Situated behind a mall and next to an open pit of a construction site, the northern Virginia headquarters of DARPA, the military’s most forward-looking appendage, aren’t so much nondescript as they are deliberately non-assuming–a shrine to technological triumph glistening like the infinite offices of suburbia. Inside, I joined a dozen or so other reporters for a meeting with DARPA director Arati Prabhakar and Steve Walker, DARPA’s deputy director. We were invited here to discuss a very elaborate game of guesswork: what threats will emerge in the future, and what investments now can protect against them?
While specifically geared toward the needs of defense, much of what DARPA creates ends up in civilian use. Perhaps the best known project is the one that lets you read this: the original internet, ARPANET, was a DARPA project. As Prabhakar quips, DARPA is the kind of place where “if you don’t invent the internet, you get a B.”
The internet, and the computing and data revolution that accompanied it, have proven themselves tremendously powerful engines of the modern world. This is overwhelmingly a good thing, with an accompanying, nagging, almost intractable problem: as more data is generated and collected each year, it’s a bigger and bigger area to try and secure from attackers. As Prabhakar put it, “the attack surface grows and grows.”
It is, to use a clumsy metaphor, like a king who builds a library, and then builds a moat around it. Moats, towers, and guards can keep it safe, allowing only the king to carry books in or out. The internet, instead, gives us thousands upon thousands of libraries, with people freely adding and copying books and traveling between libraries. At any moment, someone could submit a book that spontaneously combusts, or a book that, when opened, locks the librarians out until they pay a ransom. It is perhaps no wonder that this week the Director of National Intelligence James Clapper named the internet of things the greatest threat facing America today.
So how is DARPA trying to fix this? Prabhakar and Walker repeatedly stressed that perfect security is impossible: there is no unhackable code. But that doesn’t mean we can’t make less hackable code. For that, DARPA has the High-Assurance Cyber Military Systems project, or (HACMS). (It’s pronounced hack-ems. DARPA is the world leader in turning puns into weapons.) The project builds code from the ground up, using mathematical proofs for security. From its official description:
That’s… not terribly clear. “This is not my deep area of expertise,” Prabhakar prefaced her explanation to the room, “but [former HACMS program leader] John Launchbury describes it like mathematics. One might calculate right triangles and find that a2 + b2 seems to = c2 over and over again, and after a while you could prove a theorem that that’s true. You’d actually always know that you have a right triangle, that a right triangle is unhackable because you can’t make c2 not equal a2 + b2. It’s that kind of mathematical proof that’s captured in the code.
After the project launched and the team found a kernel of useful code, they put it on a drone and had a team of hackers try to break into it. They couldn’t. Then they put the code on a small attack helicopter, modified to fly unmanned. For that, they gave the hired hackers access to not just the source code, but even the code for a sensor on the camera. Despite getting into the camera system, the hackers were unable to break the code and get into the main systems of the helicopter.
HACMS continues, and is hardly a single answer to threats that come through code. When asked, Prabhakar denied that it was hack-proof, instead saying that HACMS is “not unhackable completely. There are certain obvious pathways for attackers that have all been shut down in a way that’s mathematically proven to be unhackable for those pathways.”