CybersecurityMaking network-connected systems less vulnerable

Published 25 January 2018

The rise of network-connected systems that are becoming embedded seemingly everywhere–from industrial control systems to aircraft avionics–is opening up a host of rich technical capabilities in deployed systems. Even so, as the collective technology project underlying this massive deployment of connectivity unfolds, more consumer, industrial, and military players are turning to inexpensive, commodity off-the-shelf (COTS) devices with general-purpose designs applicable for a range of functionalities and deployment options. While less costly and more flexible, commodity components are inherently less secure than the single-purpose, custom devices they are replacing. DARPA says it trains its sights on the expansive attack surface of commodity off-the-shelf devices.

The rise of network-connected systems that are becoming embedded seemingly everywhere–from industrial control systems to aircraft avionics–is opening up a host of rich technical capabilities in deployed systems. Even so, as the collective technology project underlying this massive deployment of connectivity unfolds, more consumer, industrial, and military players are turning to inexpensive, commodity off-the-shelf (COTS) devices with general-purpose designs applicable for a range of functionalities and deployment options. While less costly and more flexible, commodity components are inherently less secure than the single-purpose, custom devices they are replacing.

“With commodity devices, software and configuration settings now govern behaviors that were physically impossible in special-purpose hardware, creating security risks and increasing system vulnerability,” said Jacob Torrey, program manager in DARPA’s Information Innovation Office (I2O). “Certain functionality built into COTS components may not be necessary for all users or applications, and unwanted functionality can be hard to detect and turned-off. For instance, an unneeded maintenance or diagnostic service left enabled could create an opportunity for an attacker to circumvent other security controls and use the system’s as-deployed functionality to generate a malicious effect. This opaqueness is creating challenges for system operators who must rely on component configurations to reduce attack surfaces created by unnecessary functionality.”

DARPA says that to address the challenges created by the proliferation of COTS devices and help harden the security surface of network-connected composed systems, DARPA has launched a new program called Configuration Security (ConSec). The program, just announced today, aims to develop a system to automatically generate, deploy, and manage inherently more secure configurations of components and subsystems for use in military platforms.

“Through ConSec we hope to gain a better understanding of the available functionality across COTS devices and what’s needed for the task at hand and then use system configurations to create the functionality that’s actually required while minimizing the excess that can be used as an attack surface,” said Torrey. “While our objective is to build this capability for military platforms, there is the potential for the program to have broader applications for commercial and industrial systems as well.”

Prospective performers are tasked with finding ways to automate the traditionally more manual process of system configuration. To tackle this feat, the program is divided into two technical areas. The first area focuses on reducing the amount of human-in-the-loop time required to understand what capabilities a system needs to deliver across different operating environments, the functionality required to achieve its mission in each operating environment, and the possible component configurations needed to create the desired functionality. “Consider, for example, a naval vessel. Its functionality when at sea is likely different than what’s required of it while at port, or in dry-dock undergoing maintenance,” said Torrey. “Our aim is to automate the process of identifying these different operating environments, the system’s expected functionality in each scenario, and the components needed to make it all happen, which is currently a manual, labor intensive process.”

To accomplish this, DARPA is asking researchers to develop models and functional specifications of systems based on human-friendly information formats–such as checklists, operating manuals, and other written human standard operating procedures (SOPs)–as well as an analysis of the system’s underlying components’ hardware and firmware. Input from these analyses should help determine how settings in a component’s configuration space might impact its functionality, how the behavior of human operators impacts system behavior, and what operational and mission contexts pertain for the full, composed system.

The ConSec program’s second technical area focuses on uncovering component configurations that will enable the composed system to achieve its mission under different, relevant operational contexts. Here proposers are asked to leverage the models and functional specifications that emerge from work in the first technical area to find ways of identifying secure configurations that eliminate unused and unnecessary functionality as a way to shrink the system’s vulnerabilities to attack. “Essentially we’re asking potential performers to determine how to take all of the best pieces and functionality and combine them to fulfill the requirements of a high-level composed system while turning off all of the things we don’t need,” said Torrey.

Torrey expects that the program will roll out in three phases over the next three-and-a-half years. The deadline for proposals for the ConSec program is 8 February 2018. Additional details about the program can be found via the DARPA Broad Agency Announcement, found here.