DARPA attempting the impossible: Self-simulation for defense training

Although this news item first broke several weeks ago, I have been awaiting public analysis regarding its impracticability.  Bereft of criticism, I will provide my own.

The Internet began as a "store-and-forward" packet switching network, connecting computers via Interface Message Processors.  In 1969, the first interconnected network, ARPANET, allowed communication between the first four nodes located at UCLA, Stanford, UCSB and University of Utah.  When the project was acquired by the Department of Defense in 1975, it became known as DARPANET (Defense Advanced Research Projects Network). 

Ironically, the organization seen as one of the creators of the internet, DARPA is now undertaking the task of defending against its threats.  With an estimated price tag of $30 billion, the National Cyber Range (NCR) project aims to create a virtual environment where the Defense Department can prepare for online warfare.  The cyber range project hopes to create a digital Metaverse, with enough detail to "replicate realistic human behavior and frailties", for cyberwar simulation. 

DARPA has issued the NCR's program description and objectives:

  • Conduct unbiased, quantitative and qualitative assessment of information assurance and survivability tools in a representative network environment.
  • Replicate complex, large-scale, heterogeneous networks and users in current and future Department of Defense (DoD) weapon systems and operations.
  • Enable multiple, independent, simultaneous experiments on the same infrastructure.
  • Enable realistic testing of Internet/Global-Information-Grid (GIG) scale research.
  • Develop and deploy revolutionary cyber testing capabilities.
  • Enable the use of the scientific method for rigorous cyber testing.

DARPA is soliciting research proposals for the engineering and development of the National Cyber Range.  Proposals must be submitted by 4:00 pm (EST) on June 30, 2008.   If you think you may have the spare time for this simple endeavor, find out where to send your napkin sketches here.

Interestingly, this project poses the unique situation of technology replicating itself.  The efficacy of training environments improves with its accuracy to mirror interaction with the physical world.  Typically, the reproduction of physical systems is accomplished using advanced computer technology.  However, providing a simulation of the Internet creates an instance where real and training mediums are the same. Particularly, a sophisticated architecture of network and computer systems would be used to create a large, but contained, infrastructure of complex interconnected networks.   (Imagine the philosophical problems in circular logic if these systems became interconnected.)  The similarities of real and simulated environments are so close that one might think: Couldn't one learn from interactions with the real world?  Is this project really necessary?    

Well...I did... and was also curious if anyone else noticed any problems with this initiative.

Firstly, the estimated cost of $30 billion dollars seems a little excessive for anything short of "Project Death Star" (which is unlikely due to our current treaty with the Rebel Alliance).  For this amount of money they could forego the simulation and actually recreate the physical infrastructure of the internet.  How much would it cost to create a second life for digital combat?  Don't we already have these in the form MMORPGs?

The application and development platform required for this project would be of considerable magnitude.  The trouble shooting, maintenance, compatibility and support issues would involve a tremendous amount of resources.  Although, it's attempted creation would probably provide some good training in application development and network infrastructure support.   

Assuming that creating this "matrix for the military" posed no obstacle, its execution will ultimately fall short of its goal.  There are several fundamentally flawed aspects of design that will lead to its failure.  As quickly as Virtual Reality (VR) became a buzzword and techno-fad of the late 80's and early 90's, it vanished like a blade of mainstream media grass, chopped off by The Lawnmower Man.  To date, virtualized training environments have had limited growth, largely due to its historically poor benefit-cost ratio.

Simulation training using virtual technologies has proved useful in specific areas of medicine, transportation, and athletics.  The commonality of use in these disciplines is the integration of human interaction with physical tasks, and the subsequent development of situation specific psychomotor skills.  For example, this has been well documented in areas of surgical training and flight simulation.  A user's actions result in physical feedback, allowing neurocognitive refinement to minimize adversity and improve outcomes.

When applied to pure psychological and intellectual tasks, the results are inconclusive.  Psychological benefits of emulation environments are primarily limited to improving familiarity with cognitive tasks, providing interface training, and assisting with closed-box decision making.  Although, when applied to open scenarios with seemingly inconsistent and unpredictable results, as seen in the real world, the feedback generated often lacks meaningful data for the user.  It's not that the results of a user's actions aren't relevant, but without the context of knowing which variables changed, how they changed and how significant the change, in response to an action, the resulting data is useless.  In fact, a good example of this problem would be demonstrated with attempting to use a replicated "Internet" for training purposes.

Simulation environments further lack several important psychological components present in real world tasks.  Pressured situations which normally produce emotional stress are extremely difficult to reproduce.  The fact that a user is consciously aware that their environment is only a virtual reproduction essentially removes the psychological and emotional variables present with real world performance.

Significant work has been performed by both government and private sectors.  The DoD's Defense Modeling and Simulation Office (DMSO), and the Army's close combat tactical trainer (CCTT) are examples of military initiatives. Probabilistic and agent-based simulation training, distributed interactive simulations, applications of advanced game-theory, multi-dimensional arrays of behavioral and cognitive variables and the incorporation of psychological, organizational and social behavior theory have improved many human simulation algorithms.  However, mathematical advances in individual and group behavior modeling are still far from creating an intelligent adversary.  Most importantly, the powerful digital opponents of today are multi-step strategic thinkers, with a creatively brilliant aptitude for exploiting vulnerabilities in computer systems -the hacker mentality. 

In addition, attempts at an "Internet" reproduction could only produce its state at a specific time, given a specific set of variables.  Correlating to the real world, these variables are time-dependant.  Attempts at gathering data for updated time states would grossly lag behind any type of real-time updates.  However, one could initialize these variables at a time-zero state and let them evolve independent of real-world internet changes.  An accurate modeling of subsequent cyber threats would require the implementation of complex AI algorithms, individually unique to each virtual identity.  Furthermore, running sophisticated predictive analysis engines, using past malware evolution data, would be required to simulate internet trend behavior to update system state changes.  However, the accuracy of these predicted trends would be inadequate at best.  While history may always repeat itself, technology (the Internet) always moves forward.

In the end, the underlying necessity of this project is an impossibility-the simulation of true human behavior.  If this was possible, and one could accurately know and predict online behavior, the acceleration of these calculations would border the lines of predeterminism and precognition.  This type of "sci-fi success" would render the creation of the NCR unnecessary, since it would create the ability to anticipate, know, and adequately prepare for all future cyber attacks.

Unless "The Matrix" was a documentary, this is just not going to happen any time soon.

So what should DARPA do?   Give the contract to Nintendo to fund the NCR development as a future Wii game.

Send your simulated comments to: greyhat@computer.org

Copyright © 2008 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022