State sponsored cyber criminals are actively and perpetually scanning and probing to discover vulnerabilities to gain access to networks. The rapid proliferation of Internet of Things (IoT) devices on networks, which are almost all left unprotected, provide limitless points of entry to actively spy on and/or disable USAF operations. The USAF, like the rest of the world, is rapidly adopting IoT devices as part of its commercial systems, including controls and sensors in critical infrastructure to enhance operations and reduce costs, but these devices are unprotected and ignored. Every sensor such as a wall thermostat or pressure gauge offers a way for malicious actors to enter and compromise USAF networks. In April of last year, state sponsored Iranian cyber criminals were linked to a cyber-sabotage of Israeli water supplies. The criminals sought to cripple computers that control water and wastewater treatment in Israel, proof that our adversaries are fully capable of doing the same to us, crippling our operations by attacking USAF critical infrastructure systems. It has and will continue to happen here in the United States. We are not impervious to attacks on critical infrastructure. In fact, a cyber intrusion into an American water treatment facility occurred this month, February 2021. In Pinellas County, Florida a cyber criminal infiltrated and poisoned the water supply by penetrating the treatment facilityâs online system. Another example of this very real threat is the data breach of industry giant, Target, which cost the company $202 million in damages-the access point, a heating, ventilating, and air conditioning (HVAC) system. All IoT devices, from networked printers, to camera systems, to HVAC systems, to controls that operate, test, and measure critical infrastructure like water and electricity provide access points for cyber intrusion. When a breach happens in the DoD, itâs not just money on the line, itâs all of our military operations and the lives of our warfighters. These unprotected risks have been identified by USAF leadership as being in need of immediate hardening, and Symphionâs solution fills the gap. Symphionâs SBIR proposal is to adapt its commercially successful solution to meet USAF classified, non-classified and civilian needs to fill this known cyber security gap for USAFâs industrial control systems and critical infrastructure. Symphion will accomplish this through adapting its software and current remote delivery model to meet DoD
