Cyber Defense Strategy

Presented as part of the 2013 HCSS conference.

ABSTRACT

The briefing presents a strategy for analyzing and changing how we deal with defense of the nation’s cyber assets.

DARPA I2O is working within the broader context of the whole-Government and whole-nation response to this threat. The agency has reached out to a broad technical community among our friends and allies to bring together top talent to tackle fundamental problems in this space. The portfolio includes both offensive and defensive cyber technologies (the distinction is often blurred at the technology level) to provide technological surprise in the short term and fundamental solutions in the longer term. Fundamental solutions involve an effort to transcend the tit-for-tat cyber arms race by changing the race course. It includes developments such as: highly resilient and adaptive host and cloud computing systems; formal methods approaches to enable the automatic generation of code with mathematically provable security properties; automated systems to enable us to pit speed-of-light networked cyber battlefield systems against unscalable, hand-crafted approaches; and heterogeneous system strategies to enable us to design systems that appear homogeneous to the user, but require the attacker to build a customized exploit for each individual machine.

Key Outcomes: Participants will develop an understanding that the US approach to cyber security is dominated by a strategy that layers security on to a uniform architecture. We do this to create tactical breathing space, but it is not convergent with an evolving threat.