DARPA’s Plan X Gives
Military Operators a Place to Wage Cyber Warfare
By Cheryl Pellerin, DoD News,
Defense Media Activity.
Washington D.C. — (DoD
News) — May 12, 2016 — Since 2013, the Defense Advanced Research Projects
Agency’s Plan X cyber warfare program engineers have done the foundational work
they knew it would take to create for the first time a common operating picture
for warriors in cyberspace.
Next month in Suffolk, Virginia, that work will pay off when
Plan X is released from the DARPA lab and into the hands of operators -- also
for the first time -- during back-to-back annual joint cyber exercises: Cyber
Guard and Cyber Flag.
The Defense Advanced Research Projects Agency’s Plan X
program is working to help military cyber operators visualize the cyber
battlespace and perform missions there based on an established cyber framework
and a common operating picture. Plan X is a foundational cyberwarfare program
whose engineers are developing platforms the Defense Department will use to plan
for, conduct and assess cyberwarfare in a manner similar to that of kinetic
“We've got a great team of engineers, and we have had
persistent participation by the military services in our lab acting essentially
as end users, helping us flesh out the work flow and how it should be done,”
Plan X Program Manager Frank Pound told DoD News in an interview this week.
“[Operators] haven't had a unified architecture from which to
conduct cyber operations or reason about cyber or visualize cyber,” Pound said,
“which are all the things that Plan X is going to provide for them.”
Defending the Perimeter
One of the big focus areas for Plan X is the workflow
military fighters use to accomplish their job when they're in battle, defending
their perimeter, Pound said. Plan X allows them to plan cyber missions based on
the defense of key cyber terrain such as mail and file servers, routers and
gateways that are important for their defense and give them good visibility into
the behavior, health and status of those pieces of key cyber terrain, he added.
Plan X, he said, “identifies pieces of key cyber terrain in a
visual way so they can see it, just like they'd be able to see physical terrain
through a pair of binoculars.”
The program applies military science to computer science in
cyberspace. This gives operators a platform they understand, because it's
designed for the military mindset, encapsulating the military decision-making
process and allowing operators to plan missions and think about cyber just as
they were trained to do in boot camp and at the service academies, Pound
To do this and more, the Plan X engineers have gained a lot
of ground technically in software development, he said.
Cyber Tool Apps
In terms of cyber effects, for Plan X users who don’t have
what Pound called “exquisite knowledge” about the technical workings of cyber
tools such as digital binoculars and sensors, Plan X engineers developed an app
store and turned tools into apps. Then the engineers went farther.
“Rather than having to know what all the apps are, the apps
actually perform effects. They allow me to discover things on my network and
sense things on my network, to know when things are happening,” Pound said.
“It’s very important for the military to be able to plan based on effects rather
than on specific discrete capabilities.”
A typical app that a network defender might use is Netstat,
he added, which would give an operator network statistics of a host in their
“That would be a discrete app that an [information technology]
person today would know how to use, but trying to scale that knowledge across
6,000 new Cyber Command personnel isn't really sustainable,” Pound said. “So we
say, ‘This is the functionality the specific tool provides. These are the
command-line arguments to make it work. Let's abstract that complexity and call
it an app and, better yet, let's let the cyber planner talk about it in terms of
effects rather than talking about it in discrete terms.’”
Then the operators take those abstracted effects and use them
to plan courses of action to defend their networks, Pound said, noting that the
original tools aren’t gone -- they’re still available for sophisticated Plan X
Finding a Data Model
Pound says a data model for cyber allows Plan X engineers to
rigorously define terminology and objects in cyberspace, for example, an
Internet protocol address, a media access control address, a network interface
or a piece of software.
When he and his engineers began thinking about building a
data model, Pound said, the prospect looked monumental, because so many things
had to be defined, and in the proper way. So they looked at existing data models
and found one called CybOX, for Cyber Observable Expressions.
Mitre Corporation, a federally funded research and
development center, developed the model using standards called STIX and TAXII
that Mitre helped develop to allow sharing of cyber threat information. The
effort stemmed from a 2015 executive order to promote private-sector
cybersecurity information sharing, Pound said.
“We made use of that data model on Plan X, because it was so
rich,” he added, “and we've augmented the data model with military
decision-making objects to support the full scope of what Plan X is trying to
do. We were able to plug that right in and use it very effectively -- a big win
Not everyone has adopted the standards, he said, but because
Plan X is adopting them it might prompt others -- commercially and in DoD -- to
Building Courses of Action
Another win for the Plan X team is a planned construction
model that allows operators to build courses of action visually and graphically.
“We were heavily influenced by training capabilities that
came out of Google Silicon Valley. One of them is called Scratch, and it is a
visual programming language that's centered on blocks.” Rather than having to
know a text-based programming language, he explained, the programmer uses blocks
of commands that can be stacked on top of each other.
The language is conditional, he said – “if this happens, then
do this,” expressed with a block. “And if I want to do something 10 times, the
loop is expressed in a block shaped like a sideways U,” Pound said. “If I want
to do something 10 times, I grab this sideways U and put something inside it,
and [the U] does the thing 10 times. That’s been huge.”
He added, “Once again we’re abstracting very nuanced,
esoteric concepts into formats that are easy to understand for a broad range of
folks. We figured this out through a lot of iteration and back and forth with
our military partners.”
The graphic nature of the programming, Pound said, is how a
military planner would build a course of action -- visually. That course of
action could become an app that could be saved in the Plan X app store, then
future operators could pull it out of the app store and change the parameters
for their specific application.
“It's taken us a long time to get here,” Pound said, “and
we've worked super hard to make this programming model and abstraction, and to
do it in a visual way so the battle space is the main focus.”
Plan X, he said, will be transitioned to DoD and U.S. Cyber
Command in 2017.
(Follow Cheryl Pellerin on Twitter: @PellerinDoDNews)
Related Biographies :
Related Links :
Special Report: Defense Department Science and Technology