A U.S. military agency is researching a plan to move cybersecurity beyond the software “patch and pray” technique to a system that would actually stop viruses and hack attacks, says a new report in Joseph Farah’s G2 Bulletin.
It’s the new System Security Integrated Through Hardware and Firmware program under development by the Defense Advanced Research Projects Agency.
“Security for electronic systems has been left up to software until now,” said Linton Salmon of the federal agency’s Microsystems Technology Office, “but the overall confidence in this approach is summed up in the sardonic description of this standard practice as ‘patch and pray.’”
Salmon said the “race against ever more clever cyberintruders is never going to end if we keep designing our systems around gullible hardware that can be fooled in countless ways by software.”
Hacking has been in headlines over the last year, notably with the email scandal that rocked Hillary Clinton’s campaign.
For the ordinary citizen, computer viruses can bring abrupt collapse of their computers, potentially revealing their private information and at a minimum, costs for repair or replacement of damaged units.
The agency said the SSITH program will complement other software security efforts such as DARPA’s High Assurance Cyber Military Systems, as well as the Cyber Grand Challenge.
“Any software patch to a hardware-based security flaw – whether it is in a personal computer or a corporate or government information-technology system – merely salves a symptom without addressing the underlying hardware vulnerability,” DARPA said.
Left untouched, that same hardware weakness remains vulnerable to follow-on software-based breaches that members of the clever club might devise, the agency said.
“To break this cycle and thwart both today’s and tomorrow’s software attacks, the SSITH program challenges researchers to design security directly at the hardware architecture level. Instead of relying on software Band-Aids to hardware-based security issues, we are aiming to remove those hardware vulnerabilities in ways that will disarm a large proportion of today’s software attacks.”
For the rest of this report, and more, please go to Joseph Farah’s G2 Bulletin.