U.S. to Hack Back at Cyber Threats
Modernizing Authentication — What It Takes to Transform Secure Access
The Defense Advanced Research Projects Agency will fund new cyber-security proposals under the new Cyber-Fast Track project, Peiter Zatko, currently a program manager for the agency's information innovation office, said in his Aug. 4 keynote speech at the Black Hat security conference.
The project, originally announced at ShmooCon cyber-security conference back in January, will bridge the gap between hacker groups and government agencies, he said.
Zatko, a former L0pht hacker known as "Mudge", discussed the government initiative to fund hacking projects designed to help block cyber-threats. Under the Cyber-Fast Track initiative, DARPA will fund between 20 to 100 projects annually. Open to anybody, researchers can pitch DARPA with ideas and have a project approved and funded within 14 days of the application, Zatko said. Developers will retain intellectual property rights while DARPA will operate under government use rights, Zatko said.
Despite increased security spending, the number of malware attacks on government agencies has skyrocketed in recent years, according to Zatko. There were about 1,400 "incidents of malicious cyber activity" in 2000, which jumped to more than 71,000 by 2009, he said.
Anything that could help the military will be considered, including bug-hunting exercises, commodity high-end computing and open software tools. Projects such as cheap unmanned aerial vehicles and an automated war dialer that could repeatedly ring phones in a given area would qualify, Zatko said. The projects should be small and quick to execute, ideally within 12 months, according to Zatko. Projects with the potential to "reduce attack surface areas, reverse current asymmetries" are of "particular interest. DARPA is encouraging efforts in a more strategic, rather than tactical, direction.
For more, read the eWeek article U.S. to Fund Hacking Projects That Thwart Cyber-Threats.