a vote on a 'compromise' immigration proposal until Friday. ... GOP leaders, however, are under no impression that they'll be able to secure the 218 votes needed in the next 24 hours to pass the text. Rather, the delay is to give members more time to read the bill."

Immigration Votes May Get Delayed Until Friday
1 days ago
Prosecutions of Families with Children at Border to Cease
1 days ago

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.