Building a cybersecurity lab.

• Author: Jean, Grace V.
• Position: INSIDE SCIENCE + TECHNOLOGY

Shortly before the Russian military drove tanks into the restive region of South Ossetia last year, a cyber-attack hit neighboring Georgia, knocking government and news organization websites offline for days. In January, a similar digital assault paralyzed Kyrgyzstan's main Internet service providers.

Cyber-attacks have become more prevalent around the world and defending against them has become harder and harder, experts say. The U.S. government's computers, too, have become a target. They have attracted tens of thousands of onslaughts in recent years. U.S. Central Command networks in November were hit by an electronic attack thought to have Russian origins.

In an effort to beef up the country's defenses in cyberspace, the Comprehensive National Cybersecurity Initiative, established last year by the Bush administration, seeks to reduce network vulnerabilities, protect against intrusions and anticipate future threats.

As part of the initiative, the Defense Advanced Research Projects Agency has awarded $30 million in contracts to spur the development of a facility where researchers and scientists can test their latest cybersecurity technologies.

[ILLUSTRATION OMITTED]

Ultimately, the "national cyberrange" will be a hybrid of a Consumer Reports-type testing laboratory and the Army's National Training Center, says program manager Michael VanPutte.

"We want the national cyberrange to do for cyber what the National Training Center did for the Army and the Department of Defense in joint war fighting," the retired Army colonel says.

A researcher, for example, might have a new network protocol that he wants to try out. Network protocols are the rules that a network uses in order to communicate. The scientist could install the protocol on the national cyberrange and run it through realistic threat scenarios to assess the network's security.

There are a number of existing test beds that provide some of the capabilities that DARPA is asking for, but none has the scale of automation or sophistication that scientists need, VanPutte says.

"To really understand the attacker, we need an environment where we can set up a large-scale defense, let the attackers go, watch it and measure, and then make changes in the environment and see if that helps or hinders security," says VanPutte. "The cyberrange will give us that laboratory to see how we can improve security."

Setting up a sterile environment to test cybertechnologies presently is a laborious...