news from DARPA
The Christian Science Monitor's new Passcode cyber news service concluded its launch yesterday with a conference devoted to "the future of cybersecurity innovation." Co-sponsored by Invincea and Vectra, the session focused on DARPA's Plan X as an instance of what such innovation might look like.
Anticipating the attack. Vectra's Mike Banic opened with a presentation on anticipating cyber attacks. He noted that enterprises are expected to spend $17B this year on "great protection machines." This won't help, he argued, because such forms of protection are yesterday's response. And they will also invest heavily in forensics and cleanup. Between response and protection, however, a big gap remains to be closed. Attackers effectively operate in plain site, in a blind spot that lies in this gap. He called for automated breach detection (and demonstrated Vectra's approach to the problem.)
Plan X demonstrated. Frank Pound, DARPA Program Director, described the goals of his agency's Plan X. The program seeks to address ways of reducing the human labor involved in cyber defense. He demonstrated the current version of Plan X's user interface, discussed the ways in which it could reduce the burden on human watchstanders (and the ways in which machine learning tunes its alerts into more effective warnings). Plan X provides network situational awareness, with links to tools in its "app store" that can address events. Watch the video of his presentation (linked below).
Capital is cheap, labor expensive. Invincea's Anup Ghosh set a familiar challenge: operators are drowning in data, and skilled operators with the expertise to interpret and act upon those data are as scarce. (No enterprise can reasonably expect to hire and pay an army of PhDs.) Noting that humans are good at asking the right questions, and machines good at handling data, he argued that the future lies in bringing intelligent, natural language queries to data. Such questions might be distributed to devices that would return readily intelligible answers to human operators: the TAPIO program is intended to function in such a fashion. He also described technologies emerging from the Cyber Genome project that visualize and interrogate malware samples. One of them, Cynomix, ingests large amounts of malware and extracts capabilities, and reports them in what he characterized as a "Facebook for malware."
DARPA is not building an unhackable car. Got that, journalists? The session concluded with a panel composed of Bill Hill (CISO at MITRE), Dan Kaufman (Director of DARPA's Information Innovation Office), and Chuck Romine (Director of NIST's Information Technology Lab). Asked for their take on the future of cyber innnovation, they echoed some of the morning's recurring themes: the importance of natural language interfaces and reduction of cyber security's dependence on skilled labor. MITRE is working on cross-community engagement, with enhanced threat-intelligence sharing. DARPA is offering a grand challenge: build an automated system that could compete and win at a DEFCON capture-the-flag event (the way Deep Blue competed at chess and Jeopardy). NIST is working on a trusted identity ecosystem that simultaneously promotes privacy and security — the "subtext" of this work is a desire to kill the password.
Asked whether they were generally optimistic or pessimistic about the future of cyber security, all the panelists were guardedly optimistic. DARPA's Kaufman suggested that researchers take the human immune system seriously as a metaphor for cyber security. Systems can be made unhackable, he argued, with respect to precisely specified security requirements. (But not, of course, unhackable simpliciter. Kaufman insisted that any journalists present note this, as we have with this section's title — don't expect an unhackable car to emerge from Ballston.) MITRE's Hill found cause for optimism in the growing realization that "we'll get a better handle on limiting losses by focusing on what matters." Romine emphasized that NIST's Cybersecurity Framework carefully considered privacy, but, that while he found an almost universal consensus that privacy was important, he also found that the community tended to admire rather than addresses the problems associated with ensuring it: more research is needed here.
See the links below for accounts and recordings of the presentations.