recommended reading

Pentagon to bolster networks and cyberattack capabilities with ‘Plan X’

An aerial view of t, ... ]

An aerial view of t, ... ] // Defense Department file photo

The Pentagon is seeking technology to coordinate and bolster cyberattack capabilities through a funding experiment called “Plan X,” contract documents indicate.

The Defense Advanced Research Projects Agency envisions new tools that will lay the foundation for launching malware and other computer espionage tools against foreign networks. “The objective of the Plan X program is to create revolutionary technologies for understanding, planning, and managing cyberwarfare in real-time, large-scale, and dynamic network environments,” reads a special notice posted August. 20.

The technology DARPA seeks is part of a larger shift at the Pentagon towards openly supporting the infrastructure for offensive strategies.

As part of Plan X, DARPA is looking to fund research to develop tools to scan and analyze the flow of information in networks to give military planners greater visibility and situational awareness for planning “cyber operations” against enemy systems, according to the notice. The agency also wants to build agile architecture that monitors damage in “dynamic, contested, and hostile network environments” and can adaptively defend against attacks and perform “weapon deployment.”

While this program is explicitly not funding vulnerability analysis or “cyberweapon generation” -- the creation of malware -- the technology developed under Plan X plausibly supports their deployment. DARPA wants technology that allows operations to be orchestrated in the same way as “the auto-pilot function in modern aircraft.” If a system can be programed to automatically repeat a certain offensive or defensive maneuver, this functionality could scale security efforts.

DARPA will seek out a team that can integrate these functions into a system and buy the infrastructure and hardware for it. “A system architecture team is also sought to lead the end-to-end Plan X system development,” the document said.

Agency officials will brief contractors on the program in separate sessions -- one open and one classified Secret -- in Arlington, Va., on September 27. A formal request for proposals will be released at the end of September.

DARPA sought $208 million in cyber spending in fiscal 2012, up from $120 million the previous year. The military’s venture capital wing plans to devote more resources to cyber research in the future. In a 2011 address Regina Dugan, then director of DARPA, said, “we will focus an increasing portion of our cyber research on the investigation of offensive capabilities to address military-specific needs.”

A new generation of government-funded malware and the infrastructure for their deployment is raising legal and ethical questions. The Pentagon, under the orders of the White House, was reported to be involved in malware attacks against Iran’s nuclear enrichment facilities as far back as the Bush administration. Stuxnet, the computer worm reported to have been developed by Israel and United States and used to target centrifuges in Iran, bears similar features to Flame and Duqu, viruses also thought to have originated from state-sponsored campaigns.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.