Communications of the ACM
New Software Tool Helps Utilities Monitor For Network Security
Sophia is a passive, real time tool for interdevice communication discovery and monitoring of the active elements in a Supervisory Control and Data Acquisition system.
Credit: U.S. Department of Energy
The Sophia software tool created at the U.S. Department of Energy's Idaho National Laboratory (INL) can help network operators spot anomalies that might signal cybersecurity threats or other hazards in time to prevent harm to the system.
The Sophia project was initiated to automate the task of plotting out an organization's complete network to pinpoint the various devices and communication channels, which is the first step of a control system vulnerability assessment. Sophia supports passive monitoring of communication pathways in a static computer network and highlights new types of conversations so operators can decide if a danger is present. Once the software devises a given system's signature, Sophia runs in the background and watches communications across the entire network, flagging anything out of the ordinary. If the software detects suspicious activity, it notifies the operator or network administrator, who can then carry out an investigation.
Sophia also enables the human operator to assess new activity rather than decide for itself if the anomaly is a threat. "It really is the flagship," says INL's David Kuipers. "It's the first technology of this group that will be transitioned to industry."
From Oak Ridge National Laboratory
View Full Article
Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA
No entries found