It seems that the Defense Advanced Research Project Agency (DARPA) has decided that drastic measures are needed to address the Defense Department’s cyber needs, both offensive and defensive. The decision is clearly the right one; it is simply amazing that in the face of ever-growing cyberattacks, it has taken them so long to articulate it.

DARPA, the organization that championed the idea of the Internet, is now discussing the need for an entirely new system capable of developing and implementing offensive abilities as well as defenses to protect critical U.S. systems from assault. It is reaching out to a wide group of potential partners, including universities and the private sector, and calling the effort “Plan X.” Dramatic names and whispers from conspiracy types aside, this effort should go forward.

The emergence of the Flame virus across the Middle East and some European countries has once again highlighted the need for better defensive and offensive cyber capabilities. The highly complex piece of malware is 40 times the size of the already complex and elegant StuxNet cyberworm (Flame is 20 megabytes versus StuxNet’s 0.5 megabytes). The latter was highly specialized and targeted, while Flame appears to be more versatile, because its makers (still unknown) can use it for a variety of actions, including reconnaissance and data collection, and can turn it off and on at will. While the Flame virus is not really a weapon, since it does not interfere with or harm cyber systems, it is the most sophisticated example of spyware anyone has ever seen. This type of program will only become more difficult to detect and stop.

Details of “Plan X” aside, it is encouraging to see a concerted effort by the U.S. government to improve defensive and offensive cyber capabilities. Though such an effort is long overdue, it is better late than never.