Pentagon to Create New Cybersecurity Tools

Researchers are expected to unveil new tools allowing government organizations to quickly recover from “denial-of-service” attacks.

A top U.S. commander works on his computer inside a C-130 Hercules airplane on the way to Kabul. 
National Journal
Aliya Sternstein, Nextgov
Add to Briefcase
See more stories about...
Aliya Sternstein, Nextgov
Aug. 18, 2015, 8:18 a.m.

The Pentagon has in mind a three-pronged coun­ter­at­tack against a dec­ades-old form of cy­ber as­sault that con­tin­ues to para­lyze gov­ern­ment and in­dustry net­works, des­pite its low cost of some­times $10 a hit.

Be­gin­ning next spring, mil­it­ary-fun­ded re­search­ers are sched­uled to pro­duce new tools that would quickly en­able or­gan­iz­a­tions to bounce back from so-called dis­trib­uted deni­al-of-ser­vice at­tacks.

A re­cov­ery rate of at most 10 seconds is the goal, ac­cord­ing to the De­fense De­part­ment.

Today, at­tack­ers have a re­l­at­ively easy time aim­ing bogus traffic at com­puter serv­ers to knock them off­line. One reas­on is that com­puter sys­tems of­ten are con­sol­id­ated, mak­ing for a wide tar­get area. An­oth­er weak­ness is the pre­dict­able be­ha­vi­or of sys­tems that sup­port Web ser­vices. And fi­nally, cer­tain types of DDoS at­tacks that evince little ma­li­cious traffic go un­detec­ted.

Re­search­ers chosen by the De­fense Ad­vanced Re­search Pro­jects Agency will at­tempt to deny at­tack­ers such open­ings through a three-year pro­gram called Ex­treme DDoS De­fense, ac­cord­ing to Pentagon of­fi­cials. The tent­at­ive start date is April 1, 2016.

The sta­bil­ity of agency op­er­a­tions, bank­ing, on­line gam­ing and many oth­er daily activ­it­ies are at stake here.

A DDoS at­tack against Es­to­nia in 2007 al­legedly or­ches­trated by Rus­si­an-backed hack­ers downed gov­ern­ment and in­dustry In­ter­net ac­cess na­tion­wide for two weeks. More re­cently, crooks have be­gun of­fer­ing Lud­dites DDoS-for-hire ser­vices at sub­scrip­tion rates of $10-$300 a month, ac­cord­ing to journ­al­ist Bri­an Krebs.

Liz­ard Squad, a ma­jor pro­vider, al­legedly was be­hind sev­er­al per­sist­ent at­tacks on on­line gam­ing ser­vices Xbox and Play­Sta­tion. A string of 2011 cy­ber as­saults against Wall Street banks, in­clud­ing Cap­it­al One and Sun­Trust Banks, was at­trib­uted to Ir­a­ni­an hack­ers.

Just this month, at the an­nu­al Black Hat se­cur­ity con­fer­ence in Las Ve­gas, Trend Mi­cro re­search­ers said they ob­served at­tack­ers try­ing to over­power sys­tems in Wash­ing­ton that mon­it­or the phys­ic­al se­cur­ity of gas pumps. Luck­ily, the devices were fake “hon­ey­pot” traps.

“Re­sponses to DDoS at­tacks are too slow and manu­ally driv­en, with dia­gnos­is and for­mu­la­tion of fil­ter­ing rules of­ten tak­ing hours to for­mu­late and in­stan­ti­ate. In con­trast, mil­it­ary com­mu­nic­a­tion of­ten de­mands that dis­rup­tions be lim­ited to minutes or less,” DARPA of­fi­cials said in an Aug. 14 an­nounce­ment about the new pro­gram.

The fund­ing level for the pro­ject was not dis­closed but mul­tiple grants are ex­pec­ted to be awar­ded. In­ter­ested re­search­ers must sub­mit pro­pos­als by noon Oct. 13.

XD3 will en­deavor to thwart DDoS at­tacks by “dis­pers­ing cy­ber as­sets” in fa­cil­it­ies and on net­works, of­fi­cials said. Cur­rently, the prob­lem is that cloud com­put­ing ar­range­ments and oth­er crit­ic­al in­fra­struc­ture sys­tems “rely heav­ily on highly shared, cent­ral­ized serv­ers and data cen­ters,” they ad­ded.

The new tools also will try “dis­guising the char­ac­ter­ist­ics and be­ha­vi­ors of those as­sets” to com­plic­ate the plan­ning of DDoS launches, of­fi­cials said.

The trick with so-called “low-volume” DDoS at­tacks is they do not look like traffic over­loads. The ex­tern­al com­puter mes­sages seem be­nign but are ac­tu­ally ex­haust­ing a sys­tem’s memory or pro­cessors. One work­around here might be shar­ing in­form­a­tion among sys­tems that then can “de­cide col­lect­ively wheth­er at­tacks have oc­curred, and/or to de­term­ine what mit­ig­a­tions might be most ef­fect­ive,” of­fi­cials said.

One group of XD3 re­search­ers will be as­signed to in­spect the designs for un­in­ten­ded se­cur­ity holes.

Any­one want­ing to be a re­view­er must hold a top-secret clear­ance, ac­cord­ing to the con­tract rules.

“The ob­ject­ive of design re­views is the pro­act­ive iden­ti­fic­a­tion of weak­nesses and vul­ner­ab­il­it­ies that would re­duce the ef­fect­ive­ness of DDoS at­tack de­tec­tion or mit­ig­a­tion,” of­fi­cials said. The idea also is to “ap­prise per­formers of po­ten­tial DDoS at­tack meth­ods or fea­tures that they might not have con­sidered.”

What We're Following See More »
Trump’s Sanctuary Cities Order Blocked
7 hours ago
Dems Proposes Obamacare-for-Defense Deal
7 hours ago

"An emerging government funding deal would see Democrats agree to $15 billion in additional military funding in exchange for the GOP agreeing to fund healthcare subsidies, according to two congressional officials briefed on the talks. Facing a Friday deadline to pass a spending bill and avert a shutdown, Democrats are willing to go halfway to President Trump’s initial request of $30 billion in supplemental military funding."

Michael Flynn Remains A Russian-Sized Problem
8 hours ago

The Michael Flynn story is not going away for the White House as it tries to refocus its attention. The White House has denied requests from the House Oversight Committee for information and documents regarding payments that the former national security adviser received from Russian state television station RT and Russian firms. House Oversight Chairman Jason Chaffetz and ranking member Elijah Cummings also said that Flynn failed to report these payments on his security clearance application. White House legislative director Marc Short argued that the documents requested are either not in the possession of the White House or contain sensitive information he believes is not applicable to the committee's stated investigation.

DC Area To Experience Terror Attack Drill Wednesday Morning
8 hours ago

The Washington, D.C. area will undergo "a full-scale exercise" Wednesday morning "designed to prepare for the possibility of a complex coordinated terror attack in the National Capital Region." The drill will take place at six different sites throughout the District of Columbia, Maryland, and Virginia. The drill should not be taken as a sign that emergency services are expecting an attack, said Scott Boggs, Managing Director of Homeland Security and Public Safety at the Metropolitan Washington Council of Governments.

Inauguration Committee Admits to Faulty Donor Records
9 hours ago

The Presidential Inaugural Committee "acknowledged late Monday that a final report it filed with the Federal Election Commission this month was riddled with errors, many of which were first identified through a crowdsourced data project at HuffPost." The committee raised about $100 million for the festivities, but the 500-page FEC report, which detailed where that money came from, was riddled with problems. The likely culprit: a system of access codes sent out by the GOP's ticketing system. Those codes were then often passed around on the secondary market.


Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.