recommended reading

Hatching cyberwar: Pentagon incubator will manage weapons

Defense Department file photo

This story has been updated to clarify points about the role of the lab.

The Pentagon’s research wing is setting up a technology incubator for Defense-funded developers to stitch together computer code to automate offensive cyber operations.

The Arlington, Va.-based experimental lab, called the Collaborative Research Space, will function as the test grounds for Plan X, a four-year funding drive to build a system to “control a cyber battlespace in real-time,” a newly-released contract document on the initiative reveals. The Defense Advanced Research Projects Agency wants onsite developers to build algorithms and combine code that could make it easier for planners to implement more proactive security measures and launch malware campaigns against adversaries. According to the document, DARPA seeks to build "an end-to-end system that enables the military to understand, plan, and manage cyberwarfare in real-time" and an "open platform architecture for integration with government and industry technologies." 

Plan X, also called “foundational cyberwarfare,” signals an increasingly aggressive turn in the Defense Department’s approach to addressing threats to its networks. The laboratory, a designated Collateral Secret area, is described as a collaborative space for contractors and the military. “DARPA intends to arrange program interaction with a variety of users from DoD and other government agencies, including onsite military personnel who will be testing and using the Plan X system on a daily basis,” contract databases indicate.

The public call for proposals, released Nov. 20, marks the Pentagon’s growing willingness to advertise its work on cyber weapons. The initiative comes as the National Cyber Range for Defense personnel to hone computer attack capabilities is slated for a multimillion dollar boost as the system transitions from research laboratories into deployment. President Obama in October signed a secret directive giving the military additional leeway to address computer threats, according to reports.

A request for proposals for Plan X had first been scheduled for release at the end of September but was delayed following an unexpected volume of interest from security researchers and contractors. More than 350 participants attended briefings on the program in October, according to DARPA. The DARPA program is spearheaded by Daniel Roelker, who had started defensive security company Sourcefire as well as DC Black Ops unit at Raytheon SI Government Solutions.

Organizations looking to be funded under Plan X should plan on providing one to two full-time developers with Secret security clearances at the incubator, while supporting the individuals off-site. All code created will be incorporated into a full system located at the space.

While explicitly not funding tools to scan networks, DARPA said in the tender it is looking to fund ways to pool information from such tools to create a map of a network – including security infrastructure such as firewalls and intrusion detection systems – that military strategists can rely on to plan computer-oriented campaigns.

A central tenet of Plan X involves identifying areas for automation and machine assistance in cyber operations. “The speed of planning hinges on using machine assistance to automate as much of the process as possible,” the tender states. With algorithms that can help calculate the resources and tools needed to infiltrate networks, assess possible collateral damage from targeting enemy systems, and capabilities to model opponent moves, DARPA hopes that planners will be able to draw up a plans of action more quickly.

Once a cyberwarfare mission plan can be drawn up for an operation, “the next step is to compile or synthesize the plan into a fully encapsulated executable program or script,” according to the tender. DARPA wants researchers to think about how to build “automated techniques that allow mission planners to graphically construct detailed and robust plans that can be automatically synthesized into an executable mission script.” While automation could speed up the response time of the military, moves to reduce human control could raise concerns, especially if computer glitches go unchecked. 

DARPA has explicitly stated it is not funding research into computer vulnerabilities or command and control protocols through Plan X. The broad agency announcement, however, indicates that proposers working on run-time environments -- which interpret programming languages and allow them to be executed -- “should leverage public and commercial capabilities such as Metasploit, Immunity CANVAS, and other standard toolkits.” These are pentesting and exploit-related tools that identity vulnerabilities in computer systems.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.