DOD's Current InfoSec Strategy Is 'Patch and Pray’
But DARPA Director Arati Prabhakar says that her agency is working to make computing ‘mathematically, provably secure.’
The Pentagon’s emerging technology agency faces almost continuous cyber threats. And according to Director Arati Prabhakar, its strategy so far has been to “patch and pray.”
“I’ve been hacked; you’ve been hacked,” Prabhakar, who heads the Defense Advanced Research Project Agency, said Wednesday at The Atlantic and Aspen Institute's Washington Ideas forum. “We’re under constant attack, as is pretty much all of the Defense Department. How we all deal with it today is patch and pray . . . finding vulnerabilities and patching as quickly . . . as we can.”
DARPA is also working on new technology to protect the ecosystem of connected devices known as the Internet of Things, she said, including one approach that intends to make computing processors “mathematically, provably secure.”
Last week, DARPA announced it was collecting information on securing the Internet of Things by analyzing the emissions -- electromagnetic waves, for instance -- from devices to detect their computing activity.
Prabhakar added that the Pentagon must also rely on technological contributions from the private sector.
"The secret to success is not to try to build a wall,” she said. “I think the secret for success is going to be to harness that commercial technology and to turn it into military capabilities much more powerful than anyone else.”
Her comments reaffirm the Defense Department’s recent commitments to Silicon Valley, including efforts to tap into the areas private sector technology talent.
This year, Defense Secretary Ash Carter became the first sitting secretary in almost two decades to visit Silicon Valley. In April, the Pentagon unveiled plans to open an office in California. More recently, it announced a $75 million investment in an a consortium of universities and companies developing flexible and wearable electronics.
Later, Prabhakar noted that the rapid development of new technology requires its creators and society to have difficult conversations about what limits to impose on technology and how much autonomy to grant pieces of technology.
“What I worry about is not what technology will go do by itself," she said. "What I worry about is how humans are going to use technology. “I’m not really sure those questions are being asked in a way that’s going to give us the insights that we need.”