DARPA award targets autonomous cyber hardening technology

Business news | January 22, 2019

By Rich Pell

Automotive Development Kits Software & Embedded tools Boards & Embedded Cards Digital Signal Processing Wireless Communications Authentication & Encryption IoT

With the $8.4 million contract, the company will develop technology that rapidly and largely autonomously generates and deploys secure configurations to commercial off-the-shelf (COTS) equipment used in networked systems. Such systems, says the company, are everywhere – they provide automation in buildings, control industrial processes and power plants, and are a key component in modern automobiles.

These systems incorporate many general-purpose COTS components that must be configured appropriately for the larger system to meet its operational requirements. The configuration of such networked systems, however, is often done in an ad-hoc way, says the company, which may leave critical parameters in their factory settings, exposing unnecessary attack surfaces and weakening the system’s security.

“Seemingly benign minor configuration missteps, such as exposing unneeded services or keeping factory-set access credentials, can quickly add up to serious security breaches in complex networked systems, as the past has proven,” says Mark Hermeling, Senior Director of Product Marketing at GrammaTech, Inc. “This project is focused on reducing the chance of human error in the configuration of these systems.”

The company says it will combine its binary analysis technology with contributions from LGS Innovations (Herndon, VA), SRI International (Menlo Park, CA), and Assured Information Security (Rome, NY). The result is a set of tools that will analyze implementation, documentation, and other available artefacts of a system to generate and deploy a configuration that allows the system to meet its objectives while reducing attack surfaces and eliminating configuration-based vulnerabilities.

GrammaTech