DARPA’s budget submission for fiscal year 2012 increased cyber research funding by $88 million, from $120 million to $208 million. Over the next five years, the agency plans to increase its top-line budget investment in cyber research from 8% to 12%, agency director Regina Dugan told DARPA’s Colloquium on Future Directions in Cyber Security on Monday.
“We are shifting our investments to activities that promise more convergence with the threat and that recognize the needs of the Department of Defense,” explained Dugan.
“Malicious cyber attacks are not merely an existential threat to our bits and bytes; they are a real threat to our physical systems, including our military systems. To this end, in the coming years we will focus an increasing portion of our cyber research on the investigation of offensive capabilities to address military-specific needs”, Dugan said.
Over the past 20 years, the effort and cost of information security software has grown exponentially – from software packages with thousands of lines of code to packages with nearly 10 million lines of code, Dugan said. By contrast, over that same period, and across roughly 9,000 examples of viruses, worms, exploits, and bots, there has been a nearly constant average of 125 lines of code for malware.
“The U.S. approach to cybersecurity is dominated by a strategy that layers security on to a uniform architecture. We do this to create tactical breathing space, but this approach is not convergent with an evolving threat,” said Dugan.
To address this discrepancy, DARPA has recruited a cyber team composed of experts from diverse fields including the “white hat hacker community, academia, labs, nonprofits, and commercial companies, in addition to the defense and intelligence communities", she said.