USA flag logo/image

An Official Website of the United States Government

SBIR Phase I: Securing Industrial Control Networks with Network Forecasting

Award Information

Agency:
National Science Foundation
Branch:
N/A
Award ID:
Program Year/Program:
2013 / SBIR
Agency Tracking Number:
1248147
Solicitation Year:
2012
Solicitation Topic Code:
EI
Solicitation Number:
Small Business Information
Observable Networks, LLC
7000 Washington Ave St. Louis, MO 63130-4310
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 1
Fiscal Year: 2013
Title: SBIR Phase I: Securing Industrial Control Networks with Network Forecasting
Agency: NSF
Contract: 1248147
Award Amount: $150,000.00
 

Abstract:

The innovation of network forecasting is a new approach to securing industrial control networks that is based upon 1) discovering, monitoring, and modeling all devices on a network, 2) using these models to predict future device behavior, 3) evaluating past predictions with current observations of networked device behavior, and 4) investigating prediction-observation discrepancies to discover misbehaving devices. The intellectual merit of the innovation lies in its departure from traditional network security paradigms. Traditional approaches, such as signature-based anti-virus and intrusion prevention systems, detect misbehaviors by recognizing repeats of past behaviors; these approaches necessarily overlook one-of-a-kind or zero-day misbehaviors. In contrast, network forecasting incorporates an understanding of correct and expected network behavior so that aberrant behavior can be identified even if it has not been seen before. The approach will be built upon the foundation of Continuous Device Profiling (CDP), which concretely models and monitors the active roles that devices assume on the network. Network forecasting will predict near-future CDP characteristics of devices; when predictions fail to match reality on the network, network operators can respond without needing to fully understand the details of the threat that caused the disturbance. The broader/commercial impact of this innovation is substantial because critical infrastructure represents both a significant investment and a substantive risk in modern society. While recent cyber attacks may have heightened public awareness of these threats, such infrastructure has been the object of sustained concern from government and private-sector groups for many years. However, as our need for increased security in critical infrastructure has grown, the effectiveness of network security methods has diminished; the pace of effective cyber attacks and network breaches is increasing, not decreasing, as time passes. If successful, network forecasting has the potential to transform the security and monitoring practices in nearly all domains of critical infrastructure, far beyond the power plant demonstration this proposed effort will undertake. The stakes are high: future cost savings, technological advances and economic prosperity all presume the existence of secure, networked critical infrastructure. Substantial advances in the security of such infrastructure, such as that promised by network forecasting, can help protect that future.

Principal Investigator:

Michael J. Schultz
3146621665
mjschultz@obsrvbl.com

Business Contact:

Michael J. Schultz
3146621665
mjschultz@obsrvbl.com
Small Business Information at Submission:

Observable Networks, LLC
7000 Washington Ave St. Louis, MO 63130-4310

EIN/Tax ID: 452646176
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No