Feature
July 2025
A self-healing system proof-of-concept for our hyper-connected world
16 seconds. That’s all it took for DARPA’s Small Business Innovation Research (SBIR), Cyber First Aid, to unhack a compromised medical device.
Imagine a future where your most critical systems – from life-saving medical devices to autonomous defense platforms – can instantly heal themselves from cyberattacks.
No more agonizing waits for patches, no more catastrophic downtime. This scenario isn't science fiction; it's now a reality as demonstrated by a small business, URSA Inc., through a DARPA Small Business Innovation Research (SBIR) program.
Today, our world runs on interconnected technology. From the precision of an insulin pump to the intelligence of an uncrewed vehicle, these systems are indispensable. Yet, these systems face a persistent and growing threat: cyber vulnerabilities.
When a critical device is compromised, the current reality involves a slow, reactive process of patching that can take months, even years. For a patient relying on a pacemaker, or a drone operating in a contested battlespace, such delays are unacceptable – often, they're fatal.
The question is no longer if a system will be attacked, but how fast can it recover.
How medical devices like pacemakers and insulin pumps can be hacked. Source: CBS News
The Urgency of Now: Why Seconds Matter
Consider a medical device, such as a pacemaker. If it's hacked, every second counts when a heart attack can become fatal within minutes. The conventional cybersecurity model, which relies on discovering vulnerabilities, developing patches, and then deploying them across vast fleets, simply doesn't meet this critical need for immediate resilience.
This urgent challenge is precisely what Program Manager Bernard McShea and the team at URSA set out to tackle with Cyber First Aid. Their goal: to enable systems to "unhack themselves" in mere seconds.
Cyber First Aid: A Paradigm Shift in Real-Time Defense
Supported by SBIR funding, URSA Inc. developed and validated a system capable of detecting a vulnerability, generating a fix, verifying its correctness, and implementing it on a running system – all in under 16 seconds.
As a proof of concept, Cyber First Aid used a pacemaker simulator running on a standard laptop to:
- Detect anomalies: Rapidly identified suspicious behavior indicating an attack.
- Generate patches with LLMs: Leveraged the latest advancements in Large Language Models (LLMs) to automatically create a patch for the identified vulnerability.
- Verify with formal methods: Employed rigorous formal methods to ensure the generated patch is not only effective but also safe and won't introduce new problems, meeting critical operational constraints.
- Implement in-memory: Applied the fix directly to the running system's memory, bypassing the need for time-consuming reboots or extensive downtime.
"This is an early technology readiness level (TRL) 3 proof of concept," said McShea. "But it unequivocally demonstrates the ability for systems to heal themselves. We're moving away from years of patching to seconds."
The 16-second threshold is crucial. It falls well within the useful envelope for critical interventions, offering a vital window of opportunity to prevent significant damage or loss of life. While the goal is milliseconds, this rapid response capability represents a leap forward.
Cyber First Aid automatically detected, developed assured micro patch, and installed on a running system in near real-time. Source: DARPA
Learning from the Front Lines: A Smarter Defense
What makes Cyber First Aid truly remarkable isn't just its speed, but its inherent intelligence. The system is designed to learn from every attack.
"When an attack happens, it means our initial assumptions about system behavior weren't complete," McShea notes. "Cyber First Aid doesn't just fix the immediate problem; it enables learning from that real-world experience. The missing logical structure or constraint that the vulnerability exposed can be discovered by analyzing the original and patch code."
This continuous learning loop means that each successful defense strengthens the system's underlying formal methods, making it more robust against future, even unknown, threats.
Beyond Medical: Securing the Defense Industrial Base
While the initial demonstration focused on medical devices, the implications for the defense industrial base are vast. Imagine autonomous vehicles, drones, or critical infrastructure systems that can detect and repair cyberattacks mid-mission, without human intervention or operational disruption.
"If a drone is attacked while flying, we don't want it to simply stop working," McShea emphasizes. "We need it to unhack itself and then bring back that knowledge to make the entire fleet better."
This technology can address the DoD's need for resilient, adaptive systems that can operate in contested cyber environments.
The SBIR Advantage: Powering Small Business Innovation
URSA’s success with Cyber First Aid is an example of the SBIR program's impact in action. Coordinated through DARPA's Small Business Programs Office (SBPO), SBIRs are a funding mechanism that empowers mission-driven, innovation-focused small businesses to conduct high-risk, high-reward research.
"SBPO provides us with pathways, such as SBIRs, to engage smaller companies and help accelerate their transformative ideas for national security," McShea explains. "Importantly, this bakes in transition planning and support, so that these organizations are equipped to succeed beyond their time with DARPA."
DARPA’s SBIR investments enabled URSA to address a complex problem at the intersection of machine learning, large language models, and formal methods, translating cutting-edge research into a tangible prototype with immense potential. It demonstrates how strategic government investment can empower agile innovators to deliver solutions to some of the nation's most pressing security challenges.
For companies in the defense industrial base and other critical sectors, Cyber First Aid represents a unique opportunity to integrate next-generation cybersecurity capabilities into their products and operations. The ability for systems to learn, adapt, and heal themselves in real-time is no longer a distant dream but a tangible innovation ready for collaboration and advancement.
Interested in learning more about Cyber First Aid, contact info@ursasecure.com.
You might also like
Stealth systems enhance defense
Advanced technologies reduce detection and improve survivability across multi-domain operations worldwide. | Learn more
Mosaic warfare drives flexibility
Modular systems work together to create adaptable, quick-response forces for today's complex battles. | Learn more
ARPANET, the internet's genesis
Packet-switching networks enabled resilient, distributed information sharing that transformed worldwide digital connectivity. | Learn more
Quantum sensing and computing
Establishing defense capabilities through ultra-precise sensing and revolutionary computational breakthroughs. | Learn more