“The U.S. Department of Defense relies on equipment with components manufactured all over the world,” said Jack Marin, Ph.D., vice president for Cyber Security at Raytheon BBN Technologies. “Any backdoors, malicious code or other vulnerabilities hidden in those components could enable an adversary to do serious damage, including the exfiltration of sensitive data and the sabotage of critical operations.
According to Tim Teitelbaum, Ph.D., GrammaTech chief executive officer, the VET (Vetting Commodity IT Software and Firmware) program seeks to help U.S. government agencies address the threat of malicious code and hidden “backdoor” access in commodity IT devices.
“Mobile phones, network routers, computer workstations and other networked devices can be secretly modified to function in unintended ways or spy on users,” he said, and the companies have been tasked with developing tools and techniques to enable organizations to inspect the software and firmware that exist inside such network-enabled devices and protect them from attack.
Raytheon BBN Technologies plans to develop techniques that enable analysts to prioritize elements of software and firmware to examine for hidden malicious functionality. GrammaTech plans to develop the tools that actually examine the software and firmware to allow analysts to demonstrate that they do not have exploitable security vulnerabilities.