This Small Business Innovation Research (SBIR) Phase II project should provide a novel cyber security solution for Industrial Control Systems (ICS) based on Power Fingerprinting (PFP) technology. PFP provides integrity assessment and intrusion detection for embedded and resource-constrained platforms by using an external device to monitor side-channel information and applying signal processing techniques to determine the execution status of a processor. Because PFP monitoring is performed by an external device, it can be applied to platforms with constrained computational resources, such as Industrial Control Systems, for which solutions based on traditional cyber security approaches are practically inexistent. There are no commercially available solutions capable of monitoring the execution and detecting intrusions directly in core ICS elements, such as Programmable Logic Controllers (PLCs). The objectives of this Phase II effort include: 1) Develop a PFP monitor prototype for ICS by integrating commercially available components, 2) Develop the necessary software tools to support ICS monitoring, and 3) Validate the prototype using representative ICS platforms used in critical infrastructure. At the end of Phase II, the prototype PFP monitor will be demonstrated detecting malicious intrusions in blind tests, serving as stepping stone to bring this technology into commercialization.
The broader/commercial impact of this project is the development of an innovative cyber security solution for ICS in critical infrastructure. PFP can prevent well-funded adversaries from compromising critical systems without being discovered. The PFP monitor can assess the integrity of core elements in ICSs for which there are no commercial solutions available. PFP can be applied to embedded platforms and can coexist with traditional cyber security solutions adding an extra layer of protection in a defense-in-depth approach. These characteristics make PFP a powerful tool for detecting sophisticated covert attacks to ICS, such as the recent Stuxnet worm. Traditional cyber security approaches, such as anti-virus and firewalls, are being adapted for ICS with very limited success. Thus, PFP addresses a growing need to secure ICSs in critical infrastructure and directly monitor their execution. PFP has dual application in the commercial and government markets, particularly for resource-constrained and embedded platforms. PFP has the potential to become a fundamental player in cyber-security by protecting the nation?s infrastructure and promoting further development of the economic base and employment.