SCADA Hawk – An Integrated Anti-Tamper Technology

SCADA Hawk – An Integrated Anti-Tamper Technology

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8650-10-M-1880
Agency Tracking Number: O09B-003-1010
Amount: $99,907.00
Phase: Phase I
Program: STTR
Awards Year: 2010
Solicitation Year: 2009
Solicitation Topic Code: OSD09-T003
Solicitation Number: 2009.B
Small Business Information
11253 John Galt Blvd., Omaha, NE, 68137
DUNS: 154454243
HUBZone Owned: N
Woman Owned: N
Socially and Economically Disadvantaged: Y
Principal Investigator
 William L Sousan
 Senior Software Engineer
 (402) 331-4977
 bsousan@techsi.com
Business Contact
 Jim Spitzenberger
Title: Chief Operating Officer
Phone: (402) 331-4977
Email: jims@techsi.com
Research Institution
 University of Nebraska at Omaha
 Mary Laura Farnham
 6001 Dodge Street, EAB 203
Omaha, NE, 68182
 (402) 554-2286
 Nonprofit college or university
Abstract
Our proposal is to develop SCADA Hawk: an integrated anti-tamper technology that uses a hardware-software combined methodology for the observational monitoring of existing systems with selective reaction capabilities. By enabling detailed monitoring capabilities our goal is to isolate anomalies in system behavior and take preventive measures. While profiling of normal behavior on traditional IT systems might be infeasible, the repetitive and predictable nature of SCADA system operation lends itself nicely to the technique. The monitoring will eventually be accomplished by the creation of various “instrumentation modules” whose job is to examine such items as network traffic, commands being delivered by the SCADA system, and so forth. We plan on utilizing two kinds of modular constructs: 1. Software Instrumentation, named (COLLECTORs) that actively collects and reports any transitions in the operational states of the SCADA system and prevents tampering by blocking unauthorized or unexpected instruction sequences. 2. Firmware-based Behavior Monitoring modules, named (AGENTs) that continuously verifies in real-time that the operational states collected by the COLLECTOR match the expected operational profile for the monitored software application. Anomalies are reported to a central station as well as preventive steps (if known) are conveyed back to the COLLECTOR to engage in tamper-prevention steps.

* Information listed above is at the time of submission. *

Agency Micro-sites

SBA logo
Department of Agriculture logo
Department of Commerce logo
Department of Defense logo
Department of Education logo
Department of Energy logo
Department of Health and Human Services logo
Department of Homeland Security logo
Department of Transportation logo
Environmental Protection Agency logo
National Aeronautics and Space Administration logo
National Science Foundation logo
US Flag An Official Website of the United States Government