Defense Advanced Research Projects Agency Director Dr. Regina Dugan said the agency increased its budget request for cybersecurity research to $208 million for the upcoming budget cycle, an increase of $88 million from the previous year, she told attendees at DARPA’s Cyber Colloquium on Monday, November 7.
Over the next five years, DARPA’s proposed investment in cybersecurity will increase from eight to 12% of the agency’s top line with the focus being on creating offensive innovations in cybersecurity.
“We need better options,” Dugan said. “We can’t just throw bodies and buildings at the problem, but need to seek new approaches that could lead to convergence.”
Dugan said the country’s approach to cybersecurity has been to layer security on top of a uniform architecture in an effort to create tactical breathing room, but it is not convergent with a tactical threat.
“We are losing ground because we are inherently divergent with the threat,” Dugan said. “Importantly, such divergences are the seeds of strategic surprise.”
She said that the country’s firewall systems has become so complex (lines of code, in some cases, nearly 10 million lines of code) that it is being taken down by malware only 125 lines in code, creating a stark difference in the amount of resources created to develop.
Dugan said this is causing DARPA to rethink how it approaches cybersecurity. She said current efforts need to be continued, but going down only one path will be “fool-hardy” and there needs to be new ways of thinking to fight threats in the future.
She said the agency’s focus in the coming years will be on offensive techniques that help the DoD cyber defenses converge with the threat at hand.
More notes from Dugan’s presentation:
- More than two billion people are now in cyberspace
- In 2004, proceeds from cyber crime exceeded those from illegal drugs with the gap continuing to grow
- More than 300 million malware variants are discovered each year
- Former Deputy Secretary of Defense Bill Lynn said in September that more than 30 nations have created cyber forces