The US Defense Advanced Research Projects Agency (DARPA) has warned that users of the internet will never be fully secure.
DARPA director Arati Prabhakar made the claim during the Washington Post‘s Cybersecurity Summit, arguing that the only way fully to secure the internet is to seal it off and make it available only to selected people.
“The power of information technology, and the reason we put up with all these problems, is that it is phenomenally capable for all the things that change how we live and how we work and how we create national security,” she said.
“You don’t want to cut out any of that capability in the process of building cyber security.”
Prabhakar added that, while wholly securing the internet is impossible, DARPA is working on new ways to track hackers and criminals operating on the Dark Web.
She listed the need for increased computing power and more advanced, scalable big data analytics tools as key challenges in this endeavour.
“[When searching for cyber criminals] you start by creating a different way to look at this vast information environment,” she said.
“The moon shot for cyber security, in my view, is to find techniques that scale faster than the explosion in information.”
Prabhakar revealed that DARPA began working on advanced big data solutions in March, and is also working on several projects designed to bolster global cyber security levels.
She highlighted a research project to create an “unhackable system” as particularly important owing to its potential application in critical infrastructure.
“What [the unhackable software project] means is there is a mathematical proof that this particular function can’t be hacked from a pathway that wasn’t intended,” she said. “That won’t solve the entire problem, but it might make it more manageable.”
Attacks on critical infrastructure are a problem facing governments across the globe owing to their use of insecure SCADA systems.
These concerns peaked in September when researchers uncovered a critical bug, codenamed Shellshock, in the bash code used in Unix and Unix-like systems that could theoretically be exploited to hack SCADA systems.