The US military uses countless commodity IT products, such as printers, PCs, and mobile phones. These devices’ components are often built overseas and delivered to the military with little oversight, creating a significant risk of exploitable vulnerabilities. Under DARPA’s VET program, we developed the HAMLET tool to address this risk. The HAMLET tool analyzes potential vulnerabilities in firmware and other low-level software in IT products to objectively quantify the risks. HAMLET then uses this quantification to create highly optimized test plans to rule out risk as efficiently as possible. Cyber analysts can use HAMLET’s objective risk assessments to prioritize their analysis, or to guide tabletop exercises.
“Military IT products are vulnerable to adversary cyberattacks; it’s a known industry problem with no easy answer,” said Dr. Terry Patten, Principal Investigator on HAMLET. “However, our HAMLET tool helps quantify risks objectively. Our current research into security assessments will be invaluable for the military.”
Learn more in our HAMLET case study.