The Army has awarded the Raytheon Company a $3.1 million contract to develop a computer defense technology that constantly changes a network’s characteristics to confuse attackers.
The Morphing Network Assets to Restrict Adversarial Reconnaissance (MORPHINATOR) program is applying a process known as cyber maneuvering to rearrange key network characteristics such as IP addresses, service ports and operating software to prevent intruders from getting a good look at it.
A key goal of MORPHINATOR is to move away from traditional passive network defense to something that keeps potential attackers at bay in real time, Jack Donnelly, director of trusted network systems for Raytheon’s Network Centric Systems division told Breaking Gov in an interview.
Describing how MORPHINATOR and cyber maneuvering works, Donnelly said to imagine a burglar sneaking into a house at night. Besides being completely dark inside, the burglar must deal with the furniture and rooms rearranging themselves at random intervals, foiling any attempts to map the place. “Running into a program like that would be pretty formidable,” he said.
The work on MORPHINATOR focuses on three areas: changing IP addresses and service ports; using prototype technologies to create a misleading view of the network to outside observers, what Donnelly refers to as “false advertising”; and dynamically altering the configuration of network assets by changing areas such as software configuration stacks and applications such as randomly swapping email servers. The challenge for the program developers will be to build protocols that allow network administrators to keep track of all of these changes, because each of these areas has its own effects, he said.
Donnelly noted that some aspects of managing a MORPHINATOR-based network probably won’t be too difficult to handle because it is now possible to easily create virtual environments and track their changes through the use of hypervisors. Hypervisors are software programs that allow many types of operating systems and programs to run simultaneously on a computer or in a network environment.
Another major consideration for the program is the ability to trace each change and to ensure that any new upgrades are properly accredited. Traceability and accreditation are two very important security considerations for any software system in the Defense Department, Donnelly said. In addition to keeping track of software, the system also must be cost-effective to manage and operate. “As long as those requirements are maintained, they [the Army] have a viable capability going forward,” he added.
The technology builds on more than three years of previous dynamic network security research by Raytheon, Donnelly said. He noted that the company already has a viable technology capable of randomly reconfiguring certain network capabilities, such as software and applications. It is just a question of combining all of the desired functions into a prototype before moving it into a simulation and testing environment, he said.
MORPHINATOR is part of ongoing Army efforts to develop and potentially field a network defense technology. It is managed by the Space and Terrestrial Communications Directorate of the Army Communications, Electronics, Research, Development and Engineering Center (CERDEC) in Aberdeen, Maryland.