Software brittleness may harden embedded systems

Government Computer News

Legacy systems in the government are hard to secure against cyberattack, and that goes double for the embedded, real-time systems at the heart of the many control systems in advanced weapons, power plants and mission-critical infrastructure. Galois, a Portland, Ore.,-based secure software developer, has linked up with the Office of Naval Research under a three-year, […]

PERMALINK

With government cyber defense, sometimes it’s best to give up hope

Federal News Radio

What is the single best thing that military and civilian government agencies can do in their search for an all-in-one cybersecurity solution? Simple: Give up hope. As counterintuitive as that may sound, there is no magic bullet that will solve all our cybersecurity challenges. A sufficiently-motivated and capable adversary will get around our defenses, given […]

PERMALINK

Why next-gen vehicles should consider security from the start

StateScoop

Email was initially created without security in mind and we’ve paid for it ever since by continually bolting fixes onto it, said Isaac Potoczny-Jones, research lead at Galois. But the complexity of connected vehicle systems has created pushback on the issue of cybersecurity, he noted. “Innovative areas like this have a real challenge in baking nonfunctional requirements like cybersecurity into the basis of their systems,” Potoczny-Jones said. “But just because there’s no value today in attackers targeting these systems that there won’t be value tomorrow. We don’t know what we’re up against tomorrow. Things change. They will start to target these systems.”

PERMALINK

Air Force goes after cyber deception technology

Network World

Specifically, Galois will develop its Prattle system for the Air Force. Galois describes Prattle as a system that generates traffic that misleads an attacker that has penetrated a network: making them doubt what they have learned, or to cause them to make mistakes that increase their likelihood of being detected sooner.

PERMALINK

Loose lips may better Air Force security with ‘Prattle’

Federal News Radio

The Air Force is giving Galois a $750,000 grant to work on the program as part of a larger $100 million effort to expand cyber detection technologies. The funds will be used to take the program out of its prototype phase. “The idea is to try to fool the adversary about what’s going on in the world, so that they either make bad decisions they take longer or they are easier to detect,” said Adam Wick, research lead at Galois, the company contracted with the Air Force for the project.

PERMALINK

Crypto-Currency Software Emerges as Tool to Block Cyberattacks

Bloomberg

Paving the way for government use, DARPA has funded a handful of startups, such as Guardtime Federal and Galois Inc., to develop blockchain uses for secure communications, as well as potentially everything from weapons systems to files. The work should be completed within a year, Booher said. Some defense contractors are already demonstrating and deploying the blockchain, he said.

PERMALINK

Even the US military is looking at blockchain technology—to secure nuclear weapons

Quartz

If the verification goes well, it would inch DARPA closer to using some form of blockchain technology for the military, Booher says. “We’re certainly thinking through a lot of applications,” he says. “As Galois does its verification work and we understand at a deep level the security properties pf this [technology] then I would start to set up a series of meetings [with the rest of the agency] to start that dialog.”

PERMALINK

Computer Scientists Close In on Perfect, Hack-Proof Code

WIRED

When the project started, a “Red Team” of hackers could have taken over the helicopter almost as easily as it could break into your home Wi-Fi. But in the intervening months, engineers from the Defense Advanced Research Projects Agency had implemented a new kind of security mechanism—a software system that couldn’t be commandeered. Key parts of Little Bird’s computer system were unhackable with existing technology, its code as trustworthy as a mathematical proof. Even though the Red Team was given six weeks with the drone and more access to its computing network than genuine bad actors could ever expect to attain, they failed to crack Little Bird’s defenses.

PERMALINK