DARPA - Tech to Protect the Internet of Things

DARPA Wants to Make the Internet of Things Power Efficient. 

The Pentagon's emerging technology agency wants to know what a device's thermal output shows about potential cyber-intrusions.

The Defense Advanced Research Projects Agency's Information Innovation Office plans to award tens of millions of dollars, $36 million for the first phase, for technology that could monitor devices in the Internet of Things (a term that could connote anything from high-tech washing machines to sensors in industrial factories.)

The DARPA program, called "Leveraging the Analog Domain for Security," intends to examine involuntary emissions from devices -- electromagnetic, acoustic, thermal, as well as power fluctuations -- to determine the software running on the device. Those indicators could also tell researchers which functions the device is executing or which part of its memory it's accessing, an announcement said.

This monitoring system could be a separate device, a component within the device being monitored or an external component. The end goal, according to DARPA, is "algorithms, tools and devices for mapping analog emissions of digital devices."

While desktop computers and servers have many layers of protection including hardware and software defense, these security systems often can't be applied to "mission-specific devices" and devices with embedded computing chips because of "computational cost, complexity, or other system requirements," the announcement said. 
"Attackers have repeatedly demonstrated the ability to pierce protection boundaries," taking advantage of the fact that security systems are often within the same computing unit as the rest of a compromised device's software, according to DARPA. 

Interested teams should explain their plans to navigate the tradeoff between the monitoring system's accuracy and distance from the device being monitored, and also describe if the technology can operate even in a noisy environment, among other factors.
The program has three phases -- the first two are 18 months each, and the final is 12 months. Initial proposals are due by November.

The widespread use of connected devices "requires the exploration and development of new cybersecurity capabilities that are conducive to these devices’ limitations," the announcement said. 

NextGov:

 

« AI - Reshaping the Workplace
'Hackers for Hire'- Major Police Effort To Fight Criminal Gangs. »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Maryman & Associates

Maryman & Associates

Maryman & Associates are specialists in computer forensic investigations, incident response and e-discovery services.

Australian Signals Directorate (ASD)

Australian Signals Directorate (ASD)

The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defence.

Radar Cyber Security

Radar Cyber Security

Radar Cyber Security is the only European supplier of Managed Detection & Response who provides its services based on inhouse developed technology.

EverC

EverC

EverC (formerly EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

CyberStream

CyberStream

CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.

Security BSides

Security BSides

Security BSides is the first grass roots, DIY, open security conference in the world!. BSides is a community-driven framework for building events for and by information security community members.

IP Twins

IP Twins

IP Twins offer a wide range of services related to domain names and online brand protection.

SAIFE

SAIFE

SAIFE has adapted a Software Defined Perimeter approach and paired it with a Zero Trust model that defines access by the user, their device, and where they are located.

DataExpert Singapore

DataExpert Singapore

DataExpert Singapore provide solutions and services in the areas of Digital Forensics, Data Recovery, Data Duplication, Data Degaussing & Wiping, Data Destruction, and IT Disposal.

Stronger International

Stronger International

Stronger International provides expert cyber services and training to organizations and individuals to enhance IT and security knowledge.

CyBourn

CyBourn

Cybourn's diverse offerings include engineering, analysis, product development, assessment, and advisory services in the cybersecurity space.

Aquia

Aquia

Aquia are on a mission to enable innovation and drive transformative change to solve the world’s most pressing and complex cybersecurity challenges.

C2 Risk

C2 Risk

C2 Risk are focussed on risk analytics for information assurance, privacy and ESG (Environmental, Social, and Governance).

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

ThreatDown

ThreatDown

ThreatDown, powered by Malwarebytes, is on a mission to overpower threats and empower IT by removing the complexity of detecting and stopping today’s most advanced threats.

Systems Engineering

Systems Engineering

Systems Engineering is a SOC 2, Type 2-certified IT strategy and managed technology services provider.