
Risk Reduction and Resiliency Modeling Software for Industrial Control SystemsAward last edited on: 2/10/2023
Sponsored Program
SBIRAwarding Agency
DOD : NavyTotal Award Amount
$739,822Award Phase
2Solicitation Topic Code
N191-030Principal Investigator
Corren McCoyCompany Information
Phase I
Contract Number: N68335-19-C-0594Start Date: 7/17/2019 Completed: 12/7/2020
Phase I year
2019Phase I Amount
$239,855Benefit:
Cyber threats against ship combat and platform systems are not new but evolving. For the U.S. Navy, the operational and warfighting capabilities are often controlled by automated shipboard systems (hull, mechanical and electrical (HM&E)). These systems are closely interconnected and controlled utilizing vendor-developed or -provided commercial-off-the shelf (COTS) software and hardware. This architectural design, along with the current Department of Defense acquisition strategy which encourages the Navy to procure software and hardware from commercial vendors, exposes the systems to various potential cyberattacks due to insider threats. Program Offices and engineering support activities across the Navy are looking for more efficient and effective ways to evaluate, manage, and implement cybersecurity measures that use a better and more diverse set of criteria for decision making. The approach to implementing cybersecurity measures in this fashion will look less at blanket security measure requirements that add little to no value and more towards affordable solutions that evaluate the best security measures to reduce risk and maximize resiliency. Industrial control systems (ICS), program logic controllers (PLCs), and Supervisory Control and Data Acquisition (SCADA) systems require firmware and software to perform their function. However, their technical and operational footprint may not match that of a traditional information technology (IT) system. While these systems may have critical functions and still must uphold the standards of availability, integrity, and confidentiality, their function and purpose may not carry the same voluptuous nature of integration, communication, and data management that warrant or require the traditional standards of cybersecurity. For these reasons, it is necessary to develop a new strategy and capability that will quantify and standardize a process for measuring resiliency that can be evaluated across all information systems.
Keywords:
Industrial Control Systems, Industrial Control Systems, Risk Management, Critical Infrastructure, SysML modeling, Cybersecurity Defense-in-depth, System of Systems, MBSE, Cybersecurity Resiliency
Phase II
Contract Number: N68335-21-C-0171Start Date: 11/20/2020 Completed: 5/25/2022