DARPA releases formal solicitation for HACMS cyber security initiative for military vetronics

Computer scientists at the U.S. Defense Advanced Research Projects Agency (DARPA) in Arlington, Va., released a formal solicitation (DARPA-BAA-12-21) to industry Thursday for the agency's High-Assurance Cyber Military Systems (HACMS) program to safeguard civil and military embedded systems in vehicle electronics from hackers, computer viruses, and other cyber malware.
Earlier in the week, DARPA conducted its first industry briefings on the HACMS military cyber security program, which aims to develop a set of publicly available tools to help build embedded computing for high-assurance military vehicles with onboard networked military embedded systems that are able to resist efforts by hackers to attack and damage vetronics computers remotely while hiding the effects from monitors.
Although the HACMS program initially aims at embedded computing systems on military vehicles, DARPA officials say the tools and techniques the program develops may be applicable to other kinds of embedded systems, which in some circles are referred to as "cyber-physical" systems.
Improving cyber security for embedded systems is of the highest importance, DARPA officials say. In 2008, for example, there were about 30 embedded processors per person in developed countries, and in 2009, 98 percent of microprocessors were in embedded systems. Such systems range from large SCADA systems that manage physical infrastructure to medical devices such as pacemakers and insulin pumps, to computer peripherals such as printers and routers, to communication devices such as cell phones and radios, to vehicles such as airplanes and satellites.

Read more: http://www.militaryaerospace.com/articles/2012/02/darpa-releases-formal-solicitation-for-hacms-cyber-security-initiative-for-military-vetronics.html

SCADA Systems in Railways Vulnerable to Attack Government officials initially believed railway signal disruptions in December were tied to a cyber-attack against a Northwest rail company in December, Nextgov reported. But government and railway officials later denied that a U.S. railroad had actually been hit by a cyber-attack. "There was no targeted computer-based attack on a railroad," said Holly Arthur, a spokeswoman for the Association of American Railroads. While an attack has been ruled out, the incident highlights the dangers of industrial control systems controlling critical infrastructure. Train service on the unnamed railway was "slowed for a short while" and schedules delayed for 15 minutes on Dec. 1, according to a Transportation Security Administration memo obtained by Nextgov. A "second event" occurred just before rush hour the next day, but it did not affect schedules, according to the Dec. 20 memo, which summarized the agency's outreach efforts to share threat intelligence with the transportation sector. "Amtrak and the freight rails needed to have context regarding their information technical centers," the memo said, adding that rail operators were not focused on cyber-threats.