recently has research shown that auto-
mobiles can be co-opted through their
computer-controlled systems. The pro-
gram’s goal is to produce high-assur-
ance software for military unmanned
vehicles and then enable its transfer to
industry for commercial uses.
The Defense Advanced Research
Projects Agency (DARPA) program is
known as High-Assurance Cyber Mili-
tary Systems, or HACMS. Kathleen
Fisher, HACMS program manager, says
the program is aiming to produce soft-
ware that is “functionally correct and
satisfying safety and security policies.
“It’s not just that you’re proving the
absence of a particular bad property
from the security perspective,” she explains. “You’re actually
positively proving that the software has the correct behavior.”
Fisher points out that with unmanned systems, an attacker
can reach the relevant software remotely. Until a few years
ago, cyber-physical systems such as automobiles had their
own built-in security because they were not networked. But,
automobiles increasingly are likely to have network connec-
The ArduCopter, which uses easily available software code, is
serving as a testbed for high-assurance software development.
Researchers already have replaced half of its code, which is
sufficient for operators to fly the vehicle using only the new code.
POW E R MOBILE DEVICESVIA MILITARY BATTERY
Lind’s 2590 SMBUS Battery Cables are designed to interface with BB-2590 batteries† with or without the SMBUS. These cables are also compatible with other-xx90militarybatteries. ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; including: • 12Vor24Voperation • With or without on-board charge nable • Withor without SMBUSconnections • Various cable lengths and types available • On-boarddiodeisolationavailable † NOTE: BB-2590 military battery not included
To learn more about how Lind’s 2590
SMBUS Battery Cables can meet
;;;;; ;;;;;;; ;;;;;; ;;;;;;; ;;;;;;;; ;;;;;
1.800.897.8994;; ;;;; ;;;;;;
email@example.com or visit
us online at
tions, especially those that automatically provide for emer-
gency response in the event of an accident. “The fact that
pretty much all of these systems are networked means that the
kind of vulnerabilities we’ve seen on desktop and traditional
computing systems for the past 20 to 30 years now carry over
directly to these kinds of cyber-physical systems, such as
vehicles,” she says.
Yet, that threat can be greater than the one inherent in com-
puters. These physical systems are connected kinetically to
the real world, so attackers can pose problems far beyond the
cyber domain. The vulnerabilities may be the same, but the
potential damage is far greater, Fisher points out.
HACMS began in August 2012, and it is slated to run in
three 18-month phases. Each phase will end with a penetration
testing assessment, along with a demonstration of the tools
that were developed and the high-assurance functionality. The
program goal is to increase the amount of software that can be
replaced in each phase, Fisher says.
Researchers are divided into two groups: an air vehicle
group and a ground vehicle group. The air group is organized
under Rockwell Collins as prime. Subcontractors include Boe-
ing, National Information and Communications Technology
Australia (NICTA), Galois and the University of Minnesota.
The ground team was assembled by DARPA from bidders
for individual elements. They include SRI; Hughes Research
Laboratory and General Motors; Kestrel; Carnegie Mellon
University; the University of Pennsylvania; and Princeton
along with Yale and the Massachusetts Institute of Technology.
Government participants include the U.S. Air Force; the
U.S. Army Tank, Automotive Research, Development and
Engineering Center (TARDEC); and the Department of
Fisher explains that the program is working with four
target platforms. The four vehicles were chosen to maximize
the results of the research, but they share the common char-
acteristic of potential vulnerability. Before developers began