Officials of the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., issued a solicitation this week for the Configuration Security (ConSec) program to develop ways automatically to generate, deploy, and enforce configurations of components and subsystems for use in military platforms.
The DARPA ConSec program seeks to reduce the vulnerability of COTS components and subsystems in military applications to cyber attacks and other trusted computing issues.
The program will develop a system for the automatic generation, deployment, adapting, and enforcement of component and subsystem configurations for use on military platforms, DARPA officials say. These configuration sets should remedy system vulnerabilities to minimize unwanted cyber attack paths, while maintaining system functionality and performance.
DARPA researchers are looking for ways to help defense companies develop more secure trusted computing configurations by viewing each component’s configuration as an element in the system’s behavior and security. One aim of the project is find ways to enhance system security without requiring new software development or large hardware changes.
The growth in the number of Internet-of-Things (IoT) and network-connected systems like aircraft and critical-infrastructure today has led to unprecedented technical diversity in deployed systems, DARPA officials explain.
Unfortunately these kinds of connected systems create vast opportunities for cyber attacks, officials explain. These attacks can range from malware-infected home-use IoT devices able to large distributed denial-of-service (DDoS) attacks on internet infrastructure, to remote attacks on industrial control systems.
The growing use of generic COTS components and subsystems in military applications can make this threat even worse. The use of COTS has decreased platform diversity; where once a single-purpose custom device was necessary, now a cheap, general-purpose system can be used.
Trusted computing and security, however, have become secondary concerns in this shift from single-purpose custom-built to general-purpose, and software-defined components. Software logic and its configurations create a much more pliable cyber defense.
The vendors of these components have a strong incentive to ensure their products are as flexible and general-purpose as can be, so they can fit into a broad-spectrum of deployments. This can saddle the military system owner with the cost of reducing cyber attack paths through unneeded functionality.
Related: Trusted computing: it's not just cyber security anymore
ConSec will consist of three phases. The 15-month first phase will emphasize initial development of the tools and techniques necessary to ingest operational context information, configuration, human standard operating procedures, and to model the intended behavior of a system like a home network with building automation and IoT components, or a commercial vehicle.
The 15-month second phase will focus on securing systems like heavy industrial platforms or small industrial-control and supervisory control and data acquisition systems. The yearlong third phase will focus on augmenting secure configurations with run-time enforcement and system attestation. Two separate military systems will help with testing and demonstration.
Companies interested should submit abstracts no later than 22 Dec. 2017, and full proposals no later than 8 Feb. 2018 via the DARPA BAA Website at https://baa.darpa.mil.
Email questions or concerns to Jacob Torrey, the DARPA ConSec program manager, at [email protected].
More information is online at https://www.fbo.gov/spg/ODA/DARPA/CMO/HR001118S0010/listing.html.
Ready to make a purchase? Search the Military & Aerospace Electronics Buyer's Guide for companies, new products, press releases, and videos
