To date, there has been much focus on increasing DoD cyber defensive capabilities. To be sure, the list of needed capabilities is long. DoD networks may be safer than they were, but systems are often easily penetrated, accounts are routinely hacked, intellectual property and sensitive information are compromised, and the supply chain is not verifiably secure.In normal English, that means that the current efforts are akin to little kids building sand walls to divert the sea around sand castles. It doesn't matter how many of those walls you build, they are still sand and easily defeated by the rising tide. In cyber world, layered defenses on a easily broken system are like those sand walls - and the tide of threats is rising.
The Agency’s recent testimony before congress reinforced that malicious cyber attacks are not merely an existential threat to DoD bits and bytes; they are a real threat to physical systems—including military systems—as well as to U.S. warfighters.
The U.S. will not prevail against these threats simply by scaling current approaches.
“With respect to cyber offense, it is our firm belief that the Department, indeed the Nation, is at an inflection point,” said DARPA Director, Regina E. Dugan. “It is increasingly clear that the operational needs of the Department of Defense (DoD) cannot be achieved by scaling traditional methods for cyber. To be relevant, the DoD needs cyber tools that are matched in diversity of effect and scale, address different timescales and entirely new targets. It will require the integration of cyber and electronic warfare at unprecedented levels.”
Armed with original research spearheaded by Dugan and the Agency’s Deputy Director, Kaigham J. Gabriel, the Agency created a cyber analytical framework as a means of identifying specific opportunities and gaps in capabilities. “The DARPA Cyber Analytic Framework, completed over a period of months through original research and detailed investigation, concluded that the U.S. approach to cyber security is dominated by a strategy that layers security on to a uniform architecture,” said Dugan. “We do this to create tactical breathing space, but this approach is not convergent with an evolving threat.”
How to fix it? That's DARPA's quest.