Posted by John Keller

ARLINGTON, Va., 26 Feb. 2012. Computer scientists at the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., released a formal solicitation (DARPA-BAA-12-21) to industry Thursday for the agency's High-Assurance Cyber Military Systems (HACMS) program to safeguard civil and military embedded systems in vehicle electronics from hackers, computer viruses, and other cyber malware.

Earlier in the week, DARPA conducted its first industry briefings on the HACMS military cyber security program, which aims to develop a set of publicly available tools to help build embedded computing for high-assurance military vehicles with onboard networked military embedded systems that are able to resist efforts by hackers to attack and damage vetronics computers remotely while hiding the effects from monitors.

Although the HACMS program initially aims at embedded computing systems on military vehicles, DARPA officials say the tools and techniques the program develops may be applicable to other kinds of embedded systems, which in some circles are referred to as "cyber-physical" systems.

Improving cyber security for embedded systems is of the highest importance, DARPA officials say. In 2008, for example, there were about 30 embedded processors per person in developed countries, and in 2009, 98 percent of microprocessors were in embedded systems. Such systems range from large SCADA systems that manage physical infrastructure to medical devices such as pacemakers and insulin pumps, to computer peripherals such as printers and routers, to communication devices such as cell phones and radios, to vehicles such as airplanes and satellites.

Networked, embedded systems are vulnerable to remote attack, DARPA officials point out. Exploits have resulted in the theft of water (Gignac Canal System in France), the release of raw sewage (Maroochy Shire Sewage plant in Australia), the delivery of incorrect dosages of insulin, printers catching on fire, interference with a Landsat-7 earth observation satellite, and computer viruses infecting the ground-control systems of the Predator and Reaper unmanned aerial vehicles (UAVs), DARPA officials say.

The HACMS program aims to integrate publicly available tools into a high-assurance software workbench, which will be widely distributed to commercial and defense software developers. HACMS will use these tools to generate an open-source, high-assurance operating system and control system, and then use these components to build high-assurance military vehicles that are invulnerable to hacker attack.

Developing this kind of cyber security technology for military vehicles will require a fundamentally different approach from what the software community has done so far, DARPA officials explain. HACMS seeks to enable semi-automated code synthesis from executable, formal specifications, as well as produce machine-checkable proof that the code is secure.

HACMS has five parts: synthesizer, formal specifications, verified libraries, proven code, and diagnostic information. Key HACMS technologies will include interactive software synthesis systems, verification tools such as theorem provers and model checkers, and specification languages. DARPA officials say they anticipate making several awards for the program.

Companies interested in bidding on the DARPA HACMS vetronics cyber security program should respond initially no later than 10 April 2012, and finally no later than 10 July 2012 by e-mail at HACMS@darpa.mil.

For questions or concerns contact DARPA's HACMS program manager, HACMS@darpa.mil, by e-mail at HACMS@darpa.mil. More information is online at https://www.fbo.gov/spg/ODA/DARPA/CMO/DARPA-BAA-12-21/listing.html.