[ISN] Pentagon Wants Cyberwar Range to 'Replicate Human Behavior and Frailties'

From: InfoSec News (alerts@private)
Date: Tue May 06 2008 - 01:37:06 PDT


By Noah Shachtman
Danger Room
May 05, 2008

The Pentagon's way-out researchers don't just want to build an Internet 
simulator, to test out cyberwar tactics.  They want the range's 
operators to "realistically replicate human behavior and frailties," 

Congress has ordered the Defense Advanced Research Projects Agency, or 
Darpa, to put together a National Cyber Range, as part of a massive (and 
massively secret) $30 billion, government-wide effort better prep for 
battle online. The project is now considered a top priority for the 
Agency.  And to make sure the facility is as true-to-life as possible, 
Darpa wants the contractors running the Range to be able to "replicate 
realistic human behavior on nodes," a request for proposals, released 
today, reveals.

Specifically, the Agency wants to have its contractors:

    *  Provide robust technologies to emulate human behavior on all 
       nodes of the range for testing all aspects of range behavior.

    *  Replicants will produce realistic chain of events between many 
       users without explicit scripting behavior.

    *  Replicants must be capable of implementing multiple user roles 
       similar to roles found on operational networks.
    *  Replicant behavior will change as the network environment 
       changes, as the replicated “outside environment” (i.e. DoD 
       DefCon, InfoCon, execution of war plans, etc) changes, and as 
       network activity changes (detected attacks, degradation of 
       services, etc).
    *  Replicants will simulate physical interaction with device 
       peripherals, such as keyboard and mice.
    *  Replicants will drive all common applications on a desktop 

    *  Replicants will interact with authenticate systems, including but 
       not limited to DoD authentication systems (common access cards – 
       CAC), identity tokens.

These mock people have to be able to "demonstrate human-level behavior 
on 80 percent of all events," the Agency adds. And mimicking us 
flesh-and-blood types is only one of a wide array of tasks Darpa wants 
to see operators of the National Cyber Range, or NCR, pull off.

The facility should also feature a "realistic, sophisticated, 
nation-state quality offensive and defensive opposition forces" that can 
fight military info-warriors in mock combat. Contractors have to be 
ready to create 10,000-node tests from government-provided "network 
diagrams and configuration files" in less than two hours. And those 
nodes can't just be computers tied into a faux Internet. The NCR's 
operators should be able to "integrate, replicate, or simulate" military 
satellite and digital radio communications, mobile ad-hoc networks, 
physical access control systems, U.S. and foreign "unmanned aerial 
vehicles, weapons, [and] radar systems" -- even "cyber cafes" and 
"personal digital assistances [sic]."

Darpa is moving fast on the project, its first since the dawn of the 
space age that comes from a direct order from Congress.  Although 
there's no money in the Agency's budget for the NCR -- yet -- Darpa has 
already begun reaching out to potential contractors. Proposals for the 
Range are due on June 30.

Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Tue May 06 2008 - 01:52:53 PDT