Friday, May 29, 2009

Building a Cybersecurity Lab ( Full operating capability is expected in 2012)

By Grace V. Jean

Shortly before the Russian military drove tanks into the restive region of South Ossetia last year, a cyber-attack hit neighboring Georgia, knocking government and news organization websites offline for days. In January, a similar digital assault paralyzed Kyrgyzstan’s main Internet service providers.

Cyber-attacks have become more prevalent around the world and defending against them has become harder and harder, experts say. The U.S. government’s computers, too, have become a target. They have attracted tens of thousands of onslaughts in recent years. U.S. Central Command networks in November were hit by an electronic attack thought to have Russian origins.

Learn How To Hack

In an effort to beef up the country’s defenses in cyberspace, the Comprehensive National Cybersecurity Initiative, established last year by the Bush administration, seeks to reduce network vulnerabilities, protect against intrusions and anticipate future threats.

As part of the initiative, the Defense Advanced Research Projects Agency has awarded $30 million in contracts to spur the development of a facility where researchers and scientists can test their latest cybersecurity technologies.

Ultimately, the “national cyberrange” will be a hybrid of a Consumer Reports-type testing laboratory and the Army’s National Training Center, says program manager Michael VanPutte.

“We want the national cyberrange to do for cyber what the National Training Center did for the Army and the Department of Defense in joint war fighting,” the retired Army colonel says.

A researcher, for example, might have a new network protocol that he wants to try out. Network protocols are the rules that a network uses in order to communicate. The scientist could install the protocol on the national cyberrange and run it through realistic threat scenarios to assess the network’s security.

There are a number of existing test beds that provide some of the capabilities that DARPA is asking for, but none has the scale of automation or sophistication that scientists need, VanPutte says.

“To really understand the attacker, we need an environment where we can set up a large-scale defense, let the attackers go, watch it and measure, and then make changes in the environment and see if that helps or hinders security,” says VanPutte. “The cyberrange will give us that laboratory to see how we can improve security.”

Setting up a sterile environment to test cybertechnologies presently is a laborious, time-intensive process, he points out. Just as the average consumer would go about setting up a new computer from scratch — installing an operating system, hardware and software and then configuring it — scientists must do the same for their devices, but on a greater scale of hundreds of computers.

“When you get above 300 machines, it gets really hard and really time-consuming,” says VanPutte. “I’m trying to flip that paradigm.”

The cyberrange will simplify that process with graphic user interfaces and other systems that automatically configure an entire network so that scientists can concentrate on conducting their research, he explains.

Simulated users and realistic adversaries would then test the technologies against a full spectrum of threats to give a comprehensive, unbiased assessment of security, he says.

The facility is intended for use by organizations and research institutions nationwide. Scientists from academia, industry and various government and law enforcement agencies could all run trials simultaneously at a variety of classification levels.

For the military, the range will offer opportunities to test the Defense Department’s vision for future network-centric operations in a virtual reality network, VanPutte points out.

While the primary purpose of the facility is to help develop cutting edge technologies for countering cyber-attacks, its secondary goal is to foster innovation on cybertesting, itself. Many of the challenges there — slowing down and speeding up test times and replicating human behavior — are problems that the modeling and simulation community faces. “Those are all really, really hard problems that there aren’t solutions to today,” says VanPutte. “The purpose of the NCR is to build out that research and field the results back out to the testing community, to really increase the capability of all U.S. test beds, not just the national cyberrange.”

DARPA has awarded contracts to seven teams that will provide detailed engineering plans, concepts of operation and visions of how the national cyberrange will run. Proposals for building the prototype are due July 13. Officials will select one or more of the plans for a phase II contract. Depending on the outcome of prototype testing, the final contract will be awarded to build the range.

Full operating capability is expected in 2012.

No comments:

Post a Comment