SBIR-STTR Award

Cybersecurity risk assessments practiced today are mostly qualitative in nature and inadequate to address the real-time cyber threat, especially advanced persistent threat (APT) in the enterprise. Cybersecurity operations rely heavily on various security tools running in silos and generating large volumes of security data that are difficult to comprehend and provide little value for actionable decision support. To help maximize the cyber defense agility and responsiveness of Navy platform systems, we propose an innovative software tool called Cynalytics™ that provides enhanced threat identification and risk analysis functions using a multi-dimensional machine learning (ML) model. Based on unsupervised learning techniques, Cynalytics will integrate various IT/OT and platform sensor data for APT detection, and derive quantitative threat severity scores based on anomaly pattern recognition and probability-driven algorithms. Cynalytics will be a web-based, cloud-enabled application capable of ingesting real-time data at different levels and providing actionable, risk-informed decision support, augmenting the Risk Management Framework based CYBERSAFE functions. Our Phase I effort will focus on the ML model design with a quantitative threat evaluation metrics for industrial control systems (ICS), and the development of a prototype with use cases to demonstrate feasibility of the proposed solution with extensibility to Naval/DOD control and weapon systems.

The goal of this SBIR is to develop an innovative software product called Cynalytics™ that uses ML for real-time cyber threat detection in industrial control systems (ICS), including Supervisory Control and Data Acquisition (SCADA) and Distributed Control Systems (DCS). During Phase I, we developed a multi-dimensional ML model for threat detection with test data generated from a real ICS lab and achieved excellent detection results. In addition, we established a set of quantitative threat evaluation metrics and related indicators for cyber risk and resilience assessment. Based on Phase I prototyping results, our Phase II R&D will focus on optimizing the ML detection performance with enhanced metrics, conducting extensive tests (simulated and on-stage adversarial attacks) in a physical ICS testbed, and developing Cynalytics into a full-fledged, web-based product with real-time data ingestion and anomaly detection capabilities. We plan to conduct extensive product tests in both simulated and real physical ICS environment to ensure product robustness and transition readiness. This SBIR will help fill an important technology gap in applying machine learning (ML) to Industrial Control Systems (ICS) cybersecurity since naval systems (e.g. navigation, control, electrical/hydraulic power, etc.) and Defense/Weapon Systems (e.g. missiles, sensors, and power) are special types of ICS that require extreme security protections from malicious cyber actors. A successful delivery of Cynalytics will help enhance the DON CYBESAFE programs for ICS, and ensure a potential program adoption and field test in Phase III for the accelerated transition of this SBIR technology to the DON/DOD operational environment.