The US military uses countless commodity IT products, such as printers, PCs, and mobile phones. These devices’ components are often built overseas and deliHvered to the military with little oversight, creating a significant risk of exploitable vulnerabilities.
Under DARPA’s VET program, Charles River Analytics developed the HAMLET tool to address this risk. The HAMLET tool analyzes potential vulnerabilities in firmware and other low-level software in IT products to objectively quantify the risks, the Cambridge, MA-based company announced November 5. HAMLET then uses this quantification to create highly optimized test plans to rule out risk as efficiently as possible. Cyber analysts can use HAMLET’s objective risk assessments to prioritize their analysis, or to guide tabletop exercises.
“Military IT products are vulnerable to adversary cyber attacks; it’s a known industry problem with no easy answer,” said Dr. Terry Patten, principal investigator on HAMLET. “However, our HAMLET tool helps quantify risks objectively. Our current research into security assessments will be invaluable for the military.”
Source: CRA
By Loren Blinde
November 7, 2018
