Communications of the ACM
Helping Utilities Monitor For Network Security
The Sophia software tool helps defend industrial control system networks against cyber attack by making it easier for operators to find and investigate anomalies that may threaten security.
Credit: Idaho National Laboratory
Idaho National Laboratory (INL) researchers have developed Sophia, software designed to help network operators detect intruders and other anomalies. Sophia monitors communication pathways in a static computer network, flagging new types of conversations so operators can decide if a threat is present. Once the software develops a fingerprint for a given system, Sophia operates in the background and observes communications across the entire network.
The researchers say Sophia can detect new network devices or communication pathways that may signal an intruder's presence early enough to prevent harm to the system. If Sophia spots something suspicious, it alerts the operator or network administrator, who can then investigate. The software also enables the operator to assess new activity rather than trying to decide if the novelty represents a threat.
In order to assess the real-world usefulness of the tool, the INL researchers discussed the program with several utilities and control system vendors who liked the idea and offered to test the software. "It's the first technology of this group that will be transitioned to industry," says INL's David Kuipers.
From Idaho National Laboratory
View Full Article
Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA
No entries found