DARPA’s Foundational CyberWarfare Plan-X: The Roadmap for Future CyberWar

Personnel of the 624th Operations Center, located at Joint Base San Antonio - Lackland, conduct cyber operations in support of the command and control of Air Force network operations and the joint requirements of Air Forces Cyber, the Air Force component of U.S. Cyber Command. The 624th OC is the operational arm of the 24th Air Force, and benefits from lessons learned during exercises such as Cyber Flag 13-1. (U.S. Air Force photo by William Belcher)
Personnel of the 624th Operations Center, located at Joint Base San Antonio – Lackland, conduct cyber operations.  (U.S. Air Force photo by William Belcher)

In October, DARPA held a meeting concerning the direction the military should take in the development of cyber capabilities. They invited more than 350 cyber researchers to the meeting to discuss their research program, “Plan-X”.

But just what is “Plan X”?

According to DARPA, Foundational CyberWarfare Plan X “will attempt to create revolutionary technologies for understanding, planning and managing DoD cyber missions in real-time, large-scale and dynamic network environments,” and it will also “conduct novel research on the cyber domain.”

So basically it sounds like DARPA is calling on industry experts and researchers to help create a Roadmap for how Cyberwar will be fought in the future.

The program covers largely unchartered territory as we attempt to formalize cyber mission command and control for the DoD.” says Dan Roelker, DARPA program manager. And DARPA told FoxNews that “Plan X program seeks to integrate the cyber battlespace concepts of the network map, operational unit and capability set in the planning, execution, and measurement phases of military cyber operations”.

From the released Plan X BAA:

“The Plan X program seeks to build an end-to-end system that enables the military to understand, plan, and manage cyberwarfare in real-time, large-scale, and dynamic network environments. Specifically, the Plan X program seeks to integrate the cyber battlespace concepts of the network map, operational unit, and capability set in the planning, execution, and measurement phases of military cyber operations. To achieve this goal, the Plan X system will be developed as an open platform architecture for integration with government and industry technologies.”

Specifically Plan X is not funding new cyber weapons, but instead focuses on building a prototype system using the following five Techincal Areas:

  • System Architecture
  • Cyber Battlespace Analytics
  • Mission Construction
  • Mission Execution
  • Intuitive Interfaces

System Architecture

The System Architecture team will build the Plan X system infrastructure and support overall system design and development. This includes secure architecture design, development of application programming interfaces (APIs), and data format specifications. The System Architecture team will also be responsible for purchasing system hardware and maintaining the overall infrastructure.

Cyber Battlespace Analytics

Performers in this area will develop automated analysis techniques to assist human understanding of the cyber battlespace, support development of cyberwarfare strategies, and measure and model battle damage assessment. Data sets will include logical network topologies, and node / link attributes.

Mission Construction

Performers in this area will develop technologies to construct mission plans and automatically synthesize plans to an executable mission script. Performers will also develop technologies to formally verify plans and quantify the expected effects and outcomes. TA3 involves the development of cyberwarfare domain specific languages, program synthesis, and automated program construction from high-level specifications.

Mission Execution

Performers will research and develop: 1) the mission script runtime environment and 2) support platforms. The runtime environment will execute mission scripts end-to-end, including construction of capabilities and support platform deployment. The support platform research area focuses on building operating systems and virtual machines designed to operate in highly dynamic and hostile network environments. Support platforms will be developed to operate on all computer architecture levels, from hypervisor to sandboxed user applications.

Intuitive Interfaces

The Intuitive Interfaces team will design the overall Plan X user experience, including workflows, intuitive views, motion studies, and integrated visual applications. Coordinated views of the cyber battlespace will provide cyberwarfare functions of planning, execution, situational awareness, and simulation. Performers will work closely with all other technical areas to ensure that the needed graphical user interface (GUI) APIs are defined and provided.

Some interesting points mentioned include levels of autonomous operation, enforcing Rules of Engagement and a cyber operation “play book“.

They also want to create “Real-Time Cyber Battlespace views” which would will show an overview map of all ongoing cyber operations and plans and allow a commander to drill down into the data to see individual operation details.

The full 52 page Foundational Cyberwarfare (Plan X) can be found on fbo.gov.

The Right to Keep and Bear Cyber Arms: The 2nd Amendment and CyberWar

There have been several articles floating around about “Cyber Militias”, and though I will probably regret it, I think it is time to talk about cyber weapons and the second amendment.

I’ve seen some interesting video lately, where two armed thugs enter a business and threaten everyone inside. An armed civilian defends himself and everyone inside by drawing his weapon and chasing the perps out of the business with some well aimed shots. But what if your business, that you worked very hard to build with blood, sweat and toil, is targeted by cyber criminals, what can you do?

Well, right now, all you can legally do is contact the authorities. Even if you knew how, you can not take matters into your own hands and counter-hack the attackers. With all the media hype over Stuxnet, cyber war and cyber weapons – should US citizens be legally allowed to own and use these deadly weapons in accordance with their 2nd Amendment rights?

Okay, I am poking fun with the “deadly” thing, as so far no one has been officially killed by a “cyber weapon”. But Joel Harding has some very interesting points in his latest post on cyber militias. If Switzerland stays true to course, and hands out government made cyber code to home guard soldiers, shouldn’t American civilians have access to such weapons also?

Honestly, as the amendment is written and as code is being quantified as a weapon, why shouldn’t Americans be allowed to actively defend themselves against online electronic risks as well as physical threats?

Of course, I can foresee that a single user Denial-of-Service weapon would probably be given out without much ado, but there will probably be a ban on large capacity distributed DoS weapons. And of course their will be a 10 day waiting period on Stuxnet based threats.

Wouldn’t want someone blowing up a couple nuclear power processing plants in Iran just because they had a bad day at the office…

Alright, alright… All kidding aside, should the 2nd amendment apply to cyber weapons – what do you think?

Officials confirm, Stuxnet was a US-Israel Creation

We have met the creator of Stuxnet, and the creator is us…

US, Israel and European officials confirm that Stuxnet was part of an ever increasing program of computer attacks against Iran to slow or stop it’s nuclear ambitions.

According to an article on the New York Times:

From his first months in office, President Obama secretly ordered increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities, significantly expanding America’s first sustained use of cyberweapons, according to participants in the program.

Mr. Obama decided to accelerate the attacks — begun in the Bush administration and code-named Olympic Games — even after an element of the program accidentally became public in the summer of 2010 because of a programming error that allowed it to escape Iran’s Natanz plant and sent it around the world on the Internet.

Really no shocker here, most assumed that it was US and Israel backed. Now we know for sure. According to The Register, members of Israel’s ultra cool Unit 8200 and our cyber ninjas at the NSA worked together to create the cyberweapon Stuxnet.

The Times article hints that the cyber attacks were intended to slow down Iran’s progress on obtaining nuclear weapons and satiate Israel so they would not perform a physical strike, leading to an un-stabilized Middle East.

But what one has to ask, if they knew the attacks would only delay Iran from obtaining nukes, why do this at all? They seemed to be determined to obtain nuclear weapons. What would be gained by delaying them another year or so?

I am curious if this is why key members of Iran’s nuclear program are being and have been assassinated. Knowing that Stuxnet was only a temporary fix, someone (apparently Israel) is taking further steps to hamstring Iran’s nuclear ambitions.

What are Cyber-Weapons?

“What are cyber-weapons? Instruments of code-borne attack span a wide spectrum, from generic but low-potential tools to specific but high-potential weaponry. This distinction brings into relief a two-pronged hypothesis that stands in stark contrast to some of the received wisdom on cyber-security.

Maximizing the destructive potential of a cyber-weapon is likely to come with a double effect: it will significantly increase the resources, intelligence and time required for development and deployment – and more destructive potential is likely to decrease the number of targets, the risk of collateral damage and the political utility of cyber-weapons…”

Cyber-Weapons” by Dr. Thomas Rid & Peter McBurney

Dr. Thomas Rid (War Studies, King’s College London) has published another exceptional article on cyber warfare. This publication, titled “Cyber-Weapons” is inspired by some of the feedback from his recently published article, “Cyber War Will Not Take Place.”

In this publication, Dr. Rid continues to expand on what constitutes a weapon, and how this relates to the terms and technologies of Cyber War. As with his previous article, this is a very refreshing and enlightening look at past and current cyber events. Dr. Rid masterfully separates the truth about cyber weapons and their capabilities from common misconceptions.

One section of the article that really captured my attention was the discussion of next generation Stuxnet type code called “Learning Weapons”. Cyber Weapons that can learn on the fly. They will observe and evaluate the environment autonomously and then take a course of action on their own.

This is an excellent read and definitely worth your time.

In the days and hours leading up to the afternoon of 19 March 2011, air force planners in France, Britain, and several other NATO countries were frantically preparing an imminent bombing campaign against military targets in Libya. In Washington on that same March weekend an unusual discussion took place between the Department of Defense and the White House. Should America deploy its cyber arsenal against Libya’s air defence system? After the Pentagon’s generals and geeks had briefed the president on the options, he decided that, No, the time was not ripe for cyber weapons…

Cyber-Weapons” – Check it out!

(Thomas Rid & Peter McBurney (2012): Cyber-Weapons, The RUSI Journal, 157:1, 6-13)