Unified Logging Architecture for Performance and Cybersecurity Monitoring

In order to achieve real-time monitoring, analysis, and alerting for complex systems, a unified logging architecture must exist that can support the collection and analysis of big data. Our technical objective is to develop a unified logging architecture that supports collection, aggregation, storage, and analysis of system performance and cybersecurity logs, events, and alerts produced by Naval Control Systems (NCS). IDT is a Department of Defense industry leader in automated test and analysis for real-time defense systems. Carnegie Mellon University – Software Engineering Institute (SEI) is the industry subject matter expert on cybersecurity and data distribution. IDT and SEI are teaming together to provide the Navy the desired capability. IDT and SEI will define and create a prototype Kafka-Based Unified Logging Architecture framework (K-BULA). K-BULA provides real-time, dynamic pipelines for active and passive data to be stored and analyzed, resulting in full cyber situational awareness for mission critical systems. Our solution is capable of extracting data from networks transparently; it will also extract data from nodes by leveraging a lightweight agent installed on the node itself; it will be deployed on a dedicated server that has interfaces into the nodes and network enclaves that are present in a typical NCS.