Pentagon to Create New Cybersecurity Tools

Researchers are expected to unveil new tools allowing government organizations to quickly recover from “denial-of-service” attacks.

A top U.S. commander works on his computer inside a C-130 Hercules airplane on the way to Kabul. 
National Journal
Aliya Sternstein, Nextgov
Add to Briefcase
Aliya Sternstein, Nextgov
Aug. 18, 2015, 8:18 a.m.

The Pentagon has in mind a three-pronged coun­ter­at­tack against a dec­ades-old form of cy­ber as­sault that con­tin­ues to para­lyze gov­ern­ment and in­dustry net­works, des­pite its low cost of some­times $10 a hit.

Be­gin­ning next spring, mil­it­ary-fun­ded re­search­ers are sched­uled to pro­duce new tools that would quickly en­able or­gan­iz­a­tions to bounce back from so-called dis­trib­uted deni­al-of-ser­vice at­tacks.

A re­cov­ery rate of at most 10 seconds is the goal, ac­cord­ing to the De­fense De­part­ment.

Today, at­tack­ers have a re­l­at­ively easy time aim­ing bogus traffic at com­puter serv­ers to knock them off­line. One reas­on is that com­puter sys­tems of­ten are con­sol­id­ated, mak­ing for a wide tar­get area. An­oth­er weak­ness is the pre­dict­able be­ha­vi­or of sys­tems that sup­port Web ser­vices. And fi­nally, cer­tain types of DDoS at­tacks that evince little ma­li­cious traffic go un­detec­ted.

Re­search­ers chosen by the De­fense Ad­vanced Re­search Pro­jects Agency will at­tempt to deny at­tack­ers such open­ings through a three-year pro­gram called Ex­treme DDoS De­fense, ac­cord­ing to Pentagon of­fi­cials. The tent­at­ive start date is April 1, 2016.

The sta­bil­ity of agency op­er­a­tions, bank­ing, on­line gam­ing and many oth­er daily activ­it­ies are at stake here.

A DDoS at­tack against Es­to­nia in 2007 al­legedly or­ches­trated by Rus­si­an-backed hack­ers downed gov­ern­ment and in­dustry In­ter­net ac­cess na­tion­wide for two weeks. More re­cently, crooks have be­gun of­fer­ing Lud­dites DDoS-for-hire ser­vices at sub­scrip­tion rates of $10-$300 a month, ac­cord­ing to journ­al­ist Bri­an Krebs.

Liz­ard Squad, a ma­jor pro­vider, al­legedly was be­hind sev­er­al per­sist­ent at­tacks on on­line gam­ing ser­vices Xbox and Play­Sta­tion. A string of 2011 cy­ber as­saults against Wall Street banks, in­clud­ing Cap­it­al One and Sun­Trust Banks, was at­trib­uted to Ir­a­ni­an hack­ers.

Just this month, at the an­nu­al Black Hat se­cur­ity con­fer­ence in Las Ve­gas, Trend Mi­cro re­search­ers said they ob­served at­tack­ers try­ing to over­power sys­tems in Wash­ing­ton that mon­it­or the phys­ic­al se­cur­ity of gas pumps. Luck­ily, the devices were fake “hon­ey­pot” traps.

“Re­sponses to DDoS at­tacks are too slow and manu­ally driv­en, with dia­gnos­is and for­mu­la­tion of fil­ter­ing rules of­ten tak­ing hours to for­mu­late and in­stan­ti­ate. In con­trast, mil­it­ary com­mu­nic­a­tion of­ten de­mands that dis­rup­tions be lim­ited to minutes or less,” DARPA of­fi­cials said in an Aug. 14 an­nounce­ment about the new pro­gram.

The fund­ing level for the pro­ject was not dis­closed but mul­tiple grants are ex­pec­ted to be awar­ded. In­ter­ested re­search­ers must sub­mit pro­pos­als by noon Oct. 13.

XD3 will en­deavor to thwart DDoS at­tacks by “dis­pers­ing cy­ber as­sets” in fa­cil­it­ies and on net­works, of­fi­cials said. Cur­rently, the prob­lem is that cloud com­put­ing ar­range­ments and oth­er crit­ic­al in­fra­struc­ture sys­tems “rely heav­ily on highly shared, cent­ral­ized serv­ers and data cen­ters,” they ad­ded.

The new tools also will try “dis­guising the char­ac­ter­ist­ics and be­ha­vi­ors of those as­sets” to com­plic­ate the plan­ning of DDoS launches, of­fi­cials said.

The trick with so-called “low-volume” DDoS at­tacks is they do not look like traffic over­loads. The ex­tern­al com­puter mes­sages seem be­nign but are ac­tu­ally ex­haust­ing a sys­tem’s memory or pro­cessors. One work­around here might be shar­ing in­form­a­tion among sys­tems that then can “de­cide col­lect­ively wheth­er at­tacks have oc­curred, and/or to de­term­ine what mit­ig­a­tions might be most ef­fect­ive,” of­fi­cials said.

One group of XD3 re­search­ers will be as­signed to in­spect the designs for un­in­ten­ded se­cur­ity holes.

Any­one want­ing to be a re­view­er must hold a top-secret clear­ance, ac­cord­ing to the con­tract rules.

“The ob­ject­ive of design re­views is the pro­act­ive iden­ti­fic­a­tion of weak­nesses and vul­ner­ab­il­it­ies that would re­duce the ef­fect­ive­ness of DDoS at­tack de­tec­tion or mit­ig­a­tion,” of­fi­cials said. The idea also is to “ap­prise per­formers of po­ten­tial DDoS at­tack meth­ods or fea­tures that they might not have con­sidered.”

What We're Following See More »
Kasowitz Out, John Dowd In
2 days ago

As the Russia investigation heats up, "the role of Marc E. Kasowitz, the president’s longtime New York lawyer, will be significantly reduced. Mr. Trump liked Mr. Kasowitz’s blunt, aggressive style, but he was not a natural fit in the delicate, politically charged criminal investigation. The veteran Washington defense lawyer John Dowd will take the lead in representing Mr. Trump for the Russia inquiry."

Trump Looking to Discredit Mueller
2 days ago

President Trump's attorneys are "actively compiling a list of Mueller’s alleged potential conflicts of interest, which they say could serve as a way to stymie his work." They plan to argued that Mueller is going outside the scope of his investigation, in inquiring into Trump's finances. They're also playing small ball, highlighting "donations to Democrats by some of" Mueller's team, and "an allegation that Mueller and Trump National Golf Club in Northern Virginia had a dispute over membership fees when Mueller resigned as a member in 2011." Trump is said to be incensed that Mueller may see his tax returns, and has been asking about his power to pardon his family members.

Why Yes, Mueller Is Looking into Trump Businesses
2 days ago

In addition to ties between Russia and the Trump campaign, Robert Mueller's team is also "examining a broad range of transactions involving Trump’s businesses as well as those of his associates, according to a person familiar with the probe. FBI investigators and others are looking at Russian purchases of apartments in Trump buildings, Trump’s involvement in a controversial SoHo development in New York with Russian associates, the 2013 Miss Universe pageant in Moscow, and Trump’s sale of a Florida mansion to a Russian oligarch in 2008, the person said. The investigation also has absorbed a money-laundering probe begun by federal prosecutors in New York into Trump’s former campaign chairman Paul Manafort."

Mueller Expands Probe to Trump Business Transactions
3 days ago

Special Counsel Robert Mueller's team is "is examining a broad range of transactions involving Trump’s businesses as well as those of his associates", including "Russian purchases of apartments in Trump buildings, Trump’s involvement in a controversial SoHo development with Russian associates, the 2013 Miss Universe pageant in Moscow and Trump’s sale of a Florida mansion to a Russian oligarch in 2008."

32 Million More Uninsured by 2026 if Obamacare Repealed
3 days ago

"A Senate bill to gut Obamacare would increase the number of uninsured people by 32 million and double premiums on Obamacare's exchanges by 2026, according to an analysis from the nonpartisan Congressional Budget Office. The analysis is of a bill that passed Congress in 2015 that would repeal Obamacare's taxes and some of the mandates. Republicans intend to leave Obamacare in place for two years while a replacement is crafted and implemented."


Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.