DARPA Wants Networks to Find and Fix Security Holes — In Seconds
The Pentagon is seeking an "automation revolution in computer security” in which machines swiftly detect attacks and patch their vulnerabilities.
Pentagon researchers think humans take too long to detect software vulnerabilities, tipping the scales in favor of the criminals who want to exploit them.
The Defense Department's emerging technology research team is looking for an automated system that detects and contains cyber attacks, providing early warning, isolating networks and characterizing threats.
The Defense Advanced Research Projects Agency is hosting a Proposers Day on Dec. 14 for its upcoming Rapid Attack Detection, Isolation and Characterization program, or RADICS, according to a new notice. The agency is particularly interested in technology that can detect network anomalies signaling a threat or attack, map out industrial control systems and analyze system protocols -- especially for threats directed at the power grid and related systems, the notice said.
Generally, DARPA is seeking an "automation revolution in computer security" so machines discover and fix software vulnerabilities within seconds, "instead of waiting up to a year under the current human-centric system," DARPA spokesperson Jared Adams said in an email to Nextgov.
That time lag often results in a "race ... between miscreants intending to exploit the vulnerability and analysts who must assess, remediate, test and deploy a patch before significant damage can be done."
Automated systems are necessary as more devices rapidly get connected to the "Internet of Things," including cars and homes, Adams added.
DARPA has dedicated many other research efforts to automated cyber defense. One called Extreme DDoS Defense or XD3, slated to start in April, seeks technology that thwarts Distributed Denial of Service attacks by "dispersing cyber assets (physically and/or logically), disguising the characteristics and behaviors of those assets and mitigating the attacks (especially low‐volume attacks)."
"Responses to DDoS attacks are too slow and manually driven, with diagnosis and formulation of filtering rules often taking hours to formulate and instantiate," according to the announcement of that program. Military communication, however, "often demands that disruptions be limited to minutes or less."