Project End : August 2016 Status : Active Phase : Awarded - Supply and Installation Sector : IT / Telecom Facility type : IT Software Value : $2.4 million Scope : Protecting commodity IT devices such as printers and phones from cyber attacks. This Broad Agency Announcement contract is part of DARPA s Vetting Commodity IT Software and Firmware (VET) program. The US military uses a large number of IT products, such as printers, scanners, networking devices, PCs, and mobile phones. These devices are built from multiple components that are often built overseas with limited oversight and then shipped to the US. This supply chain provides multiple opportunities for adversaries to insert hidden malicious functionality. VET seeks to address this vulnerability by supporting a Comprehensive National Cybersecurity Initiative from the White House that named a multi-pronged approach for global supply chain risk management as a key national security goal. As part of VET, Charles River is developing a program called How to Avoid Malice Using Linguistics-Inspired Exploit Testing, or HAMLET. HAMLET identifies the potential vulnerabilities that could be exploited or inserted by an adversary and develops effective testing plans to detect these vulnerabilities. HAMLET applies advanced analysis techniques adapted from the field of linguistics, an innovative approach to the problem of vulnerability identification and adversary detection. By developing revolutionary new technologies that analyze the firmware and software in device components, HAMLET aims to drastically reduce the vulnerabilities of IT devices by providing a clear benefit to both military and civilian users of these devices. HAMLET builds on previous Charles River contracts with DARPA, such as the Cyber Genome program. DARPA created the Cyber Genome program to combat the growing threat of cyber attacks on US resources. As part of the program, Charles River developed Malware Analysis and Attribution using Genetic Information, or MAAGI. MAAGI combines ideas and techniques from biological evolution, reverse software engineering, and linguistics to rapidly identify the source and intent of new malware attacks. Latest event : July 2014 Charles River Analytics Awarded $2.4 Million DARPA Contract to Protect Against Malicious Firmware.
Project completion date : 2016-08-31 12:00:00
Major organization : DEFENSE ADVANCED RESEARCH PROJECTS AGENCY (DARPA)
Address : 675 North Randolph Street Arlington, VA 22203-2114 http://www.darpa.mil/
Country :United States
Financier address : Contractor : Charles River Analytics 625 Mt. Auburn St. Cambridge, MA 02138 USA Tel: (617) 491-3474 Fax: (617) 868-0780 Website : www.cra.com