The Pentagon’s way-out researchers don’t just want to build an Internet
simulator, to test out cyberwar tactics. They want the range’s operators
to "realistically replicate human behavior and frailties," too.
has ordered the Defense Advanced Research Projects Agency, or Darpa, to
put together a National Cyber Range, as part of a massive (and
massively secret) $30 billion, government-wide effort better prep for
battle online. The project is now considered a top
priority for the Agency. And to make sure the facility is as
true-to-life as possible, Darpa wants the contractors running the Range to
be able to "replicate realistic human behavior on nodes," a
request for proposals, released today, reveals.
Specifically, the Agency wants to have its contractors:
- Provide robust technologies to emulate human behavior on all
nodes of the range for testing all aspects of range behavior.
- Replicants will produce realistic chain of events between many
users without explicit scripting behavior.
- Replicants must be capable of implementing multiple user roles
similar to roles found on operational networks.
- Replicant behavior will change as the network environment changes,
as the replicated “outside environment” (i.e. DoD DefCon, InfoCon,
execution of war plans, etc) changes, and as network activity changes
(detected attacks, degradation of services, etc).
- Replicants will simulate physical interaction with device
peripherals, such as keyboard and mice.
- Replicants will drive all common applications on a desktop
- Replicants will interact with authenticate systems, including but
not limited to DoD authentication systems (common access cards – CAC),
These mock people have to be able to "demonstrate human-level behavior
on 80 percent of all events," the Agency adds. And mimicking us
flesh-and-blood types is only one of a wide array of tasks Darpa wants to
see operators of the National Cyber Range, or NCR, pull off.
The facility should also feature a
"realistic, sophisticated, nation-state quality offensive and defensive
opposition forces" that can fight military info-warriors in mock combat.
Contractors have to be ready to create 10,000-node tests from
government-provided "network diagrams and configuration files" in less
than two hours. And those nodes can’t just be computers tied into a faux
Internet. The NCR’s operators should be able to "integrate, replicate, or
simulate" military satellite and digital radio communications, mobile
ad-hoc networks, physical access control systems, U.S. and foreign
"unmanned aerial vehicles, weapons, [and]
radar systems" — even "cyber cafes" and "personal digital assistances
Darpa is moving fast on the project, its first since the dawn of the
space age that comes from a direct order from Congress. Although there’s
no money in the Agency’s budget for the NCR — yet — Darpa has already
begun reaching out to potential contractors. Proposals for the Range are
due on June 30.
tried something like this before when it was running Admiral John
Poindexter’s future terrorism spotting project,
Total Information Awareness," our brothers-in-blogdom over at Threat Level
note. "They created an entire world of fake people buying and selling fake
things, calling their fake friends and visiting fake dentists who filled
fake cavities. They called it Vanilla World. Threat Level tried to get
Vanilla World via a Freedom of Information Act request in 2003, but five
Darpa is still illegally withholding the information."