SCADA Hawk - An Integrated Anti-Tamper Technology
Agency / Branch:
DOD / OSD
Our proposal is to develop SCADA Hawk: an integrated anti-tamper technology that uses a hardware-software combined methodology for the observational monitoring of existing systems with selective reaction capabilities. By enabling detailed monitoring capabilities our goal is to isolate anomalies in system behavior and take preventive measures. While profiling of normal behavior on traditional IT systems might be infeasible, the repetitive and predictable nature of SCADA system operation lends itself nicely to the technique. The monitoring will eventually be accomplished by the creation of various "instrumentation modules" whose job is to examine such items as network traffic, commands being delivered by the SCADA system, and so forth. We plan on utilizing two kinds of modular constructs: 1. Software Instrumentation, named (COLLECTORs) that actively collects and reports any transitions in the operational states of the SCADA system and prevents tampering by blocking unauthorized or unexpected instruction sequences. 2. Firmware-based Behavior Monitoring modules, named (AGENTs) that continuously verifies in real-time that the operational states collected by the COLLECTOR match the expected operational profile for the monitored software application. Anomalies are reported to a central station as well as preventive steps (if known) are conveyed back to the COLLECTOR to engage in tamper-prevention steps.
Small Business Information at Submission:
William L. Sousan
Senior Software Engineer
Chief Operating Officer
Research Institution Information:
Technical Support Inc.
11253 John Galt Blvd. Omaha, NE 68137
Number of Employees:
University of Nebraska at Omaha
6001 Dodge Street, EAB 203
Omaha, NE 68182
Mary Laura Farnham