SBIR-STTR Award

Advances in Internet services, location-based services, and mobile wireless services lead to the development of cyberattacks that are persistent, complex, and can propagate rapidly to severely impact all aspects of our life, economy, and national security. This problem is even more severe for Navy unmanned vehicle systems (UxS) and the most dangerous threat types focus on the applications to be provided by the Unmanned Maritime Autonomic Architecture (UMAA) (e.g., mission management, support, processing operations, maneuver operations, situation awareness). Existing cybersecurity technology and tools have failed to protect our cyberinfrastructure for many reasons: They are mainly signature based solutions that cannot detect new and novel cyber-attacks. They use many isolated and heterogeneous tools for monitoring performance, fault, and security that make it extremely difficult for human to comprehend and manage in a timely manner. They are typically developed as threat response (defensive) technologies that inherently cause operational issues as they respond and repair attack damages. They are manually intensive activities that make them too slow to respond and act in a timely manner against malicious threats (e.g., according to a recent survey of 50 benchmark companies, the average detection of a cyber-attack is 18 days and more than 200 days for detecting an insider threat if successful). In this SBIR Phase I, we will leverage AVIRTEK Autonomic Cyber Security (ACS) technology to develop Autonomic Protection for UMAA services (AP-UMAA). The ACS technology is a true alternative to the existing cybersecurity technologies that will revolutionize the way we secure and protect our cyberspaces. It can efficiently and cost-effectively address the current and future challenges of cybersecurity.

Benefit:
The success of commercializing of the proposed AP-UMAA technology will overcome the current cybersecurity challenges by providing a multi-layer monitoring and real-time analysis for unmanned maritimes through anomaly behavior analysis and autonomous management along with autonomic incident response. Hence, it will be benefiting air craft controllers, cyber battle management commanders and operators, disaster management, just to name a few.

Keywords:
incident response, incident response, insider threat, anomaly behavior, Autonomous, Man-in-the-middle, UxS, DoS

The main goal of the project is to developed Self-protection capabilities for the NAVY Unmanned Maritime Vehicles (UMV) against Denial of Service (DoS) attacks, Man-in-the-Middle (MITM), and unauthorized data exfiltration from both internal and external attackers. The UMV-AP platform to be developed will provide the following capabilities: Behavior Analysis Units (BAUs) of UMV Services This module will include several BAUs that will detect any malicious attack or compromises of the UMV services as well as the UMV sensors and actuators. Autonomic Incident Response System This module will implement the recommended actions from the threat modeling and analysis of the UMV services so they can be executed automatically without the need for human intervention. UMV Management Interface (UMI) This module provides the capability to self-configure UMV services, monitors their current state, and lists the actions that can be executed to implement the recommended responses for each detected attack type. The User Interface (UI) This module provides full visibility into the current states of the UMV services and explains the logic behind the recommended actions. Honeywell CyberChip (HC2) This secure hardware module provides a zero-trust solution for hosting the anomaly behavior analysis services and for providing cyber-resilience to the tactical edge platform. Honeywell Embedded Anomaly Detection (HEAD) This service provides real-time detection of the cyber anomaly in the network data of the tactical edge platform. The service executes on the HC2 module as embedded service.

Benefit:
The anticipated benefits are: 1. The technology will provide unprecedented capabilities to identify all vulnerabilities that can be exploited by cyberattacks, how to detect them and how to stop them or mitigate their impacts autonomically without the need for human or user intervension. 2. We expect this technology to have wide deployment in DoD and Commercial markets because currently we do not have self-protection capabilities of our critical cyber infrastructures and their applications. The UMV-AP technology will fill the current gap and provide AI/ML superior cyber protection technology against attacks at all levels from the physical sensor/actuator level to the application level.

Keywords:
autonomic management of UMV services. Self-protection of UMAA services., autonomic protection, self-protection of ICS, threat modeling and analysis of ICS