Excellence in Research: Cyber Threats Early Warning Framework for Operational Technology Systems

卓越研究：运营技术系统的网络威胁预警框架

基本信息

批准号：
2200538
负责人：
Sajad Khorsandroo
金额：
$ 40万
依托单位：
North Carolina Agricultural & Technical State University
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2022
资助国家：
美国
起止时间：
2022-09-01 至 2025-08-31
项目状态：
未结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2200538&HistoricalAwards=false
关键词：
Excellence Research Cyber Threats Early

项目摘要

The cyber community is experiencing an imminent shift in cyber-attacks from traditional Information Technology (IT) infrastructures that run business systems to the Operational Technology (OT) infrastructures that control industrial operations. A hasty reaction to this change in the cyber threat landscape has been reusing existing cyber security solutions commonly applied to the IT domain. This is not a robust long-term solution. IT and OT systems are intrinsically different; hence, their attack surfaces and vectors can also be different. Moreover, the cyber community needs to broaden its knowledge about the malicious techniques and methods used by attackers to target OT infrastructures. Accordingly, this project investigates a cyber threats early warning framework for operational technology environments. The project’s outcomes will advance the science of securing operational technology systems and inspiring attack-resilient designs and deployments for such environments. It introduces intelligent-interaction decoys to mimic temporal and spatial characteristics and behavior of heterogeneous operational technology systems. The project also investigates the feasibility of a deep programmable, open, and software-defined infrastructure to facilitate fast, adaptive, and intelligent-assisted attack collection, characterization, and detection/prediction. The proposed framework runs on off-the-shelf commodity servers on the edge of OT domains while its performance and throughput scale exponentially with increased computational power.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

网络社区正在从传统信息技术（IT）基础架构转变为运营业务系统转换为控制工业运营的运营技术（OT）基础架构的网络攻击即将发生转变。对网络威胁格局的这种变化的仓促反应一直在重复使用通常应用于IT领域的现有网络安全解决方案。这不是强大的长期解决方案。 IT和OT系统本质上不同。因此，它们的攻击表面和向量也可能不同。此外，网络社区需要扩大其对攻击者针对OT基础架构的恶意技术和方法的了解。根据该项目的研究，该项目研究了针对操作技术环境的网络威胁预警框架。该项目的成果将推进确保运营技术系统并激发这种环境的攻击弹性设计和部署的科学。它引入了智能相互作用的诱饵，以模仿异构操作技术系统的临时和空间特征和行为。该项目还投资了可行，开放和软件定义的基础架构的可行性，以促进快速，自适应和智能辅助攻击收集，表征和检测/预测。所提出的框架在OT域边缘的现成商品服务器上运行，而其性能和吞吐量量表则以增强的计算能力为指数级。该奖项反映了NSF的法定任务，并通过使用基金会的知识分子优点和更广泛的影响标准来评估NSF的法定任务。