Some of the most interesting pieces of our evolving national cybersecurity strategy are the offensive pieces, when we fight back. We are still left waiting, however, for DARPA to make an award on the Cyber Security Range (INPUT Opportunity #47845), our obstensible national proving ground for cyber warfare.
Interestingly, many in the blogosphere (check here, here, and here) are not so sure the Cyber Security Range is such a good idea. Spending a lot of money trying to build a model of the Internet (one blogger estimated $30 Billion, saying that they could rebuild the Internet for that cost) might not make as much sense as "training" on the real thing. Given the highly fluid nature of the threat and the tactics, they have a point. DARPA seems to be having trouble hiring or obtaining the type of talent they need for the Cyber range, leading netizens to point to the open source model. We're not sure DARPA will go for that. Cultural struggles like these show how truly different this national security effort is from prior challenges.
It would be nice if DARPA would structure things so that people who actually have great ideas could participate. Though there is a defined and credible path to answering the BAA I fear that it won't happen as industry enters with predetermined solicitations that are products rather than concepts.