[Infowarrior] - US cyberdefense: A Big Pot of Money

Sat Jun 14 12:27:30 UTC 2008

Begin forwarded message:

> From: "Simon Taplin"
>
> A Big Pot of Money
>
> http://www.defensetech.org/archives/004249.html
>
> Recently much attention is being given to the topic of cyber warfare
> and rightfully so. Our computers and networks are under continuous
> attack from all over the world. The level of sophistication of these
> attacks and the quality of the code written to perform these attacks
> both have raised significantly in the past year. Experts agree we have
> entered a new era of warfare and are transitioning from bombs and
> bullets to bits and bytes.
>
> In January two classified presidential directives were signed related
> to defending the country against cyber attacks. At that time the price
> tag was estimated at $6 billion. In mid May the price tag was revised
> and believed to be $17 billion. Now, the price has risen again to be
> $30 billion. That is a big pot of money by anyone's standards. So the
> question is, where will this money be spent? Increasing cyber defense
> will require investment in Research and Development as well as in
> existing technology and services. The first and most critical activity
> will be to fortify current systems against known cyber threats.
>
> Spending Allocation:
>
>    *      Hardware 18% $5.4 Billion USD
>    *      Software 25% $7.5 Billion USD
>    *      Consulting 29% $8.7 Billion USD
>    *      Services 24% $7.2 Billion USD
>    *      R&D 4% $1.2 Billion USD
>
> The R&D efforts will focus on near term delivery of advanced defensive
> capabilities (like behavioral modeling) of software processes and
> transaction to evaluate if they pose a threat to the system.
> Additionally, advanced modeling capabilities are required for evolving
> defenses and investigative activities. Advanced modeling will be used
> to certify and authenticate chips, hardware and software to be
> authentic and free of malicious code. One of the most promising
> capabilities centers on the development of a "Digital DNA" database
> repository. The ultimate goal of this work is the same as with current
> DNA forensics - to identify the perpetrators of the assault. Most
> cyber attacks leave behind forensic evidence that can be used to
> assess the capabilities of the attacker, understand the implications
> of the attack and to create defensive measure to guard against this
> type attack in the future. With all the attacks that have taken place,
> there is significant intelligence out there about techniques, cyber
> weapons, and strategies that have been used in these cyber assaults.
> Analysis of this evidence can create Digital DNA which could also help
> to identify the source of the malicious code and potentially lead to
> the attacker.
>
> ASDF represents the four Digital DNA characteristic sets.
> A = attributes, abilities, abstraction, architecture, assembly,  
> adaptation
> S = style, signatures, syntax, structure, source, specification, scope
> D = demographics, delivery, development, discipline, data, design
> F = functions, features, faults, formidability, fields, forms, factors
>
> There are currently over a million pieces of malware. On average there
> are approximately 200 new computer viruses released monthly, so the
> raw cyber DNA materials are not in short supply. The potential use and
> value of the Digital DNA repository will increase with every single
> entry and the analysis of attacks. According to a source close to the
> Digital DNA project, the repository is currently in its infancy, it
> continues to grow and mature with the knowledge gained from each cyber
> attack. John Foley, CEO of Defcomm1 and former CEO of Vigilant Minds a
> leading managed security services provider said, "Much like the human
> genome project, Digital DNA will basically fingerprint the technical
> and human factors behind the malicious software and attacks." Security
> experts believe that Digital DNA type data is a critical component and
> required to fight cyber attacks and defend systems.
>
> -- Kevin Coleman