‘Know the Enemy’: DARPA Develops Simulation to Thwart Cyber Attacks
The great Chinese military strategist Sun Tzu observed, “If you know the enemy and know yourself you need not fear the results of a hundred battles.”
This appears to the thinking behind the US Defense Advanced Research Agency’s (DARPA) new National Cyber Range (NCR) program.
DARPA is teaming with industry to develop technologies that will enable US personnel to simulate attacks on the USA’s cyber networks, which include most IT and computer systems as well as the infrastructure that depends on those systems, and devise strategies to thwart those attacks. By constructing advanced simulations, DARPA hopes the NCR will enable US defenders to anticipate attackers moves and outthink the enemy.
DARPA began the program in January 2009 with the award of 7 contracts for phase I NCR development; the agency recently awarded contracts for phase II…
National Cyber Testbed
According to DARPA, the NCR [pdf] will test technologies such as host security systems, and local and wide area network (LAN and WAN) security tools and suites by integrating, replicating or simulating them.
The NCR will provide a large-scale Global Information Grid (GIG) infrastructure, where technologies and systems can be analyzed and tested under real world conditions in current and future environments. This includes the ability to test new network protocols, satellite and radio frequency (RF) communications, and mobile tactical and maritime communications.
Cyber vulnerabilities can arise anywhere – from the component to the system level and from events such as buggy code and deliberate attacks. DARPA anticipates that the NCR will be able to test all of these issues by recreating the complex interactions of real integrated systems and human users.
The NCR will collect, analyze, visualize, and present data and information from the tests. Knowledge and insights gained during testing will assist operators and developers as they refine, research, and develop operations, technologies, policies, and procedures to strengthen cyber security.
Under phase II of the NCR program, protoypes will be developed. DARPA expects to award phase III contracts and deploy a working NCR system in 5 to 10 years.
Upon completion of all phases, DARPA anticipates that the NCR will be able to:
- Conduct unbiased, quantitative and qualitative assessment of cyber security, information assurance and survivability tools in a representative network environment;
- Replicate complex, large-scale, heterogeneous networks and users for current and future DoD weapon systems and operations;
- Enable multiple, independent, simultaneous experiments on the same infrastructure;
- Enable realistic testing of Internet/GIG scale research; and
- Develop and deploy revolutionary cyber testing capabilities.
Contracts and Key Events
Jan 8/10: Johns Hopkins University Advanced Physics Laboratory in Laurel, MD won a $24.8 million cost-plus-fixed-fee contract for phase II of the National Cyber Range program. Under the contract, Johns Hopkins will build a working prototype that demonstrates the NCR capabilities based on the preliminary design created in Phase I.
The lab will perform the work in Laurel, MD (43.8%); Cambridge, MA (24.8%); Albuquerque, NM (6.2%); North Chelmsford, MA (5.6%); Northport, NY (4.4%); Los Angeles, CA (4.1%); Bethesda, MD (2.7%); Salt Lake City, UT (2.5%); Idaho Falls, ID (2.4%); Columbia, MD (2.0%); Columbia, MD (1.3%); and Camden, NJ (0.2%), with an estimated completion date of April 14/11. Bids were solicited via a Broad Agency Announcement with 7 bids received by DARPA in Arlington, VA (HR0011-10-C-0039).
Jan 8/10: Lockheed Martin’s Simulation, Training and Support unit in Orlando, FL won a cost-plus-fixed-fee contract for phase II of the National Cyber Range program. The contract has an incremental funding level of $8.1 million and a total potential contract value of $30.8 million. Under the contract, Lockheed Martin will build a working prototype that demonstrates the NCR capabilities based on the preliminary design created in Phase I.
Lockheed Martin will perform the work in Orlando, FL (22.83%); Cherry Hill, NJ (30.82%); Salt Lake City, UT (1.54%); Minneapolis, MN (2.43%); Hanover, MD (8.98%); Piscataway, NJ (10.71%); Princeton, NJ (8.53%); Columbia, MD (3.17%); Golden Valley, MN (2.62%); Albuquerque, NM (3%); San Antonio, TX (2.90%); and Washington, DC (1.99%), with an estimated completion date of April 14/11. Bids were solicited via a Broad Agency Announcement with 7 bids received by DARPA in Arlington, VA (HR0011-10-C-0042). Lockheed Martin release.
Jan 8/09: The Defense Advanced Research Agency awarded phase I contracts for the National Cyber Range program to the following companies:
- BAE Systems’ Information and Electronic Systems Integration in Wayne, NJ ($3.3 million);
- General Dynamics’ Advanced Information Systems in San Antonio, TX ($1.9 million);
- Johns Hopkins University Applied Physics Laboratory in Laurel MD ($7.3 million);
- Lockheed Martin’s Simulation, Training and Support unit in Orlando, FL ($5.4 million);
- Northrop Grumman’s Intelligence, Surveillance and Reconnaissance Systems division in Columbia, MD ($344,097);
- Science Applications International Corp. in San Diego, CA ($2.8 million); and
- SPARTA in Columbia, MD ($8.6 million).
- DARPA – National Cyber Range program site
- FedBizOpps (Jan 11/10) – National Cyber Range – Phase II
- Discovery News (Feb 24/09) – Pentagon Funds Cyber Range for Web Warriors
- Johns Hopkins Applied Physics Lab (Jan 27/09) – APL Selected to Help Engineer National Cyber Range
- Spacewar.com (Jan 14/09) – DARPA Commissions National Cyber Range
- Northrop Grumman (Jan 13/09) – Northrop Grumman Wins National Cyber Range Contract
- Aviation Week (Jan 9/09) – DARPA To Fund National Cyber Range Startup
- DARPA (Jan 8/09) – DARPA Leads Game-Changing Cyber Innovation [pdf]