![The sights of the Paris Air Show Day 2 [PHOTOS]](https://breakingdefense.com/wp-content/uploads/sites/3/2025/06/IMG_1837-scaled-e1750181568851.jpg?#)
![An FCAS fracas and Embraer’s European embrace: Paris Air Show Day 2 [Video]](https://breakingdefense.com/wp-content/uploads/sites/3/2025/06/IMG_3682-e1750159767304.jpg?#)
![[Updated] U.S. Air Force Mobilizes F-22s and F-35s as Situation in Middle East Escalates](https://theaviationist.com/wp-content/uploads/2025/06/F-22_F-35_CENTCOM-top.jpg)
DARPA aims to make defense firms ‘much, much harder’ to hack with ‘formal methods’ push
Right now, DARPA’s Kathleen Fischer said, much of the defense industrial base is “choosing to leave the doors open, leave the windows up and not use the locks” in cyberspace.
Members of the 56th Air and Space Communications Squadron at Joint Base Pearl Harbor-Hickam operate cyber systems using a Enhanced communications flyaway kit at Alpena Combat Readiness Training Center, Alpena, Michigan, July, 12, 2021.(U.S. Air Force photo by Tech. Sgt. Amy Picard)
WASHINGTON — The Defense Advanced Research Projects Agency announced the launch of what the agency is calling a “mini” cybersecurity capstone program today, to push the defense industrial base (DIB) in ways that “make it so that we don’t lose our next serious conflict.”
“We haven’t had a major hack that’s had national security consequences. It hasn’t happened in the past, so it’s not going to happen in the future, right? That’s not really sound reasoning,” Kathleen Fischer, the deputy director of DARPA’s Information Innovation Office, said today, referring to a hack with destructive or kinetic results. “An adversary that might be planning something in the future wouldn’t do it in the past to give us warning and get us prepared in the future.”
That’s why DARPA is pushing the “Resilient Software Systems Accelerator,” an initiative to provide seed funding to companies who develop “formal method tools” for defense companies. Formal methods are “mathematically rigorous techniques that create mathematical proofs for developing software that eliminate virtually all exploitable vulnerabilities,” according to DARPA.
Such processes are needed to protect against and deter adversarial cyber threats brought on by legacy technology, Fischer said at during DARPA’s Resilient Software Systems Colloquium event. Fischer explained that the DIB has the tools it needs to adopt formal methods, but is well behind where it should be in doing so, given that DARPA has been adopting formal methods since 2011 with its High-Assurance Cyber Military Systems (HACMS) program.
“We’re trying to get a spiral going where we can get everybody on the same page and the same level of awareness that these technologies exist and are ready for prime time, and that there’s a user base, a customer base, that is ready to use these technologies,” Fischer said.
She said formal methods guarantee that it will be “much, much harder” for adversaries to hack into DIB software systems.
“I talk about formal methods as kind of an analogy with security, for physical security, for houses, for businesses, for military installations. Right now, our analogy with where we are with cybersecurity is our doors are open, our windows are open. We actually know how to close the doors, close the windows and lock the doors and lock the windows, and we are choosing not to use that technology,” Fischer said. “We are choosing to leave the doors open, leave the windows up and not use the locks.”
Major defense industrial firms have certainly been the targets of successful hacks in the past, including an infamous hack disclosed by The Washington Post in 2013 in which Chinese cyber operators were allegedly able to pilfer secrets related to a range of Pentagon programs, including the highly secretive F-35 stealth fighter. Last year the head of US Cyber Command warned the DIB that China was “actively” targeting their networks.
Looking forward, however, DARPA announced today that the Air Force will incorporate formal methods into its MQ-9 Reaper drone program as part of the agency’s Resilient Software Systems Capstone program launched last year.
“The MQ-9 Capstone program will improve DARPA program support by providing a step-increase in our ability to accelerate robust and resilient weapon system software to the field,” Oren Edwards, chief engineer of the Air Force Life Cycle Management Center’s Medium Altitude UAS Division, said in a DARPA press release.
That ongoing capstone program will involve one operational platform from each military service, however the Air Force is the first to identify its pilot weapon system, the press release said.
“The Air Force team working with DARPA on the Capstone chose the MQ-9 due to the lower technical barriers-to-entry of the weapon system itself, as well as the lower cultural barriers-to-entry within the organizational enterprise,” the release read.
Fischer told reporters on the sidelines of today’s event that the Army, the Navy and National Aeronautics and Space Administration as a “surrogate” of the Space Force will have their capstone projects “kick off in the next month or two.”
Fischer said she acknowledges the fact that formal methods are “not going to solve all problems,” but they are a good start.
“A well-defended, well-resourced adversary, can probably still break into our businesses, homes, military installations, but it will be a lot harder, and it will give us more time to defend ourselves, et cetera. So it’s still a really good decision,” she said.
Following today’s “special notice of intent” for the mini-capstone, DARPA will provide a request for information in the “near future” for companies to submit their proposals on why they should receive formal methods funds, Fischer said.
