According to the FBI, since Jan. 1, 2016, more than 4,000 ransomware attacks have occurred on a daily basis, which is a 300 percent increase from the previous year. Some companies project that a ransomware attack will occur every 14 seconds by 2019. U.S. Department of Defense entities are not exempt from such attacks.
With these threats increasing rapidly, the lack of tools available to quickly and adequately defend against them—insufficient network storage, bandwidth and analysis capabilities—have become a top concern. To resolve this issue, the U.S. Defense Advanced Research Projects Agency (DARPA) created the Cyber-Hunting at Scale (CHASE) program. According to DARPA, the program’s goal is to “create data-driven, cyber-hunting tools that detect, characterize, and protect against cyber threats in real time across several DOD enterprise networks and Internet exchange points.”
The four-year program has entered the first of three phases, which, as a whole, aims to develop the technology necessary to collect data, analyze it, find the threats, and unleash real-time protective measures. DARPA announced that it selected BAE Systems to develop the new tools. The three-phase contract is valued at approximately $5.2 million.
“Today, advanced cyberattacks within many enterprise networks go entirely unnoticed among an overwhelming amount of network data or they require intensive manual analysis by expert teams,” said Anne Taylor, BAE Systems product line director for the Cyber Technology group. “Our technology aims to alleviate resource constraints to actively hunt for cyber threats that evade security measures, enhancing the collective cyber defense of these networks.”
BAE Systems is no stranger to developing this kind of real-time cyber defense. It has worked on similar techniques with DARPA, the U.S. Army and the U.S. Navy. The company plans to use advanced machine learning cyberattack modeling to help develop algorithms that can sort and react to different threats, as well as develop detection technologies to discover those hidden threats.
The CHASE program has five technical areas that BAE Systems will work on: threat detection and characterization, informed data planning, global analysis, protective measure generation and dissemination, and infrastructure for evaluation exercises. The first phase will involve developing the technological components. The second phase will serve as an evaluation period. The final phase will involve getting military forces and other agencies set up with the functional cyber weapon.