It is likely every security IT person's nightmare: the new mobile phone, network router or computer they just tied into the network actually has a secret backdoor that lets the malicious users or governments have unfettered access to the company's assets.
That sort of fear is behind a new program researchers at the Defense Advanced Research Projects Agency (DARPA) will discuss on December 12th known as the Vetting Commodity IT Software and Firmware (VET). VET will look to develop systems that can verify the security of commercial IT devices. IT's growing dependence on the global supply chain makes device, software and firmware security an imperative, DARPA stated.
IN THE NEWS: Gartner: Top 10 strategic technology trends for 2013
"Backdoors, malicious software and other vulnerabilities unknown to the user could enable an adversary to use a device to accomplish a variety of harmful objectives, including the exfiltration of sensitive data and the sabotage of critical operations. Determining the security of every device the Department of Defense uses in a timely fashion is beyond current capabilities," DARPA stated.
According to DARPA, VET will address three technical challenges:
- Define malice: Given a sample device, how can DoD analysts produce a prioritized checklist of software and firmware components to examine and broad classes of hidden malicious functionality to rule out?
- Confirm the absence of malice: Given a checklist of software and firmware components to examine and broad classes of hidden malicious functionality to rule out, how can DoD analysts demonstrate the absence of those broad classes of hidden malicious functionality?
- Examine equipment at scale: Given a means for DoD analysts to demonstrate the absence of broad classes of hidden malicious functionality in sample devices in the lab, how can this procedure scale to non-specialist technicians who must vet every individual new device used by the Department of Defense prior to deployment?
"DoD relies on millions of devices to bring network access and functionality to its users," said Tim Fraser, DARPA program manager in a statement. "Rigorously vetting software and firmware in each and every one of them is beyond our present capabilities, and the perception that this problem is simply unapproachable is widespread. The most significant output of the VET program will be a set of techniques, tools and demonstrations that will forever change this perception."
MORE: Gartner: 10 critical IT trends for the next five years
Follow Michael Cooney on Twitter: nwwlayer8 and on Facebook
Check out these other hot stories:
IRS needs bigger weapons to fight exploding identity theft-related tax refund fraud schemes
DEA issues extortion scam warning involving Internet drug buys
Sandia Lab celebrates original "Mr. Clean" the clean room inventor
Cyber Monday bust: US law enforcement joins in world-wide seizure of 132 domain names
NASA paint kills that new car smell, saves satellites too
DARPA wants army of networked amateur astronomers to watch sky for space junk
NASA fires-up experimental space Internet for robot control
Astronomers find Super Earth that could support life - 42 light years away
US Navy outfits destroyers with potential $30 million worth of Gigabit Ethernet
DARPA seeks smart camera would blend visible, infrared images into a single shot
NASA shifts vital computer tasks onboard long-running Mars Odyssey satellite