Calling all independent security researchers: The government wants to fund your work.
As part of a new initiative, called Cyber Fast Track, described Thursday at the Black Hat conference in Las Vegas, the U.S. Defense Department will fund small hacker groups and independent researchers in the development of cutting-edge solutions that can be created in short intervals for a low cost.
The program is the brainchild of Peiter Zatko, a respected hacker known as “Mudge,” who last February took on the role of program manager at the Defense Advanced Research Projects Agency (DARPA), the Defense Department's central research organization.
“Small groups of motivated and like-minded researchers have repeatedly shown talent and capability,” Zatko said in his keynote speech. “I want the people out there doing the cool research work.”
The program aims to make it easier for independent researchers to obtain government funding for cybersecurity projects, he said. Historically, federal security funding has been awarded to large contractors that often have whole teams dedicated to crafting proposals. Under the current system, it is difficult for an independent researcher to be awarded funding due to the time and cost of the application process alone.
“Welcome to the new DARPA,” Zatko said.
The program, in development for the past eight months, will fund between 20 and 100 projects each year, addressing a range of cybersecurity issues, Zatko said. Those who are chosen to participate can retain their own intellectual property.
While security solutions are growing larger and more complicated than ever, most malware today is still small and efficient, Zatko said. A typical unified threat management solution, for example, is made up of 10 million lines of code, while the average piece of malware contains just 125.
With millions of lines of code, today's security solutions may actually be introducing more vulnerabilities, Zatko said. Moreover, adding layers of security on top of each other is further increasing the attack surface. Security researchers must now consider the “unintended consequences” of current defense efforts, he added.
Zatko's talk was well received by those in attendance.
“Most inspiring talk here,” Scott Crawford, research director at consultancy Enterprise Management Associates, tweeted after the session. “[Cyber Fast Track] could take some of the asymmetry out of the security status quo.”