Industrial control systems (ICS) are the nervous systems of modern day ships, controlling the engines, power generation and distribution, ballasts, and other key systems. Unfortunately these ICS networks are all too often insecure by design and completely ignored by network monitoring and intrusion detection systems. Current ICS network security products offer little more than basic monitoring and shallow intrusion detection, failing to detect skilled nation-state level adversaries or provide any real day-to-day value for operations. The proposed project will address this unmet need by building an ICS network monitoring solution anchored around two patent-pending advanced intrusion detection techniques and supported by new passive machine learning techniques. The first technology fingerprints actuators based on their physical operation time, helping to detect false data injection and equipment malfunctions. The second technology monitors controller program execution time for anomalies and alerts when the programming has been altered. And finally, the new machine learning techniques will combine aspects of both cyber and physical behavior of ICS network nodes and alert on anomalous behavior. A basic prototype will be evaluated on a mock-up testbed of a Navy ship's engine cooling system to prove feasibility and enable accurate design specifications for future development.
Benefit: The proposed network monitoring solution provides wide benefits to entities ranging from the Navy, other DOD components, and the commercial sector. For the Navy, it will help secure the 400+ ships in the fleet and the shipyards that maintain them. Other DOD components benefit indirectly from increased network security at key manufacturing facilities for aircraft, armored vehicles, and munitions. Finally, the nation's most critical infrastructure sectors run on industrial control system networks, including power, manufacturing, water, chemicals, and oil & gas. Cyberattacks on these sectors have the potential to cause billions of dollars in physical damages, widespread blackouts, environmental catastrophes, or even loss of civilian lives. The proposed solution will help secure these systems against nation-state level attacks and provide day-to-day value by helping diagnose maintenance issues and reduce unexpected downtime.
Keywords: anomaly detection, anomaly detection, ICS, Programmable Logic Controller, cyber security, Industrial Control Systems, Network Security, Machine Learning, PLC