SoylentNews is people

Title    Def Con Hackers Ready AI Fixes To Critical Health-Care Flaws
Date    Sunday March 31, @02:24AM
Author    hubie
from the year-of-linux-in-the-pacemaker dept.

Arthur T Knackerbracket has processed the following story:

AIxCC is the two-year competition that DARPA announced last summer at Black Hat which challenges teams to build AI-based tools that automatically secure code used in critical infrastructure.

The new government agency partner is the Advanced Research Projects Agency for Health (ARPA-H), an independent research entity within the US National Institutes of Health.

By joining forces with the Pentagon's research arm, ARPA-H aims to promote the development of AI-based tech that can find and fix critical vulnerabilities in medical devices, biotech, and hospital IT systems, thus preventing destructive cyberattacks against life-saving equipment and facilities.

"Healthcare is both acutely being targeted, and it's been more and more targeted over the last few years," ARPA-H program manager Andrew Carney told The Register. "It's also uniquely sensitive to disruptions compared to many other critical infrastructure sectors."

[...] Most of America witnessed this first hand over the past month as a ransomware infection shuttered Change Healthcare's IT systems in February, knocking many pharmacies offline and preventing patients from receiving medication and other care.

"While the repercussions of this incident have been primarily – though not wholly – financial, what keeps me up at night is the possibility of a similar widespread attack directly affecting patient care and safety," US Senator Mark Warner (D-VA) said earlier this month. 

[...] This is where DARPA, partnering with APRA-H, comes into play to boost AI-enabled technology to secure healthcare systems — and sweeten the monetary rewards.

Competing teams receive challenges based on real-world software used in critical infrastructure systems. Bringing on APRA-H as a partner will help ensure the competition addresses critical flaws in healthcare. Plus, the research agency has committed an additional $20 million in rewards for the contest.

[...] While Carney can't give away too much about what the contests will involve, one that's already been announced is the Linux kernel challenge project [PDF]. "We know that the Linux operating system powers a lot of the devices and systems in many – if not all – of our critical infrastructure sectors," he said. 

This example challenge reintroduces a real-life vulnerability, CVE-2021-43267, in the Linux kernel's Transparent Inter Process Communication (TIPC) subsystem, which allows communication across clusters on a network. The challenge vulnerability is a heap-based buffer overflow flaw.

"And successes that we have against that challenge are implicitly very representative of the software that we would need to secure in these sectors at large," Carney said.

"And then specific to healthcare, if we start looking at medical devices, 60 percent of all medical devices run some flavor of Linux operating system," he added. "So once again, as competitors find and fix vulnerabilities in that example challenge, that translates into real-world safety, and better defended, safer systems."

Original Submission


  1. "following story" -
  2. "DARPA announced" -
  3. "pharmacies offline" -
  4. "said" -
  5. "PDF" -
  6. "Original Submission" -

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Def Con Hackers Ready AI Fixes To Critical Health-Care Flaws on 2024-05-21 22:12:12