Summary
A strong, lethal military demands cutting-edge and resilient software to power every weapon and support system our U.S. warfighters depend on.
However, the Department of Defense’s (DOD) reliance on aging IT infrastructure, which utilizes security policies developed over the past 30 years, creates inherent vulnerabilities in its systems, ranging from legacy architectures to advanced weapon systems.
Meanwhile, threat actors are actively exploiting these vulnerabilities, targeting critical infrastructure, stealing sensitive military code, and reengineering sensitive systems to compromise national security.
In response, we have been developing powerful tools leveraging formal methods—a mathematically rigorous approach to software development that helps eliminate exploitable vulnerabilities before software is deployed.
Rather than testing software for vulnerabilities after it’s been built, formal methods use mathematical proofs to verify software behavior as it’s developed. This approach ensures software performs exactly as intended, making it inherently more secure.
Many of our formal methods tools have already transitioned to military services for further development and operational deployment. However, comprehensive cyber resilience requires urgent, broad adoption across the DOD.
We’re partnering with each of the services via its Resilient Software Systems Capstone program to address this pressing need. The Capstone program comprises jointly funded projects on operational platforms aimed at assessing critical findings, including the level of resiliency, cost, time, and level of expertise required to adopt various formal methods capabilities.
Each project will run for approximately 24 months. Objectives include:
- Achieving inherently more secure software
- Accelerating the Authority to Operate (ATO) process
- Streamlining software development and testing
- Developing a “Best Practices Guide” to support broad adoption
The goal of the Capstone program is to fund the transition of DARPA-developed Resilient Software System tools to U.S. military services. Ultimately, by providing organizations within the DOD and defense industrial base a template, we anticipate that the Best Practices Guide will help jumpstart their efforts to incorporate resilient software tools into their platforms and development pipelines.
Resilient Software Systems Accelerator
We’re exploring additional pathways to support the transition of these critical tools, including the establishment of a Resilient Software Systems Accelerator.
The Accelerator incentivizes formal methods tool developers to partner with defense contractors by providing seed funding for projects like the Capstone efforts, but smaller in scope.
DARPA funding will support multiple 18-month projects that include an initial red team assessment of the DOD system vulnerabilities, the application of the formal methods tool(s), and a follow-on assessment to measure impact and level of effort.
Conclusions from the efficacy of the tool would be incorporated into the Best Practices Guide.