SlideShare a Scribd company logo

Scaling Cyberwarfare (Roelker)

Michael Scovetta
Michael Scovetta

1) The document discusses scaling cyberwarfare capabilities and limitations of relying solely on individual "cyberartisans". 2) It introduces the Binary Executable Transforms (BET) program which aims to automate software development by identifying, extracting, and recombining functional components from binary executables. 3) The author argues that to overcome limitations in force size, execution speed, and tactical depth, breakthroughs in technology are needed rather than just hiring more individual hackers.

TechnologyEducation
1 of 7
Download to read offline
Dan Roelker Program Manager, Information Innovation Office Scaling Cyberwarfare DARPA Cyber Colloquium Arlington, VA November 7, 2011 Approved for Public Release, Distribution Unlimited.
Cyberartisan production doesn’t scale All cybertools have a limited shelf-life and operational relevance Cyberartisan Automation Skill Individual Technology-based Level of effort Manually intensive Mass produced Cost/Benefit “Too big to fail” Cost effective Approved for Public Release, Distribution Unlimited.
Program: Binary Executable Transforms (BET) Identify Extract Combine 1 1 1 Binary A 2 1 2 3 1 2 3 2 1 3 2 Binary B 1 2 2 1 2 3 1 3 2 1 1 Binary C 2 3 1 2 1 2 3 1 2 BET Basic Research Areas Automated combinatorial approach to software development given requirements could provide novel outcomes and diverse binary sets BET identifies and extracts functional components from binary executables with potential for reusing components in new combinations Approved for Public Release, Distribution Unlimited.
Hacker vs. Hacker approach doesn’t scale Skill Level Not everyone can be the cyber equivalent of a Navy SEAL Scaling Limitations Force size Execution speed Tactical depth We don’t win wars by out-hiring an adversary, we win through technology Approved for Public Release, Distribution Unlimited.
Limitations to the Hacker vs. Hacker approach Cyberwarfare is executed at the speed of light . . . Force Size Limitations #of people trained per year # of people to execute a mission Execution Speed Limitations Speed of planning process Speed of mission operation Tactical Depth Limitations Real-time move-counter-move Multi-phase mission strategy we need breakthroughs in technology to accomplish this goal Approved for Public Release, Distribution Unlimited.
Pillars of Foundational Cyberwarfare Exploitation Research automation techniques, defeating formal methods, high-fidelity emulation Network Analysis on-demand topology, infrastructure capability, platform positioning Planning and Execution assured and automated execution, large-scale analytics, distributed planning Cyberwarfare Platform Development Visualization new interfaces, adaptable views, large-scale data representation Approved for Public Release, Distribution Unlimited.
Ideas, thoughts, code? daniel.roelker@darpa.mil Approved for Public Release, Distribution Unlimited.

Recommended

Final report
Final reportFinal report
Final report
M Shehan Perera
 
Firsthalf Ocr D
Firsthalf Ocr DFirsthalf Ocr D
Firsthalf Ocr D
Don Willemann, P.E.
 
BALAJI K _Resume
BALAJI K _ResumeBALAJI K _Resume
BALAJI K _ResumeBalaji K
 
Skype testing overview
Skype testing overviewSkype testing overview
Skype testing overviewQA Club Kiev
 
Skype testing overview
Skype testing overviewSkype testing overview
Skype testing overview
QA Club Kiev
 
Integratedbook
IntegratedbookIntegratedbook
IntegratedbookeLearningGchu
 
Addin Revit.pdf
Addin Revit.pdfAddin Revit.pdf
Addin Revit.pdf
ssuser589db1
 
Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...
Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...
Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...
Daniel Krook
 

Recommended

Final report
Final reportFinal report
Final report
M Shehan Perera
 
Firsthalf Ocr D
Firsthalf Ocr DFirsthalf Ocr D
Firsthalf Ocr D
Don Willemann, P.E.
 
BALAJI K _Resume
BALAJI K _ResumeBALAJI K _Resume
BALAJI K _ResumeBalaji K
 
Skype testing overview
Skype testing overviewSkype testing overview
Skype testing overviewQA Club Kiev
 
Skype testing overview
Skype testing overviewSkype testing overview
Skype testing overview
QA Club Kiev
 
Integratedbook
IntegratedbookIntegratedbook
IntegratedbookeLearningGchu
 
Addin Revit.pdf
Addin Revit.pdfAddin Revit.pdf
Addin Revit.pdf
ssuser589db1
 
Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...
Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...
Commit to the Cause, Push for Change: Contributing to Call for Code Open Sour...
Daniel Krook
 
Software Architecture by Reuse, Composition and Customization
Software Architecture by Reuse, Composition and Customization Software Architecture by Reuse, Composition and Customization
Software Architecture by Reuse, Composition and Customization
Ivano Malavolta
 
FYP%3A+P2P+Bluetooth+Communication+Framework+on+Android%0A
FYP%3A+P2P+Bluetooth+Communication+Framework+on+Android%0AFYP%3A+P2P+Bluetooth+Communication+Framework+on+Android%0A
FYP%3A+P2P+Bluetooth+Communication+Framework+on+Android%0ATianwei_liu
 
Continuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8sContinuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8s
QAware GmbH
 
Fast Depth Paper Review
Fast Depth Paper ReviewFast Depth Paper Review
Fast Depth Paper Review
Joondong KIM
 
Investor's Presentation
Investor's PresentationInvestor's Presentation
Investor's Presentation
Eltechs
 
A New Paradigm In Linux Debug From Viosoft
A New Paradigm In Linux Debug From ViosoftA New Paradigm In Linux Debug From Viosoft
A New Paradigm In Linux Debug From Viosoftguestc28df4
 
JDD Effective Code Review In Agile Teams
JDD Effective Code Review In Agile TeamsJDD Effective Code Review In Agile Teams
JDD Effective Code Review In Agile Teams
Wojciech Seliga
 
Cldc Hotspot Architecture
Cldc Hotspot ArchitectureCldc Hotspot Architecture
Cldc Hotspot Architecturezdmilan
 
Multiuser serious game development: Virtual worlds vs. Game engines
Multiuser serious game development: Virtual worlds vs. Game enginesMultiuser serious game development: Virtual worlds vs. Game engines
Multiuser serious game development: Virtual worlds vs. Game engines
Leonel Morgado
 
A New Paradigm In Linux Debug From Viosoft Corporation
A New Paradigm In Linux Debug From Viosoft CorporationA New Paradigm In Linux Debug From Viosoft Corporation
A New Paradigm In Linux Debug From Viosoft Corporationart_lee
 
Lead Allocation System's Attribute Driven Design (ADD)
Lead Allocation System's Attribute Driven Design (ADD)Lead Allocation System's Attribute Driven Design (ADD)
Lead Allocation System's Attribute Driven Design (ADD)Amin Bandeali
 
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Samy Fodil
 
IRJET- Generation of HTML Code using Machine Learning Techniques from Mock-Up...
IRJET- Generation of HTML Code using Machine Learning Techniques from Mock-Up...IRJET- Generation of HTML Code using Machine Learning Techniques from Mock-Up...
IRJET- Generation of HTML Code using Machine Learning Techniques from Mock-Up...
IRJET Journal
 
Design Verification: The Past, Present and Futurere
Design Verification: The Past, Present and FuturereDesign Verification: The Past, Present and Futurere
Design Verification: The Past, Present and FuturereDVClub
 
Design verification--the-past-present-and-future
Design verification--the-past-present-and-futureDesign verification--the-past-present-and-future
Design verification--the-past-present-and-futureObsidian Software
 
Usha_BuildandRelease_Resume
Usha_BuildandRelease_ResumeUsha_BuildandRelease_Resume
Usha_BuildandRelease_ResumeUsha Nagubandi
 
Wakoopa Recommendation Engine on AWS
Wakoopa Recommendation Engine on AWSWakoopa Recommendation Engine on AWS
Wakoopa Recommendation Engine on AWS
Menno van der Sman
 
Vb
VbVb
VbKuldeep Sharma
 
Wakoopa Recommendations Engine on AWS
Wakoopa Recommendations Engine on AWSWakoopa Recommendations Engine on AWS
Wakoopa Recommendations Engine on AWS
Amazon Web Services
 
Web2MexADL - CSMR Presentation
Web2MexADL - CSMR PresentationWeb2MexADL - CSMR Presentation
Web2MexADL - CSMR Presentation
jccastrejon
 
Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013Michael Scovetta
 
Android Attacks
Android AttacksAndroid Attacks
Android AttacksMichael Scovetta
 

More Related Content

Similar to Scaling Cyberwarfare (Roelker)

Software Architecture by Reuse, Composition and Customization
Software Architecture by Reuse, Composition and Customization Software Architecture by Reuse, Composition and Customization
Software Architecture by Reuse, Composition and Customization
Ivano Malavolta
 
FYP%3A+P2P+Bluetooth+Communication+Framework+on+Android%0A
FYP%3A+P2P+Bluetooth+Communication+Framework+on+Android%0AFYP%3A+P2P+Bluetooth+Communication+Framework+on+Android%0A
FYP%3A+P2P+Bluetooth+Communication+Framework+on+Android%0ATianwei_liu
 
Continuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8sContinuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8s
QAware GmbH
 
Fast Depth Paper Review
Fast Depth Paper ReviewFast Depth Paper Review
Fast Depth Paper Review
Joondong KIM
 
Investor's Presentation
Investor's PresentationInvestor's Presentation
Investor's Presentation
Eltechs
 
A New Paradigm In Linux Debug From Viosoft
A New Paradigm In Linux Debug From ViosoftA New Paradigm In Linux Debug From Viosoft
A New Paradigm In Linux Debug From Viosoftguestc28df4
 
JDD Effective Code Review In Agile Teams
JDD Effective Code Review In Agile TeamsJDD Effective Code Review In Agile Teams
JDD Effective Code Review In Agile Teams
Wojciech Seliga
 
Cldc Hotspot Architecture
Cldc Hotspot ArchitectureCldc Hotspot Architecture
Cldc Hotspot Architecturezdmilan
 
Multiuser serious game development: Virtual worlds vs. Game engines
Multiuser serious game development: Virtual worlds vs. Game enginesMultiuser serious game development: Virtual worlds vs. Game engines
Multiuser serious game development: Virtual worlds vs. Game engines
Leonel Morgado
 
A New Paradigm In Linux Debug From Viosoft Corporation
A New Paradigm In Linux Debug From Viosoft CorporationA New Paradigm In Linux Debug From Viosoft Corporation
A New Paradigm In Linux Debug From Viosoft Corporationart_lee
 
Lead Allocation System's Attribute Driven Design (ADD)
Lead Allocation System's Attribute Driven Design (ADD)Lead Allocation System's Attribute Driven Design (ADD)
Lead Allocation System's Attribute Driven Design (ADD)Amin Bandeali
 
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Samy Fodil
 
IRJET- Generation of HTML Code using Machine Learning Techniques from Mock-Up...
IRJET- Generation of HTML Code using Machine Learning Techniques from Mock-Up...IRJET- Generation of HTML Code using Machine Learning Techniques from Mock-Up...
IRJET- Generation of HTML Code using Machine Learning Techniques from Mock-Up...
IRJET Journal
 
Design Verification: The Past, Present and Futurere
Design Verification: The Past, Present and FuturereDesign Verification: The Past, Present and Futurere
Design Verification: The Past, Present and FuturereDVClub
 
Design verification--the-past-present-and-future
Design verification--the-past-present-and-futureDesign verification--the-past-present-and-future
Design verification--the-past-present-and-futureObsidian Software
 
Usha_BuildandRelease_Resume
Usha_BuildandRelease_ResumeUsha_BuildandRelease_Resume
Usha_BuildandRelease_ResumeUsha Nagubandi
 
Wakoopa Recommendation Engine on AWS
Wakoopa Recommendation Engine on AWSWakoopa Recommendation Engine on AWS
Wakoopa Recommendation Engine on AWS
Menno van der Sman
 
Wakoopa Recommendations Engine on AWS
Wakoopa Recommendations Engine on AWSWakoopa Recommendations Engine on AWS
Wakoopa Recommendations Engine on AWS
Amazon Web Services
 
Web2MexADL - CSMR Presentation
Web2MexADL - CSMR PresentationWeb2MexADL - CSMR Presentation
Web2MexADL - CSMR Presentation
jccastrejon
 

Similar to Scaling Cyberwarfare (Roelker) (20)

Software Architecture by Reuse, Composition and Customization
Software Architecture by Reuse, Composition and Customization Software Architecture by Reuse, Composition and Customization
Software Architecture by Reuse, Composition and Customization
 
FYP%3A+P2P+Bluetooth+Communication+Framework+on+Android%0A
FYP%3A+P2P+Bluetooth+Communication+Framework+on+Android%0AFYP%3A+P2P+Bluetooth+Communication+Framework+on+Android%0A
FYP%3A+P2P+Bluetooth+Communication+Framework+on+Android%0A
 
Continuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8sContinuous (Non-)Functional Testing of Microservices on K8s
Continuous (Non-)Functional Testing of Microservices on K8s
 
Fast Depth Paper Review
Fast Depth Paper ReviewFast Depth Paper Review
Fast Depth Paper Review
 
Investor's Presentation
Investor's PresentationInvestor's Presentation
Investor's Presentation
 
A New Paradigm In Linux Debug From Viosoft
A New Paradigm In Linux Debug From ViosoftA New Paradigm In Linux Debug From Viosoft
A New Paradigm In Linux Debug From Viosoft
 
JDD Effective Code Review In Agile Teams
JDD Effective Code Review In Agile TeamsJDD Effective Code Review In Agile Teams
JDD Effective Code Review In Agile Teams
 
Cldc Hotspot Architecture
Cldc Hotspot ArchitectureCldc Hotspot Architecture
Cldc Hotspot Architecture
 
Multiuser serious game development: Virtual worlds vs. Game engines
Multiuser serious game development: Virtual worlds vs. Game enginesMultiuser serious game development: Virtual worlds vs. Game engines
Multiuser serious game development: Virtual worlds vs. Game engines
 
A New Paradigm In Linux Debug From Viosoft Corporation
A New Paradigm In Linux Debug From Viosoft CorporationA New Paradigm In Linux Debug From Viosoft Corporation
A New Paradigm In Linux Debug From Viosoft Corporation
 
Lead Allocation System's Attribute Driven Design (ADD)
Lead Allocation System's Attribute Driven Design (ADD)Lead Allocation System's Attribute Driven Design (ADD)
Lead Allocation System's Attribute Driven Design (ADD)
 
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
 
IRJET- Generation of HTML Code using Machine Learning Techniques from Mock-Up...
IRJET- Generation of HTML Code using Machine Learning Techniques from Mock-Up...IRJET- Generation of HTML Code using Machine Learning Techniques from Mock-Up...
IRJET- Generation of HTML Code using Machine Learning Techniques from Mock-Up...
 
Design Verification: The Past, Present and Futurere
Design Verification: The Past, Present and FuturereDesign Verification: The Past, Present and Futurere
Design Verification: The Past, Present and Futurere
 
Design verification--the-past-present-and-future
Design verification--the-past-present-and-futureDesign verification--the-past-present-and-future
Design verification--the-past-present-and-future
 
Usha_BuildandRelease_Resume
Usha_BuildandRelease_ResumeUsha_BuildandRelease_Resume
Usha_BuildandRelease_Resume
 
Wakoopa Recommendation Engine on AWS
Wakoopa Recommendation Engine on AWSWakoopa Recommendation Engine on AWS
Wakoopa Recommendation Engine on AWS
 
Vb
VbVb
Vb
 
Wakoopa Recommendations Engine on AWS
Wakoopa Recommendations Engine on AWSWakoopa Recommendations Engine on AWS
Wakoopa Recommendations Engine on AWS
 
Web2MexADL - CSMR Presentation
Web2MexADL - CSMR PresentationWeb2MexADL - CSMR Presentation
Web2MexADL - CSMR Presentation
 

More from Michael Scovetta

Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013Michael Scovetta
 
Modern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesModern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesMichael Scovetta
 
Exploitation and State Machines
Exploitation and State MachinesExploitation and State Machines
Exploitation and State MachinesMichael Scovetta
 
Don't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesDon't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesMichael Scovetta
 
The Listening: Email Client Backdoor
The Listening: Email Client BackdoorThe Listening: Email Client Backdoor
The Listening: Email Client BackdoorMichael Scovetta
 
Smooth CoffeeScript
Smooth CoffeeScriptSmooth CoffeeScript
Smooth CoffeeScript
Michael Scovetta
 
DEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking ForDEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking ForMichael Scovetta
 
Systematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesSystematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesMichael Scovetta
 
Consumer Password Worst Practices
Consumer Password Worst PracticesConsumer Password Worst Practices
Consumer Password Worst Practices
Michael Scovetta
 
A collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programsA collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programs
Michael Scovetta
 
If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)
Michael Scovetta
 
High Assurance Systems (Fisher)
High Assurance Systems (Fisher)High Assurance Systems (Fisher)
High Assurance Systems (Fisher)
Michael Scovetta
 
PROCEED and Crowd-Sourced Formal Verification
PROCEED and Crowd-Sourced Formal VerificationPROCEED and Crowd-Sourced Formal Verification
PROCEED and Crowd-Sourced Formal Verification
Michael Scovetta
 
National Cyber Range (Ranka)
National Cyber Range (Ranka)National Cyber Range (Ranka)
National Cyber Range (Ranka)
Michael Scovetta
 
Beyond Passwords (Guidorizzi)
Beyond Passwords (Guidorizzi)Beyond Passwords (Guidorizzi)
Beyond Passwords (Guidorizzi)
Michael Scovetta
 

More from Michael Scovetta (20)

Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013Peter Norvig - NYC Machine Learning 2013
Peter Norvig - NYC Machine Learning 2013
 
Android Attacks
Android AttacksAndroid Attacks
Android Attacks
 
Strategic Surprise
Strategic SurpriseStrategic Surprise
Strategic Surprise
 
Stackjacking
StackjackingStackjacking
Stackjacking
 
Modern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and TechniquesModern Kernel Pool Exploitation: Attacks and Techniques
Modern Kernel Pool Exploitation: Attacks and Techniques
 
Exploitation and State Machines
Exploitation and State MachinesExploitation and State Machines
Exploitation and State Machines
 
Don't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade MachinesDon't Give Credit: Hacking Arcade Machines
Don't Give Credit: Hacking Arcade Machines
 
Attacking the WebKit Heap
Attacking the WebKit HeapAttacking the WebKit Heap
Attacking the WebKit Heap
 
The Listening: Email Client Backdoor
The Listening: Email Client BackdoorThe Listening: Email Client Backdoor
The Listening: Email Client Backdoor
 
Smooth CoffeeScript
Smooth CoffeeScriptSmooth CoffeeScript
Smooth CoffeeScript
 
DEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking ForDEFCON 18- These Aren't the Permissions You're Looking For
DEFCON 18- These Aren't the Permissions You're Looking For
 
Systematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android SmartphonesSystematic Detection of Capability Leaks in Stock Android Smartphones
Systematic Detection of Capability Leaks in Stock Android Smartphones
 
Consumer Password Worst Practices
Consumer Password Worst PracticesConsumer Password Worst Practices
Consumer Password Worst Practices
 
HTML5 Web Security
HTML5 Web SecurityHTML5 Web Security
HTML5 Web Security
 
A collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programsA collection of examples of 64 bit errors in real programs
A collection of examples of 64 bit errors in real programs
 
If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)If You Don't Like the Game, Hack the Playbook... (Zatko)
If You Don't Like the Game, Hack the Playbook... (Zatko)
 
High Assurance Systems (Fisher)
High Assurance Systems (Fisher)High Assurance Systems (Fisher)
High Assurance Systems (Fisher)
 
PROCEED and Crowd-Sourced Formal Verification
PROCEED and Crowd-Sourced Formal VerificationPROCEED and Crowd-Sourced Formal Verification
PROCEED and Crowd-Sourced Formal Verification
 
National Cyber Range (Ranka)
National Cyber Range (Ranka)National Cyber Range (Ranka)
National Cyber Range (Ranka)
 
Beyond Passwords (Guidorizzi)
Beyond Passwords (Guidorizzi)Beyond Passwords (Guidorizzi)
Beyond Passwords (Guidorizzi)
 

Recently uploaded

How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
g2nightmarescribd
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Ramesh Iyer
 

Recently uploaded (20)

How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
Generating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using SmithyGenerating a custom Ruby SDK for your web service or Rails API using Smithy
Generating a custom Ruby SDK for your web service or Rails API using Smithy
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...
 

Scaling Cyberwarfare (Roelker)

  • 1. Dan Roelker Program Manager, Information Innovation Office Scaling Cyberwarfare DARPA Cyber Colloquium Arlington, VA November 7, 2011 Approved for Public Release, Distribution Unlimited.
  • 2. Cyberartisan production doesn’t scale All cybertools have a limited shelf-life and operational relevance Cyberartisan Automation Skill Individual Technology-based Level of effort Manually intensive Mass produced Cost/Benefit “Too big to fail” Cost effective Approved for Public Release, Distribution Unlimited.
  • 3. Program: Binary Executable Transforms (BET) Identify Extract Combine 1 1 1 Binary A 2 1 2 3 1 2 3 2 1 3 2 Binary B 1 2 2 1 2 3 1 3 2 1 1 Binary C 2 3 1 2 1 2 3 1 2 BET Basic Research Areas Automated combinatorial approach to software development given requirements could provide novel outcomes and diverse binary sets BET identifies and extracts functional components from binary executables with potential for reusing components in new combinations Approved for Public Release, Distribution Unlimited.
  • 4. Hacker vs. Hacker approach doesn’t scale Skill Level Not everyone can be the cyber equivalent of a Navy SEAL Scaling Limitations Force size Execution speed Tactical depth We don’t win wars by out-hiring an adversary, we win through technology Approved for Public Release, Distribution Unlimited.
  • 5. Limitations to the Hacker vs. Hacker approach Cyberwarfare is executed at the speed of light . . . Force Size Limitations #of people trained per year # of people to execute a mission Execution Speed Limitations Speed of planning process Speed of mission operation Tactical Depth Limitations Real-time move-counter-move Multi-phase mission strategy we need breakthroughs in technology to accomplish this goal Approved for Public Release, Distribution Unlimited.
  • 6. Pillars of Foundational Cyberwarfare Exploitation Research automation techniques, defeating formal methods, high-fidelity emulation Network Analysis on-demand topology, infrastructure capability, platform positioning Planning and Execution assured and automated execution, large-scale analytics, distributed planning Cyberwarfare Platform Development Visualization new interfaces, adaptable views, large-scale data representation Approved for Public Release, Distribution Unlimited.
  • 7. Ideas, thoughts, code? daniel.roelker@darpa.mil Approved for Public Release, Distribution Unlimited.