To stop a terrorist, it helps to think like one. The Defense Advanced Research Projects Agency (DARPA) is channeling that philosophy with its new Improv program that encourages engineers, entrepreneurs and tech enthusiasts to imagine how someone might repurpose commercially available devices as weapons. The Pentagon is even offering to fund the process so that some inventors can turn their ideas for hacked cell phones, model rocket motors, drones and other gadgets into prototypes.
DARPA wants to assemble the world’s biggest “red team”—a group of outsiders that can help the Department of Defense get ahead of terrorists looking to attack military personnel, equipment or operations. DARPA will evaluate proposals it receives as part of Improv and within the next month dole out up to $40,000 per proposal to help the proposers study the feasibility of their idea. Once the feasibility studies are completed, DARPA will award another $70,000 to each project it wants to see developed into a basic working prototype that the U.S. military can evaluate. The winners will have three months to build these prototypes and could win up to an additional $20,000 for their efforts.
The increasing sophistication and relentless pace of new technologies available via the Web make it impractical for DARPA to continue to rely exclusively on a small group of its own handpicked experts to identify new ways of using technology that might pose a national security threat, Improv project leader John Main said Wednesday at a press briefing. “Basically you can get undreamed of levels of technological capability by getting on Amazon and Alibaba today that wasn’t possible 10 or 15 years ago,” he added.
Main, who is a program manager in DARPA's Defense Sciences Office, declined to elaborate on the specific types of technology proposals that DARPA wants to evaluate. “I want the red team’s opinion,” he added. “I don’t want my opinion. If I say something, I’ll suddenly get a thousand proposals on that.”
U.S. law enforcement and intelligence leaders have lately taken the controversial stance that they need outside help to keep up with technologically sophisticated bad guys. Ostensibly, this is why the FBI wants Apple to help the agency unlock the iPhone 5c used by San Bernardino terrorism suspect Syed Rizwan Farook. It is also behind Defense’s “Hack the Pentagon” program announced earlier this month that invites cybersecurity experts to test the defenses of certain public DoD Web sites.
It remains to be seen how technology companies will react to what could amount to be government-supported attempts to weaponize their products. Since former National Security Agency contractor Edward Snowden’s 2013 revelations about the extent of U.S. government digital surveillance programs, companies including Apple and Google have begun to introduce countermeasures such as encryption into their devices. Improv could be seen by those companies as an effort by the government to counter those countermeasures. Incidentally, Snowden—speaking via a video feed at Common Cause’s March 8 Blueprint for a Great Democracyconference—said the government’s claims that they couldn’t successfully unlock Farook’s iPhone are “bullshit.”
Although Improv’s introduction comes suspiciously soon after the FBI and Apple moved their legal sparring into the public eye, Main insisted that Improv was not developed in response to any particular case or technology. The program is more a recognition that the abundance of affordable, sophisticated devices available to just about anyone makes it difficult for DARPA to perform its traditional duty of staying ahead of emerging threats, he said. The agency also downplayed the possibility that encouraging gadget hacks could inspire or even fund new ways for terrorists to carry out attacks. “I actually do want to draw attention to technologies because potential adversaries are very smart, and we want to think of these things first,” Main said. He also floated the idea that DARPA might not make certain Improv projects public if there are concerns for the safety of the public and military personnel.
Hack the Pentagon and Improv share the same goal of evaluating technologies to find security problems before the U.S.’s enemies do. A key difference between the programs is that the department says it will conduct background checks on any programmers participating in the Pentagon cybersecurity hacking project. Speaking at the recent RSA Conference on cybersecurity in San Francisco, Defense Secretary Ashton Carter likewise acknowledged that technology is changing too fast to ignore the potential value that outsiders can bring to the government’s cybersecurity efforts. Hack the Pentagon resembles so-called “bug bounty” programs that Facebook, Google and other tech companies have run for years to help them find vulnerabilities in their products before malicious hackers can exploit them.