Pentagon to Create New Cybersecurity Tools

Researchers are expected to unveil new tools allowing government organizations to quickly recover from “denial-of-service” attacks.

A top U.S. commander works on his computer inside a C-130 Hercules airplane on the way to Kabul. 
National Journal
Aug. 18, 2015, 8:18 a.m.

The Pentagon has in mind a three-pronged coun­ter­at­tack against a dec­ades-old form of cy­ber as­sault that con­tin­ues to para­lyze gov­ern­ment and in­dustry net­works, des­pite its low cost of some­times $10 a hit.

Be­gin­ning next spring, mil­it­ary-fun­ded re­search­ers are sched­uled to pro­duce new tools that would quickly en­able or­gan­iz­a­tions to bounce back from so-called dis­trib­uted deni­al-of-ser­vice at­tacks.

A re­cov­ery rate of at most 10 seconds is the goal, ac­cord­ing to the De­fense De­part­ment.

Today, at­tack­ers have a re­l­at­ively easy time aim­ing bogus traffic at com­puter serv­ers to knock them off­line. One reas­on is that com­puter sys­tems of­ten are con­sol­id­ated, mak­ing for a wide tar­get area. An­oth­er weak­ness is the pre­dict­able be­ha­vi­or of sys­tems that sup­port Web ser­vices. And fi­nally, cer­tain types of DDoS at­tacks that evince little ma­li­cious traffic go un­detec­ted.

Re­search­ers chosen by the De­fense Ad­vanced Re­search Pro­jects Agency will at­tempt to deny at­tack­ers such open­ings through a three-year pro­gram called Ex­treme DDoS De­fense, ac­cord­ing to Pentagon of­fi­cials. The tent­at­ive start date is April 1, 2016.

The sta­bil­ity of agency op­er­a­tions, bank­ing, on­line gam­ing and many oth­er daily activ­it­ies are at stake here.

A DDoS at­tack against Es­to­nia in 2007 al­legedly or­ches­trated by Rus­si­an-backed hack­ers downed gov­ern­ment and in­dustry In­ter­net ac­cess na­tion­wide for two weeks. More re­cently, crooks have be­gun of­fer­ing Lud­dites DDoS-for-hire ser­vices at sub­scrip­tion rates of $10-$300 a month, ac­cord­ing to journ­al­ist Bri­an Krebs.

Liz­ard Squad, a ma­jor pro­vider, al­legedly was be­hind sev­er­al per­sist­ent at­tacks on on­line gam­ing ser­vices Xbox and Play­Sta­tion. A string of 2011 cy­ber as­saults against Wall Street banks, in­clud­ing Cap­it­al One and Sun­Trust Banks, was at­trib­uted to Ir­a­ni­an hack­ers.

Just this month, at the an­nu­al Black Hat se­cur­ity con­fer­ence in Las Ve­gas, Trend Mi­cro re­search­ers said they ob­served at­tack­ers try­ing to over­power sys­tems in Wash­ing­ton that mon­it­or the phys­ic­al se­cur­ity of gas pumps. Luck­ily, the devices were fake “hon­ey­pot” traps.

“Re­sponses to DDoS at­tacks are too slow and manu­ally driv­en, with dia­gnos­is and for­mu­la­tion of fil­ter­ing rules of­ten tak­ing hours to for­mu­late and in­stan­ti­ate. In con­trast, mil­it­ary com­mu­nic­a­tion of­ten de­mands that dis­rup­tions be lim­ited to minutes or less,” DARPA of­fi­cials said in an Aug. 14 an­nounce­ment about the new pro­gram.

The fund­ing level for the pro­ject was not dis­closed but mul­tiple grants are ex­pec­ted to be awar­ded. In­ter­ested re­search­ers must sub­mit pro­pos­als by noon Oct. 13.

XD3 will en­deavor to thwart DDoS at­tacks by “dis­pers­ing cy­ber as­sets” in fa­cil­it­ies and on net­works, of­fi­cials said. Cur­rently, the prob­lem is that cloud com­put­ing ar­range­ments and oth­er crit­ic­al in­fra­struc­ture sys­tems “rely heav­ily on highly shared, cent­ral­ized serv­ers and data cen­ters,” they ad­ded.

The new tools also will try “dis­guising the char­ac­ter­ist­ics and be­ha­vi­ors of those as­sets” to com­plic­ate the plan­ning of DDoS launches, of­fi­cials said.

The trick with so-called “low-volume” DDoS at­tacks is they do not look like traffic over­loads. The ex­tern­al com­puter mes­sages seem be­nign but are ac­tu­ally ex­haust­ing a sys­tem’s memory or pro­cessors. One work­around here might be shar­ing in­form­a­tion among sys­tems that then can “de­cide col­lect­ively wheth­er at­tacks have oc­curred, and/or to de­term­ine what mit­ig­a­tions might be most ef­fect­ive,” of­fi­cials said.

One group of XD3 re­search­ers will be as­signed to in­spect the designs for un­in­ten­ded se­cur­ity holes.

Any­one want­ing to be a re­view­er must hold a top-secret clear­ance, ac­cord­ing to the con­tract rules.

“The ob­ject­ive of design re­views is the pro­act­ive iden­ti­fic­a­tion of weak­nesses and vul­ner­ab­il­it­ies that would re­duce the ef­fect­ive­ness of DDoS at­tack de­tec­tion or mit­ig­a­tion,” of­fi­cials said. The idea also is to “ap­prise per­formers of po­ten­tial DDoS at­tack meth­ods or fea­tures that they might not have con­sidered.”

What We're Following See More »
Poliquin Loses in Maine's 2nd District
9 hours ago

"Democrat Jared Golden has defeated Maine Rep. Bruce Poliquin in the nation’s first use of ranked-choice voting for a congressional race, according to state election officials. The Democrat won just over 50 percent of the vote in round one of ranked-choice voting, meaning he’ll be the next congressman from the 2nd District unless Poliquin’s legal challenges to the voting system prevail. A Golden win in the 2nd District, which President Donald Trump carried in 2016, mean Democrats have picked up 35 seats in the House."

Republicans Could Back Pelosi in Speaker Vote
9 hours ago

"Rep. Tom Reed (R-N.Y.) said he and some other Republicans are committed to backing Nancy Pelosi (D-Calif.) for Speaker if she agrees to enact a package of rule reforms. Reed, co-chair of the bipartisan Problem Solvers Caucus, said the growing frustration with gridlock, polarization and a top-heavy leadership approach in Congress are the reasons why several members in his party are willing to supply Pelosi with some Speaker votes in exchange for extracting an overhaul of the House rules." The caucus wants to fast-track any legislation with support of two-thirds of members, and require a supermajority to pass any legislation brought up under a closed rule.

Administration Sanctions 17 Saudis Over Khashoggi Case
11 hours ago
Trump Lashes Out at Mueller Investigation
11 hours ago
FDA Cracks Down on Smoking Products
11 hours ago

"The Food and Drug Administration announced two major attacks on the tobacco industry Thursday, saying it will start the process to ban menthol in cigarettes and strictly limit sales of flavored e-cigarettes to youths." FDA Commissioner Scott Gottlieb said the move is motivated by a 78 percent increase in e-cigarette use by high school students in the span of one year.


Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.