DARPA hires two trusted computing companies to devise cyber security for network botnet attacks
ARLINGTON, Va. – U.S. military trusted computing researchers are looking to two U.S. cyber security companies to find ways to identify and eliminate botnet, large-scale malware, and other cyber security threats from compromised military devices and networks.
Officials of the U.S. Defense Advanced Research Projects Agency (DARPA) this week announced contracts to Sotera Defense Solutions Inc. in Herndon, Va., and to Aarno Labs LLC in Cambridge, Mass., for the Harnessing Autonomy for Countering Cyber-adversary Systems (HACCS) program.
HACCS seeks the ability to find and eliminate sophisticated cyber security threats in a scalable, timely, safe, and reliable manner, while maintaining privacy and other legal safeguards -- even if the owners of botnet-conscripted networks are unaware of the infection and are not participating in neutralization.
Sotera won a $7.3 DARPA HACCS contract on Thursday, and Aarno Labs won a $6.5 million HACCS contract on Monday. In the HACCS program, Sotera and Aarno Labs will investigate creating safe and reliable autonomous agents to counter various types of malicious botnet implants and similar large-scale malware.
The companies will develop the techniques and software necessary to measure the accuracy of identifying botnet-infected networks, the accuracy of identifying the type of devices residing in a network, and the stability of potential access vectors.
Sotera and Aarno Labs also will measure the effectiveness of denying, degrading, and disrupting botnets and individual botnet implants without affecting the systems and networks where they reside.
Malicious actors can penetrate and use with impunity large numbers of devices owned and operated by third parties, DARPA officials say. Such collections of compromised devices, commonly referred to as botnets, are used for criminal, espionage, and computer network attack purposes -- sometimes all three.
Recent examples of botnets and self-propagating malcode include Mirai, Hidden Cobra, WannaCry, and Petya/NotPetya. The scale of their potential and actualized effects make such malware a national security threat. Yet improving the security posture of U.S. military networks alone is insufficient to counter such threats, DARPA officials say. Current incident response methods are too resource- and time-consuming to address the problem at scale.
Active defense methods are insufficiently precise and predictable in their behavior, posing a risk that the “fix” may cause processing issues or other side effects. This is where the HACCS program comes in.
HACCS contractors Sotera and Aarno Labs will identify and fingerprint not only botnet-conscripted networks to determine the presence of botnet implants, but also the number and types of devices present on said networks, and the software services running on these devices.
The companies will generate non-disruptive software exploits for many known vulnerabilities that could establish initial presence in each botnet-conscripted network without affecting legitimate system functionality.
In addition, the companies will create software agents that autonomously navigate within botnet-conscripted networks, identify botnet implants, and neutralize them or otherwise curtail their ability to operate, while minimizing network side effects.
Ready to make a purchase? Search the Military & Aerospace Electronics Buyer's Guide for companies, new products, press releases, and videos