The Pentagon's advanced research arm, which played a key role in developing the Internet 40 years ago, said on Monday it will boost efforts to build offensive cyber arms for possible keyboard-launched attacks against enemy targets.
The U.S. military needs more and better options to deal with a growing threat to industrial and other systems controlled by computers vulnerable to penetration, Regina Dugan, director of the Defense Advanced Research Projects Agency, told a symposium.
Modern warfare will demand the effective use of cyber, kinetic and combined cyber and kinetic means, she said. Kinetic is military parlance for such things as bombs, bullets and troops.
The cyber colloquium was the first of its kind hosted by the agency, known as DARPA, to discuss securing U.S. infrastructure and trying to ensure the military can rely on its digitally networked systems in future conflicts for everything from targeting to intelligence gathering to logistics.
DARPA opened the session to what it called visionary hackers as well as academics and professionals in an effort to change the dynamic of cyber defense. It said a recent in-house analysis had found that defense alone was a losing proposition because of a cyber attacker's lopsided advantage.
The effort and cost of creating information security software packages, some now involving up to 10 million lines of code, has soared in the past 20 years, the survey found, while malicious software still requires only 125 lines on average.
This is not to suggest that we stop doing what we are doing in cyber security, Dugan told an audience of about 700 in a hotel ballroom outside Washington. But if we continue only down the current path, we will not converge with the threat, meaning deal effectively with it.
Dugan said DARPA in coming years will focus an increasing portion of our cyber research on the investigation of offensive capabilities to address military-specific needs.
DARPA's Cyber Analytic Framework assessment found that U.S. capabilities to deal with fast-growing threats from malicious software code are limited, both offensively and defensively, she said. We need to fix that.
'A REAL THREAT'
We are shifting our investments to activities that promise more convergence with the threat and that recognize the needs of the Department of Defense, she said. Malicious cyber attacks are not merely an existential threat to our bits and bytes. They are a real threat to our physical systems, including our military systems.
U.S. officials stepped up warnings about possible destructive cyber attacks after the computer virus Stuxnet emerged in 2010, changing the dangers from disruption of industrial capabilities to destruction. Stuxnet is believed to have crippled centrifuges that Iran uses to enrich uranium for what the United States and some European nations have charged is a covert nuclear weapons program.
U.S. Army General Keith Alexander, commander of the military's new Cyber Command, told the DARPA audience the threat was moving from exploitation to disruption to destruction of systems controlled by computers.
Lieutenant General Rhett Hernandez, commander of the Army's Cyber Command, said after his remarks to the session that the threat was growing even faster than many had expected since the advent of Stuxnet.
Now we're seeing the son of it, he said, referring to the so-called Duqu computer virus that early analysis suggested had been developed by hackers to help lay the groundwork for attacks on critical systems such as power plants, oil refineries and pipelines.
The DARPA budget request for fiscal 2012, which began October 1, called for its cyber research funding to jump more than 73 percent to $208 million from $120 million. Over the next five years, the agency said it plans to boost its investment in cyber research to 12 percent of its budget from 8 percent even as overall U.S. military-related spending is set to decline as part of deficit cutting.
Dugan said U.S. policymakers, not DARPA, will determine how cyber capabilities may be used to protect and defend U.S. security interests.
But DARPA has a special responsibility to explore the outer bounds of such capabilities so that our nation is well prepared for future challenges, she said, citing its role in creating Arpanet in the 1960s, forerunner of the Internet.
The U.S. Defense Department has said more than 30 countries are creating military cyber units, just as the Pentagon did with the U.S. cyber command that began operating last year.
U.S. officials have declined to discuss publicly U.S. offensive capabilities in cyberspace. One key concern is whether the United States can defend against possible retaliatory cyber attacks that might target such things as transportation, banking systems and power grids.
(Editing by Bill Trott)