PFI:AIR - TT: Passive Techniques for Monitoring Industrial Control Systems
Georgia Tech Research Corporation, Atlanta GA
Investigators
Abstract
This PFI: AIR Technology Translation project focuses on translating industrial control system (ICS) security techniques to fill the need for methods to secure the Nation's most critical infrastructure (e.g., the electric power grid, critical manufacturing plants, water treatment plants, etc.). The industrial control system security techniques are important because the compromise of these ICS networks can lead to loss of life, widespread blackouts, environmental disasters, and financial loss. The project will result in a prototype of an ICS security and monitoring system. This ICS security and monitoring system has the following unique features: 1) the ability to detect malicious network traffic, the ability to detect malicious programs running on embedded controllers, and 3) the ability to backup programs transmitted over the network. These features provide the following advantages: 1) defense against Nation State level attackers, 2) minimally-invasive techniques to detect malware on embedded controllers, and 3) passive program backups when compared to the leading competing approaches such as standard intrusion detection systems and hardware add-ons in this market space. This project addresses the following technology gaps as it translates from research discovery toward commercial application: intrusion detection, access control, network management, and malware detection for industrial control systems. Specifically, this project presents new ICS specific fingerprinting techniques that can be used to supplement traditional techniques for intrusion detection, access control, or network management. Further, a robust technique for detecting code modification of programmable logic controllers (which was done by Stuxnet), using standard programmable logic controller (PLC) diagnostic information will be developed. Also, a passive method that intercepts and archives binary PLC programs transmitted from the engineering workstation will be developed. In addition, personnel involved in this project, graduate students, will receive innovation, entrepreneurship, and technology translation experiences through requirements and specifications discussions, prototype development, unit/system/integration testing, prototype deployment, and go-to-market strategy development.
View original record on NSF Award Search →