The Pentagon is seeking technology to coordinate and bolster cyberattack capabilities through a funding experiment called “Plan X,” contract documents indicate.
The Defense Advanced Research Projects Agency envisions new tools that will lay the foundation for launching malware and other computer espionage tools against foreign networks. “The objective of the Plan X program is to create revolutionary technologies for understanding, planning, and managing cyberwarfare in real-time, large-scale, and dynamic network environments,” reads a special notice posted August. 20.
The technology DARPA seeks is part of a larger shift at the Pentagon towards openly supporting the infrastructure for offensive strategies.
As part of Plan X, DARPA is looking to fund research to develop tools to scan and analyze the flow of information in networks to give military planners greater visibility and situational awareness for planning “cyber operations” against enemy systems, according to the notice. The agency also wants to build agile architecture that monitors damage in “dynamic, contested, and hostile network environments” and can adaptively defend against attacks and perform “weapon deployment.”
While this program is explicitly not funding vulnerability analysis or “cyberweapon generation” -- the creation of malware -- the technology developed under Plan X plausibly supports their deployment. DARPA wants technology that allows operations to be orchestrated in the same way as “the auto-pilot function in modern aircraft.” If a system can be programed to automatically repeat a certain offensive or defensive maneuver, this functionality could scale security efforts.
DARPA will seek out a team that can integrate these functions into a system and buy the infrastructure and hardware for it. “A system architecture team is also sought to lead the end-to-end Plan X system development,” the document said.
Agency officials will brief contractors on the program in separate sessions -- one open and one classified Secret -- in Arlington, Va., on September 27. A formal request for proposals will be released at the end of September.
DARPA sought $208 million in cyber spending in fiscal 2012, up from $120 million the previous year. The military’s venture capital wing plans to devote more resources to cyber research in the future. In a 2011 address Regina Dugan, then director of DARPA, said, “we will focus an increasing portion of our cyber research on the investigation of offensive capabilities to address military-specific needs.”
A new generation of government-funded malware and the infrastructure for their deployment is raising legal and ethical questions. The Pentagon, under the orders of the White House, was reported to be involved in malware attacks against Iran’s nuclear enrichment facilities as far back as the Bush administration. Stuxnet, the computer worm reported to have been developed by Israel and United States and used to target centrifuges in Iran, bears similar features to Flame and Duqu, viruses also thought to have originated from state-sponsored campaigns.