By Spencer Ackerman, Wired.com
The Pentagon’s far-out research agency and its brand new military command for cyberspace have a confession to make. They don’t really know how to keep U.S. military networks secure. And they want to know: Could you help them out?
Darpa convened a “cyber colloquium” at a swank northern Virginia hotel on Monday for what it called a “frank discussion” about the persistent vulnerabilities within the Defense Department’s data networks. The Pentagon can’t defend those networks on its own, the agency admitted.
Because it’s the blue-sky research agency that helped create the internet, Darpa framed the problem as a deep, existential one, not a pedestrian question of insecure code. “It is the makings of novels and poetry from Dickens to Gibran that the best and the worst occupy the same time, that wisdom and foolishness appear in the same age, light and darkness in the same season,” mused Regina Dugan, Darpa’s director. She’s talking about the internet. “These are the timeless words of our existence. We know it is true of everything.”
Put in a blunter way, U.S. networks are “as porous as a colander,” Richard Clarke, the former White House counterterrorism chief turned cybersecurity Cassandra, told a packed ballroom.
“We are losing ground because we are inherently divergent from the threat,” conceded Dugan, swooping down from the stratosphere. Current network security is a numbers game: According to Darpa research, securing sensitive information on the military’s networks requires, typically, programs running 10 million lines of code. On average, the malicious code, viruses, bots, worms and exploits that try to penetrate those defenses rely on 125 lines of code. Eventually, simple beats over-engineered.
Dugan didn’t go as far as Clarke did — she’s a senior Defense Department official, after all — but she implied that left to its own devices, the government’s network defenses will allow crucial data to increasingly sluice through, like water through Clarke’s colander. And it’s not just information leaking out: it’s the danger of a cyberattack crippling U.S. financial systems or the power grid, according to many at the colloquium. ”We believe we need more and better options,” Dugan said.
To read more, visit: http://www.wired.com/dangerroom/2011/11/darpa-hackers-cybersecurity/