DARPA’s SafeWare program aims to develop obfuscation technology that would render the intellectual property in software (e.g., proprietary algorithms) incomprehensible to a reverse engineer, but allow the code to otherwise compile and run normally. To accomplish this, SafeWare researchers aim to develop fundamentally new program obfuscation technology with (i) quantifiable security that (ii) depends not on the appearance of complexity in code structure, but on the difficulty of the mathematical problems an attacker would have to solve to successfully de-obfuscate the program.
As new defensive technologies make old classes of vulnerability difficult to exploit successfully, adversaries move to new classes of vulnerability. Vulnerabilities based on flawed implementations of algorithms have been popular targets for many years. However, once new defensive technologies make vulnerabilities based on flawed implementations less common and more difficult to exploit, adversaries will turn their attention to vulnerabilities inherent in the algorithms themselves.
The Space/Time Analysis for Cybersecurity (STAC) program aims to develop new program analysis techniques and tools for identifying vulnerabilities related to the space and time resource usage behavior of algorithms, specifically, vulnerabilities to algorithmic complexity and side channel attacks. STAC seeks to enable analysts to identify algorithmic resource usage vulnerabilities in software at levels of scale and speed great enough to support a methodical search for them in the software upon which the U.S. government, military, and economy depend.
The objective of the Cyber Genome Program is to produce revolutionary cyber defense and investigatory technologies for the collection, identification, characterization, and presentation of properties and relationships from collected digital artifacts of software, data, and/or users to support DoD law enforcement, counter intelligence, and cyber defense teams. Digital artifacts may be collected from live systems (traditional computers, personal digital assistants, and/or distributed information systems such as ‘cloud computers’), from wired or wireless networks, or collected storage media. The format may include electronic documents or software (to include malicious software - malware). The Cyber Genome Program will encompass several program phases and technical areas of interest. Each of the technical areas will develop the cyber equivalent of fingerprints or DNA to facilitate developing the digital equivalent of genotype, as well as observed and inferred phenotype in order to determine the identity, lineage, and provenance of digital artifacts and users.
The TransApps program seeks to develop a library of secure military applications that are as easy to use as commercial smartphone apps and that troops can access on their military mobile devices. The program also wants to establish a business model for the apps that bypasses bureaucratic delays in acquiring and fielding new technology.
The Department of Defense’s information technology (IT) infrastructure is made up of a large, complex network of connected local networks comprised of thousands of devices. Cyber defenders must understand and monitor the entire environment to defend it effectively. Toward this end, cyber-defenders work to correlate and understand the information contained in log files, executable files, databases of varying formats, directory structures, communication paths, file and message headers, as well as in the volatile and non-volatile memory of the devices on the network. Meanwhile, adversaries increasingly use targeted attacks that disguise attacks as legitimate actions, making discovery far more difficult. It is within this complicated web of networked systems that cyber defenders must find targeted cyber-attacks.
The Integrated Cyber Analysis System (ICAS) program aims to make system information readily useful for attack forensics and tactical cyber defense. ICAS will attempt to integrate all sources of network data in a federated database to enable reasoning across the enterprise. If successful, ICAS will provide cyber defenders with a complete, current picture of the IT environment and will reduce the time required to discover targeted attacks.
Nuclear and radiological threats such as dirty bombs pose a threat to the safety and security of American citizens and service members. Early detection of these materials and devices is a critical part of U.S. strategy to deter and prevent attacks.
The SIGMA program aims to revolutionize detection capabilities for countering nuclear terrorism. By creating a powerful distributed network of sensors capable of realtime radiation detection, SIGMA alerts field operators to local threats instantly, and at the same time, builds comprehensive radiological maps that provide a known background for existing benign sources of radiation. Areas under SIGMA’s protection can use these maps to provide clear visibility and early warning of sources that appear unusual or out of place.
Key features of SIGMA:
Provides automated realtime detection, identification, and tracking of nuclear threats.
Combines thousands of sensors together into a powerful detection network.
Instant, automatic analysis of detected radiation, identifying benign and hostile sources.
Capability to combine small man-portable sensors, larger vehicle mounted detectors, and static emplacements into a single SIGMA network.
Deployable in locations with internet connectivity via cellular and wifi communications, or via ad-hoc networks in locations where connectivity is unreliable or undesirable.
Gamma and neutron detectors that are up to an order of magnitude better in sensitivity and cost.
Powerful and intuitive software providing web-based command and control, and easy to use smartphone apps for field operators.
SIGMA was operationally deployed with the Port Authority of New York and New Jersey, and DC Fire and EMS in 2016, logging months of data, including well over 100,000 hours of detector operation covering more than 150,000 miles, and identifying thousands of benign radiation sources in realtime.
SIGMA has been operationally tested at scale with over 1000 detectors operating simultaneously in an exercise with the University of Maryland’s National Consortium for the Study of Terrorism and Responses to Terrorism (START).
SIGMA is an effort of the Defense Advanced Research Projects Agency (DARPA), and has been tested in collaboration with multiple government partners including the DHS Domestic Nuclear Detection Office (DNDO).
SIGMA was built with the collaboration of multiple research institutions including: Lawrence Livermore National Laboratory, Lawrence Berkeley National Laboratory, Los Alamos National Laboratory, Oak Ridge National Laboratory, and Johns Hopkins Applied Physics Laboratory.
SIGMA is expected to provide foundational capabilities for a range of detection approaches, including two under development by DNDO: the Radiation Awareness and Interdiction Network (RAIN), which is being designed to monitor highways and roadways for vehicle-born threats, and the Mobile Urban Radiation Search (MURS) project, which seeks to provide an advanced mobile detection capability for adjudicating alarms generated by SIGMA or RAIN.
SIGMA is undergoing continual live testing, and DARPA plans to transition the operational system to state, local, and federal authorities in 2017 and 2018.
Cyberspace is now recognized as a critical domain of operations by the U.S. military and its protection is a national security issue.
Plan X is a foundational cyberwarfare program to develop platforms for the Department of Defense to plan for, conduct, and assess cyberwarfare in a manner similar to kinetic warfare. Towards this end the program will bridge cyber communities of interest from academe, to the defense industrial base, to the commercial tech industry, to user-experience experts.
Plan X will not develop cyber offensive technologies or effects. National policymakers, not DARPA, will determine how the cyber capabilities developed under Plan X will be employed to serve the national security interests of the United States.
U.S. forces are often immersed in a highly complex, rapidly evolving, hostile environment containing a diverse collection of potential threats. Despite significant recent advances in both the platforms (e.g., unmanned aerial vehicles) and the sensor payloads (e.g., very high resolution cameras) employed within the wide array of modern Intelligence, Surveillance, and Reconnaissance (ISR) capabilities, these conventional solutions do not currently provide the spatial, temporal or functional capabilities required by the individual warfighter.
The vision of the Soldier Centric Imaging via Computational Cameras (SCENICC) program is to develop novel computational imaging capabilities and explore joint design of hardware and software to give warfighters access to systems that greatly enhance their awareness, security and survivability. The SCENICC program envisions a final system comprising both imaging and non-imaging optical sensors deployed both locally (e.g., soldier mounted) and in a distributed fashion (e.g., exploiting collections of soldiers and/or unmanned vehicles).