Sophos Cloud Optix
Developing software that is totally impervious to hackers is arguably the holy grail of computer security and, until now, has perhaps been nothing more than a pipe dream.
Now, however, the Pentagon’s research arm – the Defense Advance Research Project Agency (DARPA) – has unveiled a new drone which it claims to have built with secure software that can prevent control and navigation of the aircraft by hackers.
High Assurance Cyber Military Systems (HACMS) is a newly-completed program that uses software to thwart cyber attacks, according to military blog Defense Tech.
Kathleen Fischer, HACMS program manager for DARPA, told the website that the technology behind the program has been in development for several years, adding that:
The software is designed to make sure a hacker cannot take over control of a UAS. The software is mathematically proven to be invulnerable to large classes of attack.
The mathematically-assured software utilised by the drone fared well when tested by DARPA experts who were unable to remotely break in even after 18 months of testing, leading them to conclude that the unmanned aerial system (UAS) is the most secure on the planet.
DARPA officials explained the need for more secure software, highlighting how current drones and other military aircraft face many risks, especially when connected to each other over networks, with Dr. Fischer saying that:
Many things have computers inside and those computers are networked to talk to other things.
Whenever you have that situation, you have the possibility for remote vulnerabilities where somebody can use the network connection to take over and get the device to do what the attacker wants instead of what the owner wants.
The Pentagon believes the new technology, which was developed at the University of California, San Diego and the University of Washington, can also be applied to larger platforms and already plans to implement the software in Boeing’s Unmanned Little Bird helicopter.
Despite such bold claims about HACMS, the news will likely not cause too many problems for the Fox Broadcasting Company and its continuing 24: Live Another Day TV series.
The storyline, which pits ex-CTU agent Jack Bauer against a terrorist in control of unmanned drones, seemingly still has some merit as DARPA does not appear to be entirely convinced that its new software is actually hacker-proof.
The agency recently announced its Cyber Grand Challenge, which will launch in June this year. The competition will offer a total prize fund of $9 million as it:
...seeks to create automatic defensive systems capable of reasoning about flaws, formulating patches and deploying them on a network in real time. By acting at machine speed and scale, these technologies may someday overturn today’s attacker-dominated status quo.
So, until the competition unearths something a little more robust, DARPA’s hack-proof claims may appear to be somewhat presumptuous and could, perhaps, be filed alongside the comments made by the Vice-President of the White Star Line who famously said that “We place absolute confidence in the Titanic. We believe the boat is unsinkable,” even as reports of its collision with an iceberg reached New York.
Furthermore, one can only wonder what hackers may think when they see statements that suggest something is “hack-proof”.
Image of drone and The Pentagon courtesy of Shutterstock.
DARPA did not claim that the drone is “hack-proof” Dr. Fischer said “… invulnerable to large classes of attack.” Your source translated that into “… invulnerable to cyber attack.” These statements are not equal.
Your source (military.com) doesn’t reveal its source so I don’t see a way to verify their report. I did a search and I see this article all over but all of those articles eventually get back to the one Defensetech article that you reference. They all use the same “hack-proof” claim and while they all include the comment from Dr. Fischer none of them seem to understand the difference. However, aside from one comment on Defensetech that refers to a digital iceberg you are the only one that takes a logic leap and connects drone software with the Titanic.
I’m glad I wasn’t the only one who noticed that 🙂
However, “invulnerable to large classes of attack” is itself a bit disingenuous — resistant would have been a better word choice. Just like you can slap a “water proof” sticker on the side of the titanic, but that won’t prevent it from sinking via unforeseen twists on a known danger.
You can’t link this to the titanic – it may not be hack proof entirely (I certainly agree with this disjunct between comment and interpretation) but mathematical proof considers all possibilities of a known type of attack – if you take this back to the water proofing analogy, it means that it is water proof, no matter how deep it dives or how hard it hits an iceberg.
One CANNOT prove that a system CANNOT be compromised, since this involves the proving of a negative – this is universally accepted as far as I can tell, and anyone unaware of this fact shoudl consider exactly how much time & money they’ve wasted on their mathematics education.
“…invulnerable to large classes of attack”
Not only is this mathematically incorrect, it is grammatically so.
It seems that abject desperation to create some good news in the defense sphere is leading to some embarrassing lapses of judgement.
I look forward to seeing this in the talks at non-US security cionferences this year…
Challenge accepted.
Hack PROOF? On a computer?
Clearly nobody with a degree in Math analyzed those statements. It is simply not possible to “prove” something like this operating against a computer, no matter how powerful your tools are.
There are some math concepts that can be proven via computer, but not the other way around. Math requires an infinite number of possibilities be attempted, so it’s simply not possible to “prove” a hack is impenetrable.
For the 2nd time in as many weeks I get to use one of my favorite lines, “Enigma cannot be cracked.” Yet it was cracked by some geniuses, using a computer made of wood.
The software for this drone is open and available at smaccmpilot.org
Are the drones really called “Hack ’ems” — High Assurance Cyber Military Systems (HACMS)