Since the dawn of computing there’s been a cold war between those who run computer systems and those who attack them.
And never the twain shall meet–at least until now.
Speaking at the ShmooCon hacker convention in Washinton, D.C., Defense Advanced Research Projects Agency (DARPA) project manager Peiter Zatko has announced Cyber Fast Track, a new scheme that will rely on the skills of “small organizations, boutiques, hacker spaces, [and] maker labs” in order to find cybersecurity solutions.
Zatko is perhaps best known in hacker circles by the handle of “Mudge,” and as the one-time member of the L0pht and Cult of the Dead Cow collectives. He created the legendary password-cracking tool L0phtCrack and was one of the first to highlight buffer overflow hacks in 1995. In 1998 he famously told a Senate committee that hackers could bring down the Internet within 30 minutes.
The nature of government contracting means that cybersecurity projects undertaken by the Department of Defense typically involve millions of dollars and are designed to take years to complete. There’s nothing wrong with that, Zatko claims, but more agile thinking is necessary.
Zatko described what he called the “asymmetry” between the ease of creating malware compared to the solutions used to defend against it; a piece of malware typically involves 125 lines of computer code, he said, and that’s stayed the same since 1985. However, the latest unified threat management solutions involve around 10,000,000 lines of code, having risen from the same kind of figures as malware in 1985.