Steven Walker, acting director of the Defense Advanced Research Projects Agency, has outlined DARPA’s plans to protect U.S. networks against cyber attacks at the 2017 Defensive Cyber Operations Symposium hosted by the Armed Forces Communications and Electronics Association, DoD News reported Wednesday.
Walker said DARPA’s security research goals are focused on efforts to harden systems against cyber attacks; continue operations during attacks; and win in the cyber domain.
In a move to harden systems, DARPA hosted the 2016 Cyber Grand Challenge where participants worked to defend a network and counterattack an adversary’s network within minutes using only machines.
Walker noted DARPA plans to turn CGC into an operational capability and transition the technology to other government agencies.
“You can imagine using it before we deploy a software product to test that software product against many different exploits and using it in sort of a pre-defense way as well,” said Walker.
DARPA also works to develop technologies that can detect, isolate and characterize cyberattacks on the electric power grid to support continued operations during cyberattacks, the acting director added.
The DARPA program seeks to create anomaly detection technologies with low false-alarm rates for the U.S power grid system as well as network isolation and threat characterization platforms for normal information technology and integrated control systems hardware and software.
The agency also launched the Plan X cyber mission framework tool in a push to provide a common operating picture for cyber warriors, Walker noted.
DARPA’s cyberwarfare programs include Enhanced Attribution, which seeks to provide visibility into all aspects of malicious cyber actions, and Network Defense Program, which has developed algorithms and tools to help detect illicit behavior in networks.
Walker believes DARPA is headed toward the development of a national network defense system that will support real-time monitoring of U.S. internet domains to detect botnets; correlate adversary probing of enterprise networks; show indications and warning of network compromises; and coordinate a national response to possible attacks.