Much of modern life takes place online in cyberspace. A variety of threats have emerged to imperil the future of the cyber domain, where more and more of our commercial and social activity unfolds. Securing cyberspace has become a priority at the highest levels of government, including the White House. DARPA is at the leading edge of our nation’s pursuit of a beneficent cyber future.
Legacy of Cyber Past
Roughly a half-century ago, DARPA (when it was known as the Advanced Research Projects Agency, or ARPA) program managers conceived, implemented, and demonstrated the ARPANET, the proof-of-concept precursor of the internet. The principal advance of the ARPANET resided in the introduction of packet-switched communications to achieve a dramatic advance in the efficiency by which the information packets wound their way through available wires and other inter-computer linkages. By 1977, the ARPANET had grown into a national network connecting university, commercial, and government research activities.
The initial engineering of the ARPANET focused on providing basic communication services, and accountability was not included as a primary design goal. These design choices were intentional. According to an historical account of the original network protocols developed at ARPA, “… since this network was designed to operate in a military context … survivability was put as a first goal and accountability as a last goal … An architecture primarily for commercial deployment would clearly place these goals at the opposite end of the list.” Instead of building in reliable attribution mechanisms, user behavior was loosely governed by rules and norms. For example, at the MIT AI Lab circa 19821, it was simply decreed that “It is considered illegal to use the ARPANET for anything which is not in direct support of government business.” The critical need for stronger security and control mechanisms was not yet apparent.
During the 1980s, a commercial version of the ARPANET, dubbed the internet, grew rapidly, and by 1988 served roughly 60,000 internet-connected computers (“hosts”)2. Nov. 2, 1988, was an important reality-check day in the history of the internet, with the release and rapid spread of the Morris worm to approximately 10 percent of internet hosts3. It was a before-and-after moment. After the Morris worm, users became aware of the need for stronger security in computers and networks.
After the Morris worm, users became aware of the need for stronger security in computers and networks.
During the 1990s, the Department of Defense (DOD) recognized networking as a critical enabler for military operations4. As such, DOD aggressively integrated networking, computation, and automation throughout military systems. Adversary nation-states responded by exploiting these networks, and it was during this period that the notion of an “electronic Pearl Harbor” entered the public consciousness5 and the status of cyberspace ascended to that of a domain of active conflict alongside the traditional domains of sea, land, air, and space. The connected nature of cyberspace enables an adversary to strike at any geographic location in the United States, and at a wide range of targets, including the power grid, refineries, chemical plants, airline reservation systems, enterprise and wide area networks, the financial markets, the bulk power markets, communications systems, natural gas pipelines, and water and wastewater utilities.
Affecting the Cyber Present
During the 2000s, DARPA funded selected efforts in cybersecurity. In 2010, DARPA centralized cyber R&D within a new office – the Information Innovation Office (I2O). The creation of I2O included the hiring of several well-known computer science and cyber experts from academia and industry, and greatly expanded DARPA’s cyber program portfolio and investment. To stimulate the interest and involvement of the cyber community, DARPA hosted, on Nov. 7, 2011, a Cyber Colloquium that was attended by approximately 700 researchers, operators, and other stakeholders from industry, academia, and government6,7. The DARPA Cyber Colloquium was a bright signal to the broad U.S. cyber R&D community that DARPA would bring its unique project-centric approach to the development of future cyber capabilities, both defensive and offensive.
In the seven years since the colloquium, DARPA’s programs have had great impact8. Recognizing that cyber threats to physical systems such as vehicles could be devastating for the military, DARPA in 2012 created the High-Assurance Cyber Military Systems (HACMS) program to secure embedded computing systems in mission-critical commercial and military assets against cyber attacks. DARPA’s work in this threat space resulted in heightened awareness of the need for improved automobile cybersecurity9 and led to changes throughout the industry. DARPA’s technical approach to secure software featured formal methods (based on mathematical techniques) to ensure that software reliably does what it is specified to do, and nothing else. DARPA demonstrated these formal methods by developing a secure mission system for an autonomous helicopter. The agency now is working with the DOD to transition tools for building software with much greater cyber resiliency, and envisions a day when formal methods and other advanced tools for creating provably secure software will be adopted by the defense procurement process.