The Pentagon’s way-out researchers don’t just want to build an Internet simulator, to test out cyberwar tactics. They want the range’s operators to "realistically replicate human behavior and frailties," too.
Congress has ordered the Defense Advanced Research Projects Agency, or Darpa, to put together a National Cyber Range, as part of a massive (and massively secret) $30 billion, government-wide effort better prep for battle online. The project is now considered a top priority for the Agency. And to make sure the facility is as true-to-life as possible, Darpa wants the contractors running the Range to be able to "replicate realistic human behavior on nodes," a request for proposals, released today, reveals.
Specifically, the Agency wants to have its contractors:
• Provide robust technologies to emulate human behavior on all nodes of the range for testing all aspects of range behavior.
• Replicants will produce realistic chain of events between many users without explicit scripting behavior.
• Replicants must be capable of implementing multiple user roles similar to roles found on operational networks.
• Replicant behavior will change as the network environment changes, as the replicated “outside environment” (i.e. DoD DefCon, InfoCon, execution of war plans, etc) changes, and as network activity changes
(detected attacks, degradation of services, etc).
• Replicants will simulate physical interaction with device peripherals, such as keyboard and mice.
• Replicants will drive all common applications on a desktop environments.
• Replicants will interact with authenticate systems, including but not limited to DoD authentication systems (common access cards – CAC), identity tokens.
These mock people have to be able to "demonstrate human-level behavior on 80 percent of all events," the Agency adds. And mimicking us flesh-and-blood types is only one of a wide array of tasks Darpa wants to see operators of the National Cyber Range, or NCR, pull off.
The facility should also feature a "realistic, sophisticated, nation-state quality offensive and defensive opposition forces" that can fight military info-warriors in mock combat. Contractors have to be ready to create 10,000-node tests from government-provided "network diagrams and configuration files" in less than two hours. And those nodes can’t just be computers tied into a faux Internet. The NCR’s operators should be able to "integrate, replicate, or simulate" military satellite and digital radio communications, mobile ad-hoc networks, physical access control systems, U.S. and foreign "unmanned aerial vehicles, weapons, [and]radar systems" — even "cyber cafes" and "personal digital assistances [sic]."
Darpa is moving fast on the project, its first since the dawn of the space age that comes from a direct order from Congress. Although there’s no money in the Agency’s budget for the NCR — yet — Darpa has already begun reaching out to potential contractors. Proposals for the Range are due on June 30.
UPDATE: "Darpa tried something like this before when it was running Admiral John Poindexter’s future terrorism spotting project,
Total Information Awareness," our brothers-in-blogdom over at Threat Level note. "They created an entire world of fake people buying and selling fake things, calling their fake friends and visiting fake dentists who filled fake cavities. They called it Vanilla World. Threat Level tried to get information on
Vanilla World via a Freedom of Information Act request in 2003, but five years later, Darpa is still illegally withholding the information."