Proposals ought to attempt to “seize and leverage the thought patterns of skilled hackers as they analyze code for vulnerabilities. Utilizing passive, non-invasive biometric sensing, and an instrumented analysis atmosphere, [proposals] will map consultants’ cognitive states to particular components — e.g., capabilities, variables — with minimal disruption to their regular workflow. This course of will seize skilled instinct about relationships between components and their vulnerability detection methods in a complete, machine-readable format. [Proposals] will develop instruments to execute these human skilled methods at machine velocity and scale, enabling [it] to deploy remediations to find vulnerabilities sooner than adversaries can exploit them [using] automated vulnerability detection instruments and fashions of skilled hacker workflows, targeted on hospital gear.”
The RFP additionally sought projections that look like leveraging generative AI, though as a substitute of predicting the following phrase, it is going to attempt to predict the following one or two actions. The expertise “will research the habits and workflows of skilled hackers as they seek for vulnerabilities and can create predictive fashions primarily based on these observations. This may increasingly contain a mix of energetic and passive instrumentation together with however not restricted to gaze monitoring, electroencephalography (EEG), system monitoring, and interviews. Proposals ought to describe the strategy for learning skilled hacker habits and workflows. [It] will restrict skilled hackers beneath commentary to evaluation of artifacts that may be fairly acquired — e.g., utility binaries, firmware photographs — or are publicly out there, akin to open-source code.”
Larry Trotter, CEO of Inherent Safety, which makes a speciality of healthcare security points, stated the federal government proposal confirmed that the company “needs to take steps in the best route” however he stated he was puzzled in regards to the total proposal as a result of it appears to be making an attempt to create instruments that exist already.
“They’re making an attempt to create an automatic vulnerability detection device and there are many instruments right now that already do that within the market,” Trotter stated. “They’re spending cash within the flawed place.”
Trotter additionally questioned how they phrased the portion coping with predictive behaviors. “Utilizing the phrase ‘thought-patterns’ on this context, it seems like they’re making an attempt to learn their minds. It’s a poor selection of phrases,” he stated.
The title of the ARPA-H program is UPGRADE, a slightly tortured acronym standing for “the Common PatchinG and Remediation for Autonomous DEfense program.”
