SCADA Hawk – An Integrated Anti-Tamper Technology

Award Information
Agency:
Department of Defense
Amount:
$99,907.00
Program:
STTR
Contract:
FA8650-10-M-1880
Solitcitation Year:
2009
Solicitation Number:
2009.B
Branch:
Air Force
Award Year:
2010
Phase:
Phase I
Agency Tracking Number:
O09B-003-1010
Solicitation Topic Code:
OSD09-T003
Small Business Information
Technical Support Inc.
11253 John Galt Blvd., Omaha, NE, 68137
Hubzone Owned:
N
Woman Owned:
N
Socially and Economically Disadvantaged:
Y
Duns:
154454243
Principal Investigator
 William L Sousan
 Senior Software Engineer
 (402) 331-4977
 bsousan@techsi.com
Business Contact
 Jim Spitzenberger
Title: Chief Operating Officer
Phone: (402) 331-4977
Email: jims@techsi.com
Research Institution
 University of Nebraska at Omaha
 Mary Laura Farnham
 6001 Dodge Street, EAB 203
Omaha, NE, 68182
 (402) 554-2286
 Nonprofit college or university
Abstract
Our proposal is to develop SCADA Hawk: an integrated anti-tamper technology that uses a hardware-software combined methodology for the observational monitoring of existing systems with selective reaction capabilities. By enabling detailed monitoring capabilities our goal is to isolate anomalies in system behavior and take preventive measures. While profiling of normal behavior on traditional IT systems might be infeasible, the repetitive and predictable nature of SCADA system operation lends itself nicely to the technique. The monitoring will eventually be accomplished by the creation of various “instrumentation modules” whose job is to examine such items as network traffic, commands being delivered by the SCADA system, and so forth. We plan on utilizing two kinds of modular constructs: 1. Software Instrumentation, named (COLLECTORs) that actively collects and reports any transitions in the operational states of the SCADA system and prevents tampering by blocking unauthorized or unexpected instruction sequences. 2. Firmware-based Behavior Monitoring modules, named (AGENTs) that continuously verifies in real-time that the operational states collected by the COLLECTOR match the expected operational profile for the monitored software application. Anomalies are reported to a central station as well as preventive steps (if known) are conveyed back to the COLLECTOR to engage in tamper-prevention steps.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government