CHICAGO—DARPA wants to work with aviation MRO companies and the wider defense industry to implement a new software coding process that could eliminate most of the military’s cyber vulnerabilities, the agency’s director said April 10.
A series of DARPA programs since 2016 have demonstrated the reliability of the “formal methods” coding approach on quadcopters and other uncrewed aircraft systems (UAS) such as the Boeing Unmanned Little Bird, DARPA Director Stefanie Tompkins said in a keynote speech at the Military Aircraft Logistics and Maintenance Symposium here at Aviation Week's MRO Americas conference.
The agency also has been working on creating tools and training to implement the mathematical formal methods approach widely across government and industry.
“We are at the point now where we have convinced ourselves that enough of this is ready for real-world use,” Tompkins said.
The software coding approach has been transitioned to many independent offices in the Defense Department, generating “a lot” of evidence that it eliminates successful hacks and other cyber vulnerabilities, Tompkins said.
To be effective, however, formal methods need to be adopted as widely as possible.
“What we haven't figured out how to do quite well is to blanket the community with this because it's kind of like immunization, right? You need herd immunity,” Tompkins said.
The agency’s first High-Assurance Cyber Military Systems (HACMS) program launched in 2016 and quickly proved a coding approach that mathematically proves an absence of vulnerabilities that could be exploited by hackers.
“It's a way of writing software that is mathematically provably correct to only do what you told it to do,” Tompkins said. “No loopholes, no opportunities for someone to come in and actually trick it into doing something else.”
DARPA has exposed the coding approach at two different Def Con hacking conventions in 2016 and 2021, inviting the attendees to spend a week finding vulnerabilities.
If the coding approach spreads through the defense industrial base, up to 80%-90% of the Pentagon’s cyber vulnerabilities could be eliminated, she said.
“So just imagine what that does for you in what you don't have to worry about or how you can take your cyber talent to have it focused on the harder problems, and not just the patching and then the patching and praying and the running down of the random things that may or may not be dangerous—the amount of time we collectively waste,” Tompkins said.