The Pentagon can’t defend its own defense networks, what with them being “as porous as a colander,” according to Richard Clarke.
Clarke is the former White House counterterrorism chief who’s turned into what Wired calls a cybersecurity Cassandra. Wired quoted Clarke as he addressed a packed ballroom at the first-ever DARPA Cyber Colloquium on Monday.
At the conference, officials of the Defense Advanced Research Projects Agency pleaded with hackers to help them out and said that the agency plans to boost spending as it battles unnamed adversaries in cyberspace.
Regina Dugan, DARPA director, addressed an audience that comprised what the agency called “visionary hackers,” academics and others, according to a Reuters story.
Ms. Dugan contended that the military needs “more and better options” to meet cyber threats to a growing range of industrial and other systems controlled by computers vulnerable to penetration, including cars with advanced computer diagnostic boards. Of concern are brakes, accelerators, steering and other modern car systems that “we need to worry about” because they could be remotely hacked via such diagnostic controls, said another DARPA program manager.
While the Defense Department has long been recruiting hackers, it now appears that DARPA is looking for a transfusion of ponytailed, t-shirt-wearing visionaries at every level.
Ms. Dugan described a desire to plug in “the efforts of technical experts at unprecedented levels, including at the development of policy and legal frameworks,” Wired quoted her as saying, “on timescales that correspond with the dynamic nature of advances in cyberspace.”
DARPA officials said the country is at risk particularly since the playing field is far from level. Layered security defenses have grown increasingly bloated, according to a recent in-house analysis, while attackers operate with lean, mean malware.
The agency’s analysis reports that some security packages are weighing in at an eye-popping 10 million lines of code, while malicious software on average runs on a whip-thin 125 lines.
To combat such threats, DARPA officials called for both an increase in the development of cyber defensive technologies and of offensive weapon systems.
“Modern warfare will demand the effective use of cyber, kinetic and combined cyber and kinetic means,” Reuters quoted Dugan as saying. “Kinetic” is military shorthand for traditional weapons, including bombs, missiles and tanks.
At a time when much of the U.S. military is cutting spending, DARPA is planning to fatten its budget by a whopping 73% to recruit hackers and to fund research into “more and better” weapons that can fend off cyber assault and enable the launch of attacks from a keyboard.
DARPA’s budget request for fiscal 2012, which began October 1, called for its cyber research funding to increase more than 73 percent, to $208 million from $120 million. The agency plans to increase spending on cyber research from 8 to 12 percent of its budget over the coming five years.
This is just the latest of an increasingly rigorous clamor over cyber defense in the U.S. Recent headlines have included one Congressional report of hackers targeting U.S. government satellites, with another Congressional report charging China and Russia with technology and trade espionage.
The espionage report, titled Foreign Spies Stealing US Economic Secrets in Cyberspace, was released on Thursday by the Office of the National Counterintelligence Executive. It highlighted two vectors for increased threats: portable Internet devices and a growing cultural numbness to the dangers of sharing information.
“Over the next several years, the proliferation of portable devices that connect to the Internet and other networks will continue to create new opportunities for malicious actors to conduct espionage,” the report reads. “The trend in both commercial and government organizations toward the pooling of information processing and storage will present even greater challenges to preserving the security and integrity of sensitive information.”
In addition, the report claims that the U.S. workforce “will experience a cultural shift that places greater value on access to information and less emphasis on privacy or data protection. At the same time, deepening globalization of economic activities will make national boundaries less of a deterrent to economic espionage than ever.”
While cultural slackening of emphasis on privacy or data protection sounds about right, it’s hard to imagine why the Office of the National Counterintelligence Executive would forecast it as a future trend when it seems to have manifested in the present.
Indeed, it is high time to hire security talent en masse. Ponytailed visionaries, brush off your resumes. There are too many of us whose eyes have glazed over at the difficulty of attaining online privacy, and with this new culture has indeed come porous networks, porous information sharing and porous security. At risk are both trade and technology secrets as well as crucial infrastructure.
SOS. We need you.