RTX’s BBN Technologies has been awarded a contract from the Defense Advanced Research Projects Agency to support the Intelligent Generation of Tools for Security, or INGOTS, program, which aims to counter increasingly complex exploit chains in cyberattacks.
Exploit chains, which link multiple vulnerabilities for a single attack, are a growing concern as cyber threats become more sophisticated. The Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalog has topped 1,300 entries, reflecting the expanding risks to critical services and networks. Current assessments rely heavily on manual analysis, which is time-intensive and requires specialized expertise.
“Effectively countering exploit chains requires more than just identifying individual vulnerabilities. It demands a system that can replicate real-world attack scenarios and anticipate potential risks before they are exploited,” said Jack Dietz, BBN principal investigator.
BBN will use its expertise in testbed architecture to develop the System Test of Android at Large-scale Accelerating Generation and Modeling for INGOTS Test and Evaluation, or STALAGMITE. The platform will provide a secure environment for testing exploit analysis tools through realistic simulations of Android vulnerabilities, automated testing and proactive threat response.
“Today’s manual methods for assessing exploitability are costly, time-consuming and lack scalability and efficiency,” Dietz said. “We aim to alleviate this burden from security professionals by accelerating the automatic identification of security risks across various devices and configurations using precise testing and measurement to strengthen overall cybersecurity defenses.”
Although INGOTS focuses on Android, DARPA expects the tools and methods developed to have broad applications across personal, enterprise, government and military networks. Work on the program will be conducted in Cambridge, Mass.; Columbia, Md.; and Rome, N.Y. The BBN-led team includes Assured Information Security.