4 Sept 2012

Darpa Looks to Protect Drones From Hack Attacks

Cybersecurity, as interpreted by the Pentagon’s premiere researcher, isn’t just about protecting data networks. It’s about making the military’s killer drones, subs and trucks hacker-proof as well, Darpa revealed on Monday.
The usual picture of cyberattacks involves hackers — maybe sponsored by a government — trying to penetrate a data network. But Darpa’s Kathleen Fisher told the agency’s first-ever Cyber Colloqium, a gathering that seeks to enlist hackers’ ideas, that this conception is too narrow. Think of all the software that goes into a vehicle, for instance the software that controls your car’s anti-lock braking system, could be just as buggy as Windows. Better still, think of all the software that helps keep the U.S.’ fleet of deadly flying robots in the air. (Some of the computers in those drones’ cockpits really do run Windows.) Now remember how Danger Room broke the story last month of the computer virus that infected those drone cockpits, and the vulnerabilities become clearer.
Fisher’s trying to stop those kinds of attacks. Traditional security methods, like anti-virus scanning, can’t solve the problem, because they focus on known families of vulnerabilities. Brand new angles of attack render those defenses useless. So do clueless users, who gets themselves pwned while trying to play Mafia Wars or open up that email promising male enhancement. And the problem gets harder when considering the vulnerabilities in hardware, like the drones themselves. (Counterfeit microchips, anyone?) “You probably can’t just reboot your car as you’re speeding down the highway,” Fisher told the colloquium.
Her answer is mostly a non-answer, like many on display at the colloquium. As one of Darpa’s program managers, she has an effort devoted to creating “high-assurance” systems — effectively, to stop the drones or their software from getting infected. How she’ll do it is unclear: she invited the nearly 700 people in the Renaissance Arlington Capitol View hotel to tell her how.

http://www.wired.com/dangerroom/2011/11/darpa-cybersecurity-drones/