“You probably know us best for the Internet,” said Dan Kaufman, Director of Information Innovation at DARPA; more recently and under his tenure, DARPA also came up with Siri. “Oh, we’re the worst marketing people in the world — my office did Siri, but when we had it, we called it ‘programming assistant that learns’ — PAL,” Kaufman explained at the Code Conference re/code. “To make it worse, because we don’t even understand our own acronyms, we called it ‘AL,’ because the ‘P’ is silent, I guess.”
Kaufman said he, like most everyone else, is really excited about the Internet of Things. But “if we don’t have a fundamental new cybersecurity approach to it, we are not going to enjoy this Internet of Things.”
He said to think about how “weird” our relationship is with a computer. “It is the only appliance we buy – for considerable amounts of money – that they give to us and it’s broken.” They tell you to take it home and immediately patch it. Whether it’s a Mac, PC or tablet, you might think, “I haven’t even taken it out of the box yet and it’s broken.” So you patch it and then think good deal now it’s fixed. But they tell you “no” before adding, “next Tuesday we’ll send you another patch.” This situation repeats until you find out your new device will “never be fixed.”
“I don’t know why we accept that,” Kaufman said. It’s “a little bit crazy,” especially when you think about the future and applying that logic to the Internet of Things. When we think cyber and security, we tend to think about PCs, but roughly “98% of microprocessors are embedded.” If you “think about it, everything in the world today has a computer: your phone, your TV, your insulin pump, all our weapons systems.”
“What is Patch Tuesday going to look like for the Internet of Things…for my refrigerator, and my TV and my car?” In Kaufman’s case, he also has to consider IoT and national security. He can’t imagine telling the Navy’s Seventh Fleet, “You have to come home on Tuesday because we have to patch you.”
Given the re/code presentation time restraints, Kaufman then outlined a few “big things” that DARPA is working on. But last week DARPA’s Information Innovation Office (I2O) showed off over 100 wild projects during DARPA Demo Day 2014, a science fair at the Pentagon. Those were broken down into four main categories: cyber, big data, language and warfighter apps. Although those are all worth looking into, and this link will download a list (pdf) with summaries from DARPA’s Demo Day, let’s stick with what Kaufman highlighted at re/code.
HACMS, pronounced as “hack ‘ems,” stands for High-assurance Cyber Military Systems; it’s aiming to make an “unhackable” system for the Internet of Things. Kaufman said there is no reason we should settle for the cycle of insecure devices, Patch Tuesdays and a nightmare Internet of Things scenario.
DARPA said of HACMS: “Such systems range from large supervisory control and data acquisition (SCADA) systems that manage physical infrastructure to medical devices such as pacemakers and insulin pumps, to computer peripherals such as printers and routers, to communication devices such as cell phones and radios, to vehicles such as airplanes and satellites.”
Although HACMS will be designed to make everything safe, not everything will be made with that technology. “Even if HACMS succeeds, creating software that can beat the best hackers in the world in real time is hard. Before you laugh, remember everyone laughed when we said a computer could beat a human at chess,” Kaufman said. “When we get good enough, a computer will beat all the hackers one day.”
Regarding DARPA’s Cyber Grand Challenge, he mentioned the Def Con security conference and the “capture the flag” (CTF) contest. If you don’t know, then it’s a competition among some of the very best hackers in the world. Kaufman said, “One day we imagine that we will enter a tournament like that and then hackers, too, will fall.”
Although sometimes the stuff DARPA dreams up is so crazy that it can scare the stuffing of you, if anyone can come up with a system that can beat any and all attackers, DARPA can. If there are any takers that want a piece of that action, do you suppose the computer will first ask, “Shall we play a game?”