By Madison Ruppert | Endthelie.com | Aug. 24, 2012
|Captain Jason Simmons, left, and Staff Sgt. Clinton Tips update anti-virus software for Air Force units to assist in the prevention of cyberspace hackers at Barksdale AFB (Image credit: U.S. Air Force photo/Technical Sgt. Cecilio Ricardo)
The Defense Advanced Research Projects Agency (DARPA) – the Pentagon’s research agency responsible for such unbelievable research and development projects such as weaponized hallucinations, robots which are not only lifelike but also nearly as efficient as human beings, on-demand genetically engineered bio-products, creepy chameleon-like soft robots and dirt cheap miniature spy computers, to just mention a few projects – is now working on a new, classified cyberwarfare project dubbed “Plan X.”
DARPA claims that the project is not aiming to create the next Stuxnet but instead to make computer-based warfare “a more routine part of U.S. military operations,” according to Wired’s Danger Room.
One might point out that just naming Stuxnet (which has been linked to the U.S. and Israel according to experts) is a bit misleading since one must also include the related piece of malicious software called “Duqu” and the most recently discovered, astoundingly advanced software known as “Flame.”
Indeed, the cyberwarfare ambitions of the United States (and Israel as well, as the Times of India points out) are quite grand indeed, evidenced not only by malware like Stuxnet but also by the seemingly grandiose Plan X.
DARPA seeks, in their own words, to “dominate the cyber battlespace,” which shouldn’t be all too hard for the agency largely responsible for creating the internet in the first place.
The push for even more sophisticated cyberwarfare capabilities has increased considerably in recent history with the creation of the program known as “Cyber Fast Track” which is designed to get money awarded to “non-traditional players” (meaning hackers, small companies, etc.) in an average of seven days.
For those not familiar with government contracting, that time frame is amazingly narrow, especially when Cyber Fast Track is entirely “a research effort,” according to their official website.
DARPA seeks to create tools for the military planners that allow them to rapidly launch cyberattacks and discover “ways to assess the damage caused by a new piece of friendly military malware before it’s unleashed,” according to Danger Room.
Ken Gabriel, the former acting director of DARPA, told the Washington Post that they want to create something like a digital battlefield map which would allow the military brass to observe the “fighting” as it occurs.
“In a split microsecond you could have a completely different flow of information and set of nodes,” Gabriel said. “The challenge and the opportunity is to create a capability where you’re always getting a rapid, high-order look of what the Internet looks like — of what the cyberspace looks like at any one point in time.”
Plan X was formally announced in a solicitation entitled “Plan X Proposers’ Day Workshop” on August 20, 2012 and the Broad Agency Announcement (BAA) will be released by the end of September 2012.
Interestingly, while the Proposers’ Day Workshop will be held on September 27, 2012 at the DARPA Conference Center in Arlington, Virginia, only one of the sessions is unclassified.
According to the solicitation posted on the Federal Business Opportunities website, “There will be an unclassified session in the morning and a classified SECRET session in the afternoon. Attendance at the afternoon session is limited to individuals with US DOD SECRET clearances or higher. Neither session is open to the general public or members of the media.”
The roughly $100 million Plan X program “is explicitly not funding research and development efforts in vulnerability analysis or cyberweapon generation,” according to the solicitation.
It seems that Plan X is mostly focused on creating a kind of standardized system for the U.S. cyberwarfare program by creating so-called “standing rules of engagement” and pre-defined battle plans which would enable the military to react almost instantly to a cyberattack.
According to military brass, if they are forced to wait for more than just a few moments, the U.S.’s ability to respond might be crippled.
Plan X is aiming to create mission plans as easy to carry out as “the auto-pilot function in modern aircraft,” while still containing “formal methods to provably quantify the potential battle damage from each synthesized mission plan.”
In other words, they want a push-button solution capable of executing a cyberattack with quantifiable damage and thus calculable collateral damage.
Once their “auto-pilot” cyberwarfare plan is put into operation, DARPA would like to have computer systems which they define as “hardened ‘battle units’ that can perform cyberwarfare functions such as battle damage monitoring, communication relay, weapon deployment, and adaptive defense.”
I see this as a highly troubling development, as Danger Room rightly points out, “Of course, many critics of U.S. policy believe the deployment of cyberweapons is already too routine. America’s online espionage campaign against Iran has been deeply controversial, both at home and abroad.”
Indeed it has become so deeply controversial that Russia has called “for a ban on cyberweapons like those that blocked poison gas or expanding bullets from the armies of major nations and other entities,” according to the New York Times.
“Here in the U.S., there’s a fear that, by unleashing Stuxnet and other military-grade malware, the Obama administration legitimized such attacks as a tool of statecraft — and invited other nations to strike our fragile infrastructure,” Danger Room rightly points out.
When our nation is openly legitimizing the assassination of our own citizens and claiming that secret reviews of classified evidence count as due process, we are only legitimizing that practice in the eyes of other nations since the U.S. often likes to paint itself as an example for the rest of the world.
Similarly, when we are launching cyberattacks that are easily linked back to us, we are only setting a quite troubling example for other nations to follow.
DARPA’s project is being led by Daniel Roelker, a hacker who “joined DARPA from Raytheon SI Government Solutions where he started the DC Black Ops unit which focused in developing break-through computer security technology. Prior to that, he led the CNO Mission Applications section at BAE Systems Advanced Information Technologies transitioning multiple research projects throughout the DoD and intelligence communities,” according to the DARPA website.
“Mr. Roelker also helped start the intrusion detection company, Sourcefire, and was a lead Snort developer. He received four patents for his innovation in the field, ranging from high-speed detection algorithms to anti-evasion techniques,” the website adds.
During a presentation in November 2011, Roelker spoke out against what he called the “hacker vs. hacker” approach to cyberwarfare.
Since this approach involves simply snatching up as many skilled individuals as possible and since there are obviously a finite number of these people on the face of the Earth, Roelker advocates a different approach.
“We don’t win wars by out-hiring an adversary, we win through technology,” said Roelker, which is exactly what Plan X is trying to do.
Back then, Roelker called the goal of creating a suite of cyberwarfare tools to first analyze the target, automate the execution of the attack itself and then quantify the results the “Pillars of Foundational Cyberwarfare.” Now, these pillars have been re-packed and re-branded simply as Plan X.
I believe that Plan X could very well be incredibly destructive due to the seeming ease and previously unimaginable speed with which attacks could be launched. Obviously this capability makes it much easier to execute attacks before enough information has been gathered.
The potential destruction which could be wrought by the U.S. and Israel’s cyberwarfare machine is already quite massive and enabling the attacks to be carried out even more swiftly likely means that more cyberattacks will be launched. I see this as nothing less than a recipe for disaster.