DARPA’s Foundational CyberWarfare Plan-X: The Roadmap for Future CyberWar

Personnel of the 624th Operations Center, located at Joint Base San Antonio - Lackland, conduct cyber operations in support of the command and control of Air Force network operations and the joint requirements of Air Forces Cyber, the Air Force component of U.S. Cyber Command. The 624th OC is the operational arm of the 24th Air Force, and benefits from lessons learned during exercises such as Cyber Flag 13-1. (U.S. Air Force photo by William Belcher)
Personnel of the 624th Operations Center, located at Joint Base San Antonio – Lackland, conduct cyber operations.  (U.S. Air Force photo by William Belcher)

In October, DARPA held a meeting concerning the direction the military should take in the development of cyber capabilities. They invited more than 350 cyber researchers to the meeting to discuss their research program, “Plan-X”.

But just what is “Plan X”?

According to DARPA, Foundational CyberWarfare Plan X “will attempt to create revolutionary technologies for understanding, planning and managing DoD cyber missions in real-time, large-scale and dynamic network environments,” and it will also “conduct novel research on the cyber domain.”

So basically it sounds like DARPA is calling on industry experts and researchers to help create a Roadmap for how Cyberwar will be fought in the future.

The program covers largely unchartered territory as we attempt to formalize cyber mission command and control for the DoD.” says Dan Roelker, DARPA program manager. And DARPA told FoxNews that “Plan X program seeks to integrate the cyber battlespace concepts of the network map, operational unit and capability set in the planning, execution, and measurement phases of military cyber operations”.

From the released Plan X BAA:

“The Plan X program seeks to build an end-to-end system that enables the military to understand, plan, and manage cyberwarfare in real-time, large-scale, and dynamic network environments. Specifically, the Plan X program seeks to integrate the cyber battlespace concepts of the network map, operational unit, and capability set in the planning, execution, and measurement phases of military cyber operations. To achieve this goal, the Plan X system will be developed as an open platform architecture for integration with government and industry technologies.”

Specifically Plan X is not funding new cyber weapons, but instead focuses on building a prototype system using the following five Techincal Areas:

  • System Architecture
  • Cyber Battlespace Analytics
  • Mission Construction
  • Mission Execution
  • Intuitive Interfaces

System Architecture

The System Architecture team will build the Plan X system infrastructure and support overall system design and development. This includes secure architecture design, development of application programming interfaces (APIs), and data format specifications. The System Architecture team will also be responsible for purchasing system hardware and maintaining the overall infrastructure.

Cyber Battlespace Analytics

Performers in this area will develop automated analysis techniques to assist human understanding of the cyber battlespace, support development of cyberwarfare strategies, and measure and model battle damage assessment. Data sets will include logical network topologies, and node / link attributes.

Mission Construction

Performers in this area will develop technologies to construct mission plans and automatically synthesize plans to an executable mission script. Performers will also develop technologies to formally verify plans and quantify the expected effects and outcomes. TA3 involves the development of cyberwarfare domain specific languages, program synthesis, and automated program construction from high-level specifications.

Mission Execution

Performers will research and develop: 1) the mission script runtime environment and 2) support platforms. The runtime environment will execute mission scripts end-to-end, including construction of capabilities and support platform deployment. The support platform research area focuses on building operating systems and virtual machines designed to operate in highly dynamic and hostile network environments. Support platforms will be developed to operate on all computer architecture levels, from hypervisor to sandboxed user applications.

Intuitive Interfaces

The Intuitive Interfaces team will design the overall Plan X user experience, including workflows, intuitive views, motion studies, and integrated visual applications. Coordinated views of the cyber battlespace will provide cyberwarfare functions of planning, execution, situational awareness, and simulation. Performers will work closely with all other technical areas to ensure that the needed graphical user interface (GUI) APIs are defined and provided.

Some interesting points mentioned include levels of autonomous operation, enforcing Rules of Engagement and a cyber operation “play book“.

They also want to create “Real-Time Cyber Battlespace views” which would will show an overview map of all ongoing cyber operations and plans and allow a commander to drill down into the data to see individual operation details.

The full 52 page Foundational Cyberwarfare (Plan X) can be found on fbo.gov.

FBI: Al-Qaeda Video calls for Electronic Jihad against the US

A 6 minute Al Qaeda video translated by the FBI calls for extremist followers to perform cyber attacks against the US. According to Foxnews, the video states that US computer systems are as vulnerable to electronic warfare as airline security was leading up to the 9/11 attacks.

In the video those “with expertise in this domain to target the websites and information systems of big companies and government agencies“, are called on to join in the attack.

This is the clearest evidence we’ve seen that al Qaeda and other terrorist groups want to attack the cyber systems of our critical infrastructure“, said Senator Joe Lieberman who first saw the video last week in a Homeland Security meeting,”Congress needs to act now to protect the American public from a possible devastating attack on our electric grid, water delivery systems, or financial networks, for example“.

Unlike facing America’s military might on the battlefield, cyber warfare can be done on the cheap. According to Lieberman, “Al Qaeda and Al Qaeda in the Arabian Peninsula are focused on cyber warfare because it can be carried out, if you have somebody smart enough, at very little expense“.

This video comes on the heels of a report last month that stated Al-Qaeda was seeking cyber attack capabilities:

While it’s “accurate today,” that the terrorist group isn’t close to having such a capacity, “how fast that can change is my concern,” Rear Admiral Samuel Cox said at a conference yesterday in Arlington, Virgina.

We are used to what the current threat is, and we lose sight of just how fast that can change and go bad,” Rear Admiral Cox said, “They don’t have to build some technological thing.” They “could hire it, or blackmail it, or find the right person who has that skill set and be able to use that and rapidly increase their capabilities.

From the video it looks like they are taking the next steps and actively recruiting extremists with technical skills. The US will and should take this threat seriously.

24th Air Force Commander discusses Cyber Oberations

The Commander of 24th Air Force and Air Force’s Cyber Air Component to USCYBERCOM Network Operations, Maj. Gen. Suzanne Vautrinot, spoke Monday at the 4th Annual Cyber 1.2 event at the 28th Annual National Space Symposium in Colorado Springs, Colo.

General Vautrinot, who is responsible for the Air Force’s component force that provides combatant commanders with trained and ready cyber forces, discussed the importance of the 24th Air Force mission.

When we talk about cyber, we are talking about mission, a mission focus and a mission accomplishment.

My mission focus, just like in any other domain-whether it is ground, sea, air or space-the same is true for cyber: we are responding to orders and guidance that support this nation in its responsibilities and national security efforts around the globe,” the general said.

She described how the 24th Air Force is the operational warfighting organization that establishes, operates, maintains and defends Air Force networks and conducts full-spectrum operations in cyberspace.

The general explained that full-spectrum is offense, defense and exploitation and they merge together at Cyber Command and are provided to the combatant commands so they can execute their missions.

She also said that it is important to defend Air Force networks to ensure warfighters can maintain the information advantage as we prosecute military operations.

The defense can make a huge difference,” the general said, “and it makes the difference by understanding what is happening on the field of play and getting in front of it before a play can form, that is the beginning of forensics.”

When looking at forensics from a defensive stand point, it is like reviewing the game tapes before a football game. You’re able to “stop the play” before adversaries get any ground, General Vautrinot explained.

When you watch them over and over again, the “signature” advises the defense. And more importantly you can get to the next step of heuristics and know what any play may look like and let the system automatically adjust…in cyber-time.

It is about proactive defense in depth” she said.

She said cyber defense is all about being able to apply your knowledge across all possibilities of how someone can take advantage of your architectures and your ability to use cyber to your own advantage and to their disadvantage.


Auburn Davis – Air Force Space Command Public Affairs
via Infosecisland.com

US Confirms Iran did not Hack Drone

A congressional official has confirmed that Iran did not bring down the US Stealth drone with it’s “cyber warfare” skills. That the downing of the drone in fact was due to a malfunction, according to a Foxnews article:

We have looked at this eight ways to Sunday. I can tell you it was a U.S. technical problem. The information (data) was not lining up and it was not the result of Iranian interference or jamming.”

This confirms what we stated in December, that Iranian “Cyber Commandos” most likely did not bring down the drone.

Information from a 10 week CIA review seems to point to a malfunctioning data stream. Information from the faulty stream may have led the drone operator to land the UAV, though this has not been confirmed. Also, and more importantly, because of information gleaned from the stream, the UAV may have not correctly dumped classified data.

The RQ-170 is programmed to dump sensitive data in cases of malfunctions or crashes. Though the information is encrypted, and Iran most likely could not retrieve the data on their own, this could still be a major blow to the United State’s UAV program.

Meanwhile, Iran’s Press TV, claims the Foxnews article a victory:

The report supports Iran’s claims that the reconnaissance was cyberjacked by the army’s electronic warfare unit and eased to a safe landing while deep in Iranian territory on December 4.

Apparently the Iranian Press only read a couple paragraphs from the article. I find it odd that they didn’t include a link to the Foxnews article. Maybe Foxnews is filtered out by Iran’s online censorship program?

On December 12th, President Obama asked Tehran to return the drone. We have found out that Iranian craftsman are hard at work duplicating the drone. And though they will not return the original, they will return one that they have made directly to President Obama. The will send him… a pink one:

“The models began release this week, and the makers say they have already set aside a pink one for President Obama – who has asked for Iran to return the original US craft.

“He said he wanted it back, and we will send him one,” Reza Kioumarsi, the head of cultural production at the Ayeh Art group was quoted as saying on Iranian state radio.”

How nice of them…