This $9 million contract will enable the Systems Analysis and Exploitation (SAE) Team, along with teaming partners Cummins Incorporated, Colorado State University and GRIMM, to develop challenge problems and evaluate performer’s solutions to problems related to heavy-duty engine systems.

This contract is in support of the DARPA/I2O Assured Micropatching (AMP) program, which aims to develop solutions capable of rapidly producing and deploying embedded system security patches. AIS will seed vulnerabilities throughout embedded systems, guide other performers on the challenge of addressing them and verify successful patching. The goal of the other AMP program performers is to identify those vulnerabilities and patch them without replacing all of the software on the device.

Projected challenge problems and testbed development will focus on devices commonly used to support heavy-duty engine systems used in the trucking industry, marine, power generation and military ground vehicle systems. This is a focus area AIS is not only very interested in, but one in which we have the experience necessary to develop the required challenge problems. The devices we will be working with support automotive and heavy trucking. We’ll take a computer that can be inserted into a truck and drop a vulnerability into it. Then, we will verify that the solutions provided by the other performers address the vulnerability and do not impact the normal operation of the system.

While this initiative is focused on the target space of automotive and heavy trucks, the same engine controllers are also in use in military systems, expanding the application of our efforts to the government.

This is a direct result of AIS putting in the effort, learning the customer and the technology space, and building relationships. We cannot wait to get our hands dirty and work on the AMP program and start playing with trucks.

*The views, opinions, and/or findings expressed are those of the author(s) and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.

Approved for Public Release, Distribution Unlimited.

Throughout 2020, the Tech Council has continued to deliver on its purpose statement through the facilitation of communications amongst teams, contributions to research integrity and quality and sharing of lessons learned on the COVID-driven changes in workforce structure. These contributions are in the spirit of delivering excellence to our customers and supporting our teams that deliver that excellence daily. Our focus has been on three main points:

Cross-Team Communication Flows

Our regular meetings have shifted focus in 2020, with major topics including DevOps and development automation, technical brainstorming and continuous alignment of AIS’s unique business requirements with the compliance initiative. We’ve also been sharing lessons learned through COVID-19 and how we can successfully on-ramp and engage an almost entirely remote staff while staying highly responsive to our customers. Information sharing across our company is invaluable. Technical leaders from the Adaptive Systems Technology  and the Cross Domain Virtualization Solutions Teams collaborated on a lessons learned exchange with regards to effectively shaping our software development processes to our customer’s needs. As a result, the processes are continually evolving to be efficient, effective and agile.

Research Integrity and Product Quality

Internal research and development (IRaD) projects set direction for long-term initiatives and strategy areas, so making sound decisions is critical. Our feedback helps shape concepts and ideas that create our future programs and provide value to customers and stakeholders. In collaboration and close alignment with the AIS Chief Technology Officer, the Tech Council is actively involved in the IRaD proposal review process and a subset of members have contributed to strategy for projects in 2021 and beyond.

Facilitating New Research Opportunities

An initial down-select of government Small Business Innovation Research (SBIR) topics by the Tech Council and Business Development Department provides potential proposal teams a more focused selection of topics with clear alignment to AIS capabilities and future strategies. In 2020, we identified Tech Council representatives to sup-port the effort and had two rounds of filtering, reviewing more than 100 SBIR topics to allow potential AIS proposal authors to quickly review highly applicable topics before turning their attention to the broader list.

Looking Ahead

In 2021, the Tech Council is looking forward to staying true to its purpose statement through direct daily engagement with teams while also further engaging business development and culture initiatives.

About the AIS Tech Council

The purpose of the Tech Council is to provide advisement and support on issues and initiatives with regards to technical information flows, research integrity, product quality, enhancing culture, enabling vision and fostering an enjoyable work environment.

A Year In Review

Without the expertise of software engineers and research scientists, the world would be a much different place. Let’s make sure they have the best holiday season with these cool finds:

1. Blue Light Blocking Computer Glasses – They are always in front of the screen! Let’s protect their eyes.
2. Tinkering Labs Stem Kit for Kids – For the next generation coders!
3. Chopstick LightSabers – Need we say more?
4. 3D Printer – More expensive gift but worth it!
5. Coded Candle – Everyone needs a good candle, even engineers.
6. Internal/external hard drives – Who couldn’t use more of these?
7. Fungineer Shirt – Because engineers are fun too!
8. Steam gift cards – So many games to choose from!
9. Mechanical keyboard – They use them all day, give them one to last!
10. Robotic Arm – Because every engineer deserves a robot.

AIS and the National Motor Freight Traffic Association, Inc. (NMFTA) have published a vulnerability within trailer Power Line Communications (PLC) signals. The Cybersecurity and Infrastructure Security Agency (CISA) has issued an Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) advisory to bring awareness of the vulnerability to the transportation systems sector.

This research indicates that it is possible to read PLC signals reliably using active antennas at six feet and up to eight feet away. NMFTA researcher Ben Gardiner and AIS researchers Dan Salloum, Chris Poore and Eric Thayer reported this vulnerability to CISA.

“This vulnerability could lead to the exposure of sensitive information, traversing the vehicle bus,” said Thayer, Principal Investigator at AIS. “We expect to be able to build upon this research to identify other potential issues that could impact the reliability and integrity of connected systems.”

CVE-2020-14514 has been assigned to this vulnerability and it has been given a Common Vulnerability Scoring System Version Three (CVSS v3) base score of 4.3.

“This is the first ICS-CERT advisory that AIS has had published,” said Cat Hulser, Program Manager at AIS. “Not only is this an exciting accomplishment for our team, it’s also rewarding to know that we’re contributing to a safer transportation sector in our community.”

To learn more about this advisory, click here.

AIS will be holding a Bareflank Community Call at 3pm UTC on Friday June 12, 2020 via Zoom. The goal of the call is to:

• Provide users with an opportunity to ask questions and meet the team.
• Learn more about the future of Bareflank projects including the hypervisor, Boxy/MicroV, the BSL, PAL and the Standalone C++ library.

As we get closer to the call, the Zoom information as well as an agenda will be posted in Github. Everyone is welcome to join and add items to the agenda.

For details, visit https://github.com/Bareflank/hypervisor/issues/915.

For more information about Bareflank, click here.