Air Force takes ownership of DARPA cyber warfare program

By Sara Sirota  / August 2, 2019

A Defense Advanced Research Projects Agency program that laid the foundation for planning and execution of cyber operations is now being transitioned to the Air Force.

In a partnership between DOD's Strategic Capabilities Office and the Air Force Research Lab, DARPA's plan X program will be rebranded as project IKE -- which now aims to scale and operationalize the capabilities developed during five years of work with the research agency.

IKE will leverage artificial intelligence to recommend courses of action for defensive cyber operations, according to Chris Greamo, president of Two Six Labs, which won a $95 million contract for the project. Formerly named Invincea Labs, the company was one of the contractors that worked with DARPA on plan X.

The original program sought to address the problems faced by cyber operators who couldn’t use existing planning tools intended for kinetic operations.

"We can't leverage the models that we used previously because cyber is so fast-moving, fast-changing," Jeff Karrels, Vice President of Two Six Labs' Cyber and Electronic Systems group, explained in an interview with Inside Defense.

Plan X created the first common operating picture for warfighters in cyberspace, with a particular focus on workflow, according to DOD's website. For users who lacked technical expertise, the program's engineers turned new tools into apps that performed effects and would be used to plan courses of action.

Now, IKE has a "new focus on increasing the precision, time, and scalability of the cyber operator workflows," Greamo said.

It will make recommendations as airmen draw up a response to a possible cyberattack. Greamo described some of the questions operators ask in their planning process.

"When do I send a team physically to a location to go identify maybe an intrusion that may be occurring or suspected to be occurring? What tools do I give them? When do I send them? When do I get their reports back? Developing a course of action that puts all those things together is a very time-consuming process from a physical planning process," he said.

IKE's model will use AI and machine learning to make recommendations by leveraging the lessons of past missions, and it will improve over time by ingesting new information.

"Every time we execute a mission, we should update our knowledge base and make our recommendations even better. More missions we execute, the better we should get," Greamo said.

Karrels explained IKE is working much more intimately with actual warfighters than typical DOD development programs, saying, "AFRL and SCO are very forward-leaning in the word operations. . . . This isn't the normal program of record . . . where we spend five years developing something and then throw it over the wall. This is something where were tightly integrated in with the warfighter."

He added, "We're hand-in-hand and day-by-day working with both the research lab and the capabilities office as well as the warfighter and . . . staying in that agile loop of always putting something in the hands of somebody to make a test case to say, is this right or wrong? And if it's wrong, cool, then we learn something and we modify."

Karrels said on a daily basis, Two Six Labs has between nine and 12 personnel embedded with the Air Force as part of this program. They function as liaisons with the company’s development staff.

He also noted the strong interest from SCO in the program, saying the office "is really trying to help change the way that cyber is being conducted within our country, so they’re helping recognize the problem that United States Cyber Command has with managing its forces, executing operations, both of a defensive and offensive nature."

The IKE contract will conclude by July 2024, per a notice published Wednesday on DOD's website.