BFT++ is a family of cyberattack-resilient techniques designed for cyber-physical systems (CPS). Dr. Mertoguno developed this concept around 2015, creating methods that withstand attacks on system controllers by leveraging the inherent periodicity and physical inertia in CPS. The core insight behind BFT++ lies in the significant temporal gap between the ultra-fast cyber domain (nanoseconds to microseconds) and the much slower physical-inertia domain (milliseconds to minutes). By ensuring that the system recovers from errors or exploits before the physical inertia window closes, BFT++ effectively nullifies the impact of these breaches.
All variants of the BFT++ family utilize execution diversity, alongside either stateful recovery or periodic restart mechanisms, to maintain resilient system operations. Its effectiveness has already been demonstrated in real-world applications. For instance, YOLO (also referred to as BFT++ v.3), developed at Columbia University, employs a diversified periodic restart strategy and has been deployed by the U.S. Navy to protect its CPS infrastructure. Another early implementation, known as Vanilla BFT++ (BFT++ v.1)—which relies on diversified redundancy—was originally conceived by Dr. Mertoguno and implemented by the Naval Research Laboratory. This version has been integrated into a prototype cyberattack-resilient ECU for military trucks, a project funded by the Office of the Under Secretary of Defense for Research & Engineering (OUSD (R&E)).
CSAFA labs is working on a hybrid approach called subprocess BFT++, which aims to combine the stateful recovery advantages of Vanilla BFT++ with the minimal implementation costs of YOLO. Beyond strengthening CPS security, the design principles of subprocess BFT++ lay the groundwork for future applications in general computing, guided by the concept of “artificial inertia” to achieve robust cyberattack resilience.