June 22, 2011, 1:45 PM — Under nearly constant attack from both outside the country and inside, the U.S. military is trying to improve its ability to defend against cyberattack in the same way it works on other types of defense: simulation and practice.
The Defense Advanced Research Projects Agency (DARPA) has been working on what the Department of Defense describes as a simulation of the entire Internet since 2008, when DARPA put out the first RFPs for a cyberattack simulation system called the National Cyber Range.
Lockheed Martin (which was hacked unsuccessfully last month) and the Johns Hopkins University Applied Physics Laboratory are lead contractors on the project, which includes a rapidly reconfigurable test bed that can mimic government and commercial networks.
The Range – actually a series of network operations centers backed by server farms that support the simulations – is designed to run more than one major simulation at a time.
Its goal is to develop new defensive techniques and toolkits from the experience of military "red" and "blue" teams that will go to simulated cyberwar – teaching military penetration-prevention experts what kinds of threats they could face by watching the two teams fight for dominance.
The DoD has used the same technique in the real world to train inexperienced units in combat by sending them to attack "red" forces equipped like the enemy and fighting the blue forces any way they can.
The big problem with that – at least in cyberspace – is that military hackers tend to know military systems and military hacking techniques.
Those -- in the estimation of nearly every intelligence or military representative who has testified before Congress about it – are not good enough to provide any realistic protection against cyberattack from outside the country.
Without at least one red team that is the equal of the enemy likely to attack, how is the DoD going to identify and insert the critical skills necessary into the simulation process?