As the complexity of software is growing software vulnerabilites are also increasing. According to two US based organizations that track vulnerability disclosure, the number of software vulnerabilities has gradually grown year-over-year achieving its highest peak in 2017. Computers are not patched reliably, configured properly, or used safely, allowing widespread exploitation.
Malicious actors are currently able to compromise and use with impunity large numbers of devices owned and operated by third parties. Such collections of compromised and conscripted devices, commonly referred to as botnets, are used for criminal, espionage, and computer network attack purposes (often a combination of all three). Recent examples of botnets and similar malicious code include Mirai, Hidden Cobra, WannaCry, and Petya/NotPetya. To build botnets, hackers infect internet-connected devices with malware that allows them to execute orders from a remote server. Because the virus sits dormant most of the time, the owners of infected devices rarely know their computer, smartphone or toaster has been compromised.
The potential scale of their effects make such malware a national security threat. The May 11, 2017, Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure specifically identifies botnets as a high priority national security issue. Improving the security posture of Department of Defense (DoD) networks alone is insufficient to counter such threats to national security, as the majority of botnet nodes reside in neutral networks (“gray space”).
Current incident response methods are too resource- and time-consuming to address the problem at scale. Active defense methods are insufficiently precise and predictable in their behavior, posing a risk that they may cause processing issues or other side effects. What is needed is the ability to identify and neutralize botnets and other large-scale malware from compromised devices and networks in a scalable, timely, safe, and reliable manner, in accordance with appropriate privacy and other legal authorities. To achieve the necessary scale and timeliness, such a capability must be effective even if the owners of botnet conscripted networks are unaware of the infection and are not actively participating in the neutralization process.
DARPA launched HACCS program in 2017 to develop safe, reliable, and effective capabilities for conducting Internet-scale counter-cyber operations to deny adversaries’ use of neutral (gray) systems and networks (e.g., botnets). The Defence Advanced Research Projects Agency (DARPA), along the Pentagon’s Joint Artificial Intelligence Center (JAIC), is seeking to expand the intersection of Artificial intelligence (AI) and cybersecurity and cyber warfare operations, the agency’s Acting Director Peter Highnam said.
Development of AI tools and applications for use in the cyber realm is one of several focus areas Highnam and other senior DARPA leaders plan to delve further into, as part of the agency’s long-term strategy. “When we look into the confluence of AI into cyber, that is a hugely rich space” for the development of advanced technologies, he said. “The speed in which you have to operate has demanded that AI technologies be inserted into that mission space”, he said in July 2020.
IDST Monthly Access Membership Required
You must be a IDST Monthly Access member to access this content.