SBIR Phase I: Securing Industrial Control Networks with Network Forecasting
The innovation of network forecasting is a new approach to securing industrial control networks that is based upon 1) discovering, monitoring, and modeling all devices on a network, 2) using these models to predict future device behavior, 3) evaluating past predictions with current observations of networked device behavior, and 4) investigating prediction-observation discrepancies to discover misbehaving devices. The intellectual merit of the innovation lies in its departure from traditional network security paradigms. Traditional approaches, such as signature-based anti-virus and intrusion prevention systems, detect misbehaviors by recognizing repeats of past behaviors; these approaches necessarily overlook one-of-a-kind or zero-day misbehaviors. In contrast, network forecasting incorporates an understanding of correct and expected network behavior so that aberrant behavior can be identified even if it has not been seen before. The approach will be built upon the foundation of Continuous Device Profiling (CDP), which concretely models and monitors the active roles that devices assume on the network. Network forecasting will predict near-future CDP characteristics of devices; when predictions fail to match reality on the network, network operators can respond without needing to fully understand the details of the threat that caused the disturbance. The broader/commercial impact of this innovation is substantial because critical infrastructure represents both a significant investment and a substantive risk in modern society. While recent cyber attacks may have heightened public awareness of these threats, such infrastructure has been the object of sustained concern from government and private-sector groups for many years. However, as our need for increased security in critical infrastructure has grown, the effectiveness of network security methods has diminished; the pace of effective cyber attacks and network breaches is increasing, not decreasing, as time passes. If successful, network forecasting has the potential to transform the security and monitoring practices in nearly all domains of critical infrastructure, far beyond the power plant demonstration this proposed effort will undertake. The stakes are high: future cost savings, technological advances and economic prosperity all presume the existence of secure, networked critical infrastructure. Substantial advances in the security of such infrastructure, such as that promised by network forecasting, can help protect that future.
Small Business Information at Submission:
Observable Networks, LLC
7000 Washington Ave St. Louis, MO 63130-4310
Number of Employees: