The military’s research unit is looking for ways to automate protection against cyber adversaries, preventing incidents like the WannaCry ransomware attack that took down parts of the United Kingdom’s National Health Service networks.
The Defense Advanced Research Projects Agency is gathering proposals for software that can automatically neutralize botnets, armies of compromised devices that can be used to carry out attacks, according to a new broad agency announcement.
The “Harnessing Autonomy for Countering Cyber-adversary Systems” program is also looking for systems that can exploit vulnerabilities in compromised networks to protect those networks, making cyber adversaries—both state and non-state—less effective.
This isn't the first time DARPA has investigated automated cybersecurity. In the 2016 Cyber Grand Challenge, participants were tasked with building systems that could thwart attacks without human intervention.
The businesses awarded contracts under the HACCS program will also come up with ways to measure how successful that technology is, incorporating how accurate the systems are in identifying botnet infections and the types of devices harnessed by the botnet.
It’s not enough to simply fortify Defense Department networks, the solicitation says, because botnets might operate without the owner of that network knowing. The Defense Department needs a way to initiate an immediate response even if the owner is not “actively participating in the neutralization process," according to the announcement.
One way to build such an autonomous system might be to teach it to mimic the way human operators neutralize attacks in cyber exercises, according to a HACCS slide deck.
DARPA is not concerned about how stealthy the technology is in neutralizing botnets, the deck notes, but an effective system should only work on the networks that actually are compromised instead of taking the “kitchen sink” approach.
Some internet privacy advocates noted that law enforcement's efforts to quietly neutralize botnets could violate the privacy of those who own the compromised devices, especially if the Federal Bureau of Investigation doesn't inform them that they're accessing their devices in their attempts to thwart attacks.
Proposals for DARPA's four-year program, whose budget is undisclosed, are due Sep. 29.