DARPA May Lose Cyber Wargames Playground

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Get this. DARPA, the Defense Advanced Research Projects Agency, aka the mad-science agency, a secret Pentagon research institute, wants to build a fake Internet in which to play cyber wargames.

Note to Lost fans: don’t confuse DARPA and DHARMA (Department of Heuristics And Research on Material Applications), even if the two are similarly secret and mad.

DARPA has at times appeared to be accountable to no one, but it apparently won’t get its way over the National Cyber Range (NCR), the plan for a virtual wargames playground. Or at least not this year.

The Senate Armed Services Committee recently recommended a $143.4-million gutting of the mad science agency's budget, including a $10-million hold-back on the NCR project.

The right decision on NCR? Wacky as the project may sound, we’re not so sure.

DARPA’s big disappointment, meanwhile, was one of a couple of recent cases of the Senate or its committees intersecting with gung-ho, but slightly opaque military cyber-initiatives.

Last month, the senior house rubber-stamped Lt. Gen. Keith Alexander as head of the United States Cyber Command, an armed forces “sub-unified command” set up last year under the U.S. Strategic Command.

The Cyber Command was created to defend vital DoD information networks and “prepare to, and when directed, conduct full-spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.”

As usual, we’re not entirely sure what this means, but suspect it’s military-ese for ‘wage all-out cyber war.’ We do like the “when directed” part, though. It suggests the Cyber Command won’t just go off half-cocked.

Note to readers: don’t confuse Cyber Command and Joint Functional Component Command for Network Warfare, which we wrote about earlier this year and which, hmm, Keith also heads. (Okay, permission to be confused.)

That Keith is also head of the National Security Agency raised some eyebrows in the military/intelligence analyst community (and makes us wonder when he sleeps).

Both Senate interventions underline, one way or another, just how deeply involved the military has become in cyberspace and how seriously the Defense Department takes threats there.

Whether you believe those threats are real and justify the arms race, or are more akin to Iraqi WMDs, this much is certain: everything the military does in cyberspace, or threatens to do, concerns everyone who uses the Internet. Which is to say, everyone.

Or it should concern them.

For purposes of column writing, however, we think the National Cyber Range has tons more potential than a multi-tasking general.

The cyber wargames playground is not a new idea. It first came to light two years ago, but not much has been done on it. (Or maybe it has – it’s hard to tell with an organization as secretive as DARPA.)

It’s interesting to note that the Senate Armed Services Committee did not put the kybosh on this project because they thought it was a nutzoid idea. The decision apparently had to do with DARPA not having identified a partner in the military that could apply the results of the research it conducted.

Hello? How about the U.S. Cyber Command? Or the Joint Functional Component Command for Network Warfare? General Alexander?

As harebrained as the NCR project can sound when described in flat military-ese – and it does sound a little Matrix-esque at times – we think it may actually have merit.

The basic idea is to provide a proving ground for cyber defenses (and offensive tools and strategies, as well, we’re guessing) that would allow the military to try them out first without unnecessarily jeopardizing the real network – the one on which we all depend.

This, surely, is a good thing.

The NCR will not simply simulate the physical infrastructure of the global Internet and give military researchers a place to mess around with cyber weapons, though. It will also simulate users. DARPA actually refers to them in its request for proposals (RFPs) as “replicants.”

The system will have to be able to produce “a realistic chain of events between many users without explicit scripting behavior.” The model cyber world, in other words, will replicate real autonomous, sometimes random human behavior.

And the behavior will have to change realistically in response to alterations in the environment – when the Defense Department calls different DefCon (defense readiness conditions) or InfoCon (information operations condition) levels, for example, or executes war plans, or detects attacks or degradations of services.

The level of detail sounds incredible. Replicants will have to simulate physical interaction of individual users with keyboard and mouse. They’ll run common desktop PC applications and interact with authentication systems – access cards, identity tokens, etc. – that real DoD and military personnel would.

Is it worth $10 million? A better question might be, is $10 million enough? But of course, we don’t really know how much DARPA has already done on this project.

Our take, for what it’s worth: the less the military messes around with the engine of the information economy, the better off we’ll all be. Let ‘em have their playground. DARPA: call General Alexander.

Gerry Blackwell is a veteran technology journalist based in Canada. He writes monthly for eSecurityPlanet on the topic of cyber security.