April 28, 2016
Networked computers are embedded in seemingly everything these days, from household appliances and televisions to medical devices and automobiles. But this proliferation of internet-enabled products comes with a caveat, says Hertz Fellow Kathleen Fisher; they’re all vulnerable to attack.
"It's taking a long time for the people who make those devices to really realize that they’re making computers that can be hacked,” Fisher said. “Now, those hacks are not just stealing information or disrupting something in an electronic space, they can cause physical harm in the real world, so it’s upping the ante a little bit.”
A computer science professor at Tufts University in Massachusetts, Fisher spent three years tackling cybersecurity as a program manager for DARPA (Defense Advanced Research Projects Agency), where she started and ran the High-Assurance Cyber Military Systems (HACMS) program. The program is aimed at creating tools and techniques based on mathematics to create software for vehicles (cars, drones and quadcopters) without many of the vulnerabilities that hackers often exploit.
After first proving it was possible for professional hackers to remotely take control of the vehicles, HACMS researchers used formal methods-based tools to produce code from the ground up, along with proofs, to develop a system so state-of-the-art that the expert hackers couldn’t defeat it.
At the end of the first phase, a “red team” of hackers with full access to the source code and complete knowledge of how the vehicles’ systems worked were unable to break into the system or disrupt it in any way. In the second phase, aircraft manufacturer Boeing used the system to build a version of an autonomous helicopter that the red team wasn’t able to break into.
“DARPA was extremely excited about the results because it’s the first known example of using high assurance techniques to build a system with the kind of complexity that DARPA cares about and have hackers not be able to break in,” Fisher said.
Fisher hopes the results and the continuing HACMS program starts a “virtuous cycle,” beginning with the military requiring its suppliers to build high-assurance systems to win contracts, eventually trickling down to private industry. However, because such systems take more time and expertise, Fisher said, most software makers don’t see the market for it yet.
The tide may be turning though, as consumers become increasingly more concerned about the security of internet-connected automobiles. A 2015 Wired magazine article describing how hackers were able to remotely hijack the controls of a Jeep Cherokee caused a public outcry over the vulnerability of network-enabled cars, and led to a recall by Chrysler of more than one million of its vehicles.
While Fisher believes automakers need to be more proactive about cybersecurity, she fears that claims of better security by car manufacturers might backfire, leading consumers to decide against buying new cars altogether, or paint targets for hackers on the backs of certain carmakers. Barring an industry-wide sea change, Fisher said it’s likely going to take state and federal regulators or insurance companies to force the issue.
“That’s the tragedy here,” Fisher said. “We can see all the havoc that bad security and desktop computers have caused. The ‘let’s wait until it’s really a problem’ mentality just doesn’t work very well.”
“Dr. Fisher’s work has definitely called attention to the general problem of security for embedded computing,” said Dr. Randy Garrett, a DARPA Program Manager who served concurrently with Dr. Fisher. “We have seen a dramatic growth in interest from major industrial control system manufacturers. The energy system is particularly concerned about cyber terrorism because of the potential for wide spread economic and physical damage. For performance and cost-savings reasons, systems that were once completely isolated from the Internet now have numerous connections for maintenance, upgrades, and monitoring. In addition, these systems have migrated to consumer-based operating systems and programming languages. This migration dramatically increased the number of people who could create, maintain, and upgrade industrial controls systems, but has also made the software vulnerable to many of the same attacks previously targeted against consumer computers and networks.”
Fisher, who has a background in programming languages, obtained her bachelor’s degree in math and computational science from Stanford University and was named a Hertz Foundation Fellow in 1994. After completing her PhD at Stanford, Fisher served on the technical staff of AT&T Labs Research, where she worked for 15 years.
Fisher is currently a member of DARPA’s Information Science and Technology (ISAT) study group and is focusing her research as a full-time professor at Tufts on generating domain-specific programming languages.
To contact Hertz Fellow Kathleen Fisher regarding her research: firstname.lastname@example.org