DARPA’s Cyber Antidote

The Defense Advanced Research Projects Agency is known for creating breakthrough technologies to support the government’s national security efforts.

Some innovations are more far-out than others, but then there are DARPA programs that demand your attention, especially when the Defense Department’s Armed with Science blog notes that these revolutionary programs will “stop hackers in their digital tracks,” “teach computers to think and learn,” and “make the future more exciting, and more innovative, than ever before.”

Time will tell. As Armed with Science reports, here are the four big things DARPA is doing to ensure network protection and information security.

1. High-Assurance Cyber Military Systems (HACMS): It’s pronounced Hack’ems. DARPA says the HACMS program will develop technology that results in the construction of high-assurance military systems, such as unmanned vehicles, weapons systems and satellites, and that benefits commercial software communities.

   HACMS technologies include verification tools and systems that can be used to build safe computers that are functionally correct and satisfy appropriate safety and security requirements. DARPA is talking about securing not only personal computers but also microprocessors that are embedded in smartphones, wearable devices, and systems that run energy, power and transportation systems.

   “But even if HACMS is successful in making safe computers, not everything is going to be made with that technology,” the blog notes. “How they’re going to scale that system up to computers is admittedly not clear yet. The next step in the plan, however, involves computer antivirus.”

2. Cyber Grand Challenge: Cybersecurity analysts today are at a disadvantage because of the length of time it takes first to report a software vulnerability and then to deploy widespread patches. One of DARPA’s contributions to tackling this problem is its new Cyber Grand Challenge. The competition aims to create automated systems that can evaluate software, test for vulnerabilities, generate security patches and apply them to protected computers on a network in real time.

   “The Cyber Grand Challenge, set to formally launch in early June, will offer $9 million in prize money as an enticement for teams of experts to create systems that can automatically scan computer software for security vulnerabilities without human intervention,” according to Federal News Radio.

   DARPA says the challenge will emulate Capture the Flag, a competition for top hackers at the annual DEF CON event in Las Vegas.

3. Computer Individuality: The Armed with Science blog doesn’t explain exactly how DARPA will achieve what the writer calls computer individuality, but here’s the question the agency hopes to answer: “What if you could make every computer different?” These differences wouldn’t affect applications, such as Microsoft Office, that IT departments manage on thousands of devices; instead, each computer would be different at the low level where attackers come in.

   “If every computer was different — distinctive — it would make attacks much harder to accomplish on a broad scale,” the blog points out. “The attacker would, essentially, need a special attack for every computer.”

4. Revolutionize Data Encryption: DARPA has a program called the Programming Computation on Encrypted Data, or PROCEED, that seeks to “make computation on encrypted data practical,” according to the agency. “If successful, PROCEED could fundamentally change how computations are made in untrusted environments. Potential implications for security of cloud-computing architectures are significant.”

   Currently, encrypted data are first decrypted before any computation work is done. “Research has shown that while computation on encrypted data is theoretically possible, that computation slows by nearly 10 orders of magnitude, making it infeasible,” DARPA explains.