• Unfettered Blog 6543fe3b84099

    Forecasting where a hacker will go once inside an OT network

    Nov. 2, 2023
    Work is ongoing in identifying cyber threats, vulnerabilities and locating hacker penetration in electric utility and other OT networks

    Work is ongoing in identifying cyber threats, vulnerabilities and locating hacker penetration in electric utility and other operational technology (OT) networks. However, existing technologies including Intrusion Detection Systems, Intrusion Prevention Systems, Security Information and Event Management and Security Orchestration, Automation and Response can’t predict the future movement of a cyber intrusion that has successfully breached the OT network.

    Under U.S. Air Force and Department of Energy (DOE) contracts, the Global Center for Advanced Studies and its subcontractors, Lockheed Martin, Applied Control Solutions, Carnegie Mellon University and Georgia Tech, have developed a prototype modeling approach to forecast a cyber threat’s future maneuvers in compromised OT networks – the Cyber Attack Forecasting Systems (CAFS). The approach is based on techniques used by the DoD for ballistic missile attack warning and assessment, including probabilistic multi-model filters and multi-hypothesis method within a Bayesian framework.

    Figure 1
    Figure 1
    This proven technology has been leveraged to track and forecast future cyber threat attack vectors for effective defense of organizational high value assets and to neutralize those threats. The framework models different classes of threat actors and their behaviors/capabilities in great detail. The result is the addition of a new dimension to cyber defense of predicting the potential next move of the attack vector once inside an OT network (Figure 1). This is particularly important for ICS OT cybersecurity because so many attacks on those systems have originated in business networks and subsequently pivoted into the OT networks.

    This technology became critical as the DOE-sponsored literature search found that the most recent and comprehensive work on cyberattack forecasting was by Iranian researchers.

    If interested in learning more, please contact Dr. Tom Savell at [email protected] or me at [email protected].

    About the Author

    Joe Weiss | Cybersecurity Contributor

    Joe Weiss P.E., CISM, is managing partner of Applied Control Solutions, LLC, in Cupertino, CA. Formerly of KEMA and EPRI, Joe is an international authority on cybersecurity. You can contact him at [email protected]

    Email

    Continue Reading

    Sponsored Recommendations

    The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...
    Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...
    Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...
    Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...

    Latest from Unfettered Blog

    Defense planning involves the development of strategies, policies, and doctrines to address security challenges and achieve national defense objectives
    3d rendering energy storage system or battery container unit with blue sky background
    two businessmen on a road bridge that is breaking down and disconnecting

    Most Read

    Sponsored