Timing the pre-emptive cyber defense
It’s interesting to see the latest turn of events at the Defense Advanced Research Projects Agency (DARPA), which is apparently turning to the hacker community for its next level of cybersecurity development.
Peiter Zatko – “Mudge” to you hackers out there – will be a new program manager at DARPA in charge of conducting convention-breaking research into U.S. cybersecurity. Current technology isn’t doing the job, he said in this CNET interview, so he wants to promote revolutionary changes.
Zatko used to be one of those people who broke into various networks and turned government security folks’ hair gray. More recently, though, he’s become a respectable black hat, and was even the target of an online petition to try and get the Obama administration to appoint him as cybersecurity czar.
More to the point, I think, is that he’s an example of a developing line of aggressive thought in U.S. government about how to wage cyberwarfare. Just as waging pre-emptive war became the device for going into Iraq in 2003, pre-emptive cyber defense (as in the best defense is offense) is what the U.S. military is considering now.
I mean, they have to be thinking of something. Even the better technologies that are used for traditional defense seem to be falling behind, like here and here.
That seems to be at least part of the reason for DARPA’s own Cyber Genome Program. Why bother knowing about the origins of a cyberattack if that doesn’t also provide you with the ability to strike at the source?
If you know where an attack is coming from, the next step is getting to know where attacks are likely to come from. And if you know that, why not try to stop them before they happen? People like Mudge have the background and mindset to break through with that approach.
I’ll be looking for terms such as cyberdrones, cyberpredators and cybermissiles in future DOD missives.
Posted by Brian Robinson on Feb 12, 2010 at 9:03 AM