Hackers Called to Look for Hardware Vulnerabilities

This post is also available in: עברית (Hebrew)

About 70 percent of all cyberattacks are due to hardware vulnerabilities. The US Defense Advanced Research Projects Agency (DARPA) has developed a new generation hardware technology and wants ethical hackers to try to break into it before it goes public. Hackers are offered cash prizes for any flaws they find.

The new technology is expected to make voting machines, medical databases and other critical digital systems far more secure against hackers. The new technology is based on re-engineering hardware, such as computer chips and circuits, so that the typical methods hackers use to undermine the software that runs on them become impossible. That’s far different from the standard approach to cybersecurity, in which tech companies release a never-ending stream of software patches every time bad guys discover a new bug.  

DARPA Microsystems Technology Office Program Manager Keith Rebello told washingtonpost.com that the biggest ticket item is a voter registration database. State and federal election officials have identified such systems as one of the greatest vulnerabilities if hackers from Russia or elsewhere try to undermine the 2020 election. If DARPA can prove its version of the database is far tougher to hack, that could be a game-changer, allowing officials to be far more confident about election security. 

Another model for the bug bounty is a medical database containing research into the novel coronavirus — information that FBI and Department of Homeland Security officials say is being targeted by Chinese hackers. 

The program, which is officially called System Security Integration Through Hardware and Firmware, or SSITH, started in 2017 and will run for another year. 

The secure hardware is funded by DARPA but is being built by researchers and academics at places like Lockheed Martin, the University of Michigan and the Massachusetts Institute of Technology. Rebello is hopeful it will start being integrated into some commercially available computer chips in the next two to four years.