My former DARPA program manager, Sami Saydjari, gave me permission to post a DARPA video from 2001 titled:
STRATEGIC CYBER DEFENSE
Defending the Future in the Digital Domain
A DARPA Vision
I and a number of other DARPA Principal Investigators were brought down to help SPAWAR work on the story. I recently pulled out my old DVD and was happily surprised at how well the concepts have held up after 14 years and how predictive some of the elements of the story were. At the end is a link to the movie on YouTube (as well as embedded in this blog), but here are a few things to look for at different time codes in the movie along with posts to recent stories or products:
0:27 - insider plants Trojan horse. Insiders are always a big threat, and Trojan horse software lying dormant for years inside critical infrastructure is a huge concern http://abcnews.go.com/US/trojan-horse-bug-lurking-vital-us-computers-2011/story?id=26737476
2:27 - coalition bad guys http://www.cnn.com/videos/business/2015/02/16/erin-dnt-segall-major-bank-hacking-heist.cnn
3:01 - using information posted online to craft targeted threats against soldiers
http://www.cnn.com/2015/03/22/politics/online-threat-against-troops/
3:43 - graceful degradation of services when under attack, anomaly detection (think data analytics), automatic isolation of the threat
4:00 - touch screens everywhere, and a Siri like interface later (about 6 years before popularized by the iPhone).
4:08 - military dependent on commercial communication infrastructure
4:35 - automatic signature generation
5:01 - spinning disks represent defense in depth (one of Sami’s favorite visuals)
5:30 - wrappers. See Invincea http://www.invincea.com
6:20 - attacks hit power grids and ATMs http://www.nytimes.com/2013/05/10/nyregion/eight-charged-in-45-million-global-cyber-bank-thefts.html?_r=0
8:20 - attack prediction
8:29 - traceback (a number of techniques are possible)
8:47 - fishbowl to simulate a site and watch attackers. “Next generation” firewalls, where they detonate suspected malware inside some type of container to watch its behavior is essentially a simplified version of this
8:53 - correlation across victim networks, looking for commonalities to identify potential pathway into the network
10:22 - physical damage to electrical generators http://www.toddheberlein.com/blog/2014/3/4/america-the-vulnerable-and-todays-wsj-article
12:02 - reflexive response capability (autonomic response)
13:40 - correlating multiple information feeds (skills demonstrated in attacks, intelligence on watched threats and their interests, financial information, etc.); this issue is returned to several times in the movie
14:11 - activating probes in foreign networks (Hmmm...)
14:42 - coalition issues, a perennial concern for military operations (I was recently told that the US hasn’t gone into a major conflict without coalition partners since the Spanish-American War)
15:38 - modeling potential adversaries to predict actions they will take https://www.schneier.com/blog/archives/2012/01/applying_game_t.html
15:58 - military logistics computers penetrated, screwing up deliveries of material http://www.computerweekly.com/news/2240230885/US-military-logistics-arm-breached-by-China-linked-hackers
16:19 - deploying additional security even though it may slow down the system
17:50 - automatic voice translation. See apps like http://itranslatevoice.com
19:55 - 50 deaths blamed on the cyber attack (we are hoping to stay away from this)
20:24 - cyber attack back
21:09 - serious attack back