The security of Industrial Control Systems (ICS), which includes supervisory control and data acquisition (SCADA) systems, has been and remains a focus of cyber defense and energy professionals across government, industry, and academia. SCADA systems are highly distributed systems used to remotely monitor and control the operations in industries such as water distribution, wastewater collection, electrical power grids, and oil and gas pipelines. Recently, the vulnerability of these systems has been highlighted by cyber attacks on utilities companies.
We are focused on creating tradecrafts and technologies for analysts to protect this critical infrastructure. As SCADA systems have modernized, there is more data available to aid those tasked to architect, defend, and maintain the systems. The focus of this effort will be the exploration, development, testing, and implementation of new techniques spanning three types of tradecrafts: open source tradecraft, predictive analytic tradecraft, and structured analytic tradecraft. To enable these new techniques, we will adapt and develop technologies to enable these processes. Underpinning all of these efforts will be research and development efforts in data engineering, data analytics and data science, visualizations, and innovative reporting techniques. While our efforts will be based on and targeted to defense of SCADA systems, our goal is to develop techniques and supporting technologies that are sufficiently generalizable so that they may be of value to a wide variety of analysts working a wide variety of problems.
Potential areas of investigation related to security of ICS/SCADA systems include, but are not limited to:
- Identification of anomalous behavior and trends
- Development of analytic discovery techniques
- Visualizations for network data
- Methods and algorithms for data integration, to include data engineering, preparation and blending
- Generation of dynamic reports based on data, analytic results, and analysis
- Definition of models and methods to anticipate future scenarios
A successful research effort focused on equipping analysts to enhance tradecraft using SCADA as the focus will include development and application of predictive analytics, identification and visualization of patterns and anomalies, and the ability to report information dynamically. Our goal is to integrate this into a prototype application in which multiple data sources can be used to investigate cyber threats to critical infrastructure.