DARPA To Fund National Cyber Range Startup

Jan 9, 2009
By David A. Fulghum



The biggest obstacles to launching predictable cyber attacks – with an eye to making them operational military capabilities – are the lack of digital weapons that can be used by nonspecialists and the inability to duplicate networks so that attacks and exploitation can be planned and practiced.

In turn, the Defense Advanced Research Projects Agency (DARPA) has just awarded seven six-month contracts totaling about $25 million as the startup funding for a National Cyber Range (NCR).

First phase participants include BAE Systems with $3.3 million; General Dynamics $1.9 million; Johns Hopkins University $7.3 million; Lockheed Martin $5.3 million; Northrop Grumman $344,097; Science Applications International Corp. $2.8 million; and Sparta $8.6 million.

“I don’t believe that this is a single-year or even a multiyear investment – it is a multidecade approach,” says Melissa Hathaway, director of the Joint Interagency Cyber Task Force.

“Without [the cyber range], any research will be done in darkness and only stumble accidentally into the light,” says a DARPA document that laid out the project for prospective contractors.

Game changer

DARPA Director Tony Tether says the range is a government expression of its “commitment to incubate and create incentives for game-changing technological innovation.”

The range is intended to become the premier U.S. cyber test facility, according to DARPA officials. The products will be unbiased and quantitative assessments of information assurance and survivability tools. The laboratory is to replicate complex, large-scale, heterogeneous networks for current and future Defense Department weapons and operations.

The capabilities to be tested are host-security systems, local-area-network security tools and suites, wide-area network systems operating on unusual bandwidths, tactical networks including the problematic mobile ad hoc networks, and new protocol stacks. Innovations are expected to include development of advanced automated test ranges and the testing of revolutionary cyber-research programs.

The first of four phases will last six months with two months for final report preparation. The contractors have to have a complete, integrated system and DARPA will not act as the integrator.

Hedging bet

To further hedge their bets, DARPA officials may fund multiple, competing performers to simultaneously build competing prototype NCR ranges in a later phase of the program.

Testing of the ranges will include demonstration of “packet capture, event log collection, malware event collection and automated attacks.” Responsive traffic generators will have to drive office software products, browsers, media players and e-mail clients. Traffic generation systems will involve incoming/outgoing e-mail, port scanning and automated attacks.

By phase 3, the candidate system will have to reconstitute test nodes within 15 minutes, reconfigure the range within one hour, create a 10,000-node test from DARPA-provided requirement within two hours and perform time synchronization across all machines to within 1 millisecond, and demonstrate human-level behavior on 80 percent of traffic-generated events.

Image: DARPA