Pentagon to Create New Cybersecurity Tools

Researchers are expected to unveil new tools allowing government organizations to quickly recover from “denial-of-service” attacks.

A top U.S. commander works on his computer inside a C-130 Hercules airplane on the way to Kabul. 
National Journal
Aliya Sternstein, Nextgov
Add to Briefcase
See more stories about...
Aliya Sternstein, Nextgov
Aug. 18, 2015, 8:18 a.m.

The Pentagon has in mind a three-pronged coun­ter­at­tack against a dec­ades-old form of cy­ber as­sault that con­tin­ues to para­lyze gov­ern­ment and in­dustry net­works, des­pite its low cost of some­times $10 a hit.

Be­gin­ning next spring, mil­it­ary-fun­ded re­search­ers are sched­uled to pro­duce new tools that would quickly en­able or­gan­iz­a­tions to bounce back from so-called dis­trib­uted deni­al-of-ser­vice at­tacks.

A re­cov­ery rate of at most 10 seconds is the goal, ac­cord­ing to the De­fense De­part­ment.

Today, at­tack­ers have a re­l­at­ively easy time aim­ing bogus traffic at com­puter serv­ers to knock them off­line. One reas­on is that com­puter sys­tems of­ten are con­sol­id­ated, mak­ing for a wide tar­get area. An­oth­er weak­ness is the pre­dict­able be­ha­vi­or of sys­tems that sup­port Web ser­vices. And fi­nally, cer­tain types of DDoS at­tacks that evince little ma­li­cious traffic go un­detec­ted.

Re­search­ers chosen by the De­fense Ad­vanced Re­search Pro­jects Agency will at­tempt to deny at­tack­ers such open­ings through a three-year pro­gram called Ex­treme DDoS De­fense, ac­cord­ing to Pentagon of­fi­cials. The tent­at­ive start date is April 1, 2016.

The sta­bil­ity of agency op­er­a­tions, bank­ing, on­line gam­ing and many oth­er daily activ­it­ies are at stake here.

A DDoS at­tack against Es­to­nia in 2007 al­legedly or­ches­trated by Rus­si­an-backed hack­ers downed gov­ern­ment and in­dustry In­ter­net ac­cess na­tion­wide for two weeks. More re­cently, crooks have be­gun of­fer­ing Lud­dites DDoS-for-hire ser­vices at sub­scrip­tion rates of $10-$300 a month, ac­cord­ing to journ­al­ist Bri­an Krebs.

Liz­ard Squad, a ma­jor pro­vider, al­legedly was be­hind sev­er­al per­sist­ent at­tacks on on­line gam­ing ser­vices Xbox and Play­Sta­tion. A string of 2011 cy­ber as­saults against Wall Street banks, in­clud­ing Cap­it­al One and Sun­Trust Banks, was at­trib­uted to Ir­a­ni­an hack­ers.

Just this month, at the an­nu­al Black Hat se­cur­ity con­fer­ence in Las Ve­gas, Trend Mi­cro re­search­ers said they ob­served at­tack­ers try­ing to over­power sys­tems in Wash­ing­ton that mon­it­or the phys­ic­al se­cur­ity of gas pumps. Luck­ily, the devices were fake “hon­ey­pot” traps.

“Re­sponses to DDoS at­tacks are too slow and manu­ally driv­en, with dia­gnos­is and for­mu­la­tion of fil­ter­ing rules of­ten tak­ing hours to for­mu­late and in­stan­ti­ate. In con­trast, mil­it­ary com­mu­nic­a­tion of­ten de­mands that dis­rup­tions be lim­ited to minutes or less,” DARPA of­fi­cials said in an Aug. 14 an­nounce­ment about the new pro­gram.

The fund­ing level for the pro­ject was not dis­closed but mul­tiple grants are ex­pec­ted to be awar­ded. In­ter­ested re­search­ers must sub­mit pro­pos­als by noon Oct. 13.

XD3 will en­deavor to thwart DDoS at­tacks by “dis­pers­ing cy­ber as­sets” in fa­cil­it­ies and on net­works, of­fi­cials said. Cur­rently, the prob­lem is that cloud com­put­ing ar­range­ments and oth­er crit­ic­al in­fra­struc­ture sys­tems “rely heav­ily on highly shared, cent­ral­ized serv­ers and data cen­ters,” they ad­ded.

The new tools also will try “dis­guising the char­ac­ter­ist­ics and be­ha­vi­ors of those as­sets” to com­plic­ate the plan­ning of DDoS launches, of­fi­cials said.

The trick with so-called “low-volume” DDoS at­tacks is they do not look like traffic over­loads. The ex­tern­al com­puter mes­sages seem be­nign but are ac­tu­ally ex­haust­ing a sys­tem’s memory or pro­cessors. One work­around here might be shar­ing in­form­a­tion among sys­tems that then can “de­cide col­lect­ively wheth­er at­tacks have oc­curred, and/or to de­term­ine what mit­ig­a­tions might be most ef­fect­ive,” of­fi­cials said.

One group of XD3 re­search­ers will be as­signed to in­spect the designs for un­in­ten­ded se­cur­ity holes.

Any­one want­ing to be a re­view­er must hold a top-secret clear­ance, ac­cord­ing to the con­tract rules.

“The ob­ject­ive of design re­views is the pro­act­ive iden­ti­fic­a­tion of weak­nesses and vul­ner­ab­il­it­ies that would re­duce the ef­fect­ive­ness of DDoS at­tack de­tec­tion or mit­ig­a­tion,” of­fi­cials said. The idea also is to “ap­prise per­formers of po­ten­tial DDoS at­tack meth­ods or fea­tures that they might not have con­sidered.”

What We're Following See More »
Sessions Pressured Wray to Fire Andrew McCabe
7 minutes ago

"Attorney General Jeff Sessions — at the public urging of President Donald Trump — has been pressuring FBI Director Christopher Wray to fire Deputy Director Andrew McCabe, but Wray threatened to resign if McCabe was removed, according to three sources with direct knowledge."

Tsumani Warning for Northern West Coast
43 minutes ago

"A tsunami warning was issued Tuesday for the Pacific Coast from Washington to Alaska after a major undersea earthquake hit southeast of Kodiak," with a magnitude reported by the USGS at 7.9 and the NWS as 8.2. "The warning was in effect for more than 3,000 miles of coastal zones north of the Washington border: British Columbia and Alaska’s entire southern shoreline including the Aleutian Islands."

Trump to Invite Macron For First State Visit
48 minutes ago

"Trump is expected to invite French President Emmanuel Macron to Washington for an official state visit later this year...While a date for the visit has not yet been officially set and the White House has not made an announcement, sources say that could come as soon as this week, while Trump attends the World Economic Forum in Davos."

Trump Signs Spending Bill
10 hours ago
Dems Agree to Take McConnell’s Deal
18 hours ago

Senate Minority Leader Chuck Schumer said he's accepting Majority Leader Mitch McConnell's offer to hold an immigration vote at a later date, "clearing the way for passage of a bill to reopen the federal government" today. "McConnell early Monday promised to take up an immigration bill that would protect an estimated 800,000 Dreamers from deportation, under an open amendment process, if Democrats would agree to end the government shutdown."


Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.