Research Summaries

Back Afloat Network Defense Cyber Operations

Fiscal Year 2017
Division Research & Sponsored Programs
Department Naval Research Program
Investigator(s) Fulp, John D.
Singh, Gurminder
Sponsor NPS Naval Research Program (Navy)
Summary This research is intended to advance shipboard cyber incident response (IR) capability aboard CANES-enabled vessels by modeling such a capability using already established shipboard response systems (e.g. EOSS and CSOSS). The current state of shipboard cyber IR is limited, relying predominantly upon the Tier 2 CNDSP (NCDOC) for both detection and remediation services. CANES includes a SIEM (Security Information and Event Management) capability that is not being utilized to its maximum potential. We will advance shipboard cyber IR capability in three principal areas. 1) Improve the current CANES SIEM tool configuration so as to enhance its incident detection and investigation capabilities. 2) Drafting "if-then", indicator-to-action, sequencing TTP that would aid in the containment and eradication of malicious logic artifacts. 3) Development of IR operator SIEM training to enable informed interaction with SIEM consoles dedicated to incident detection, investigation, reporting, and case tracking. For all three of these, the IR focus/priority is on any malicious actions/artifacts associated with each of the four cyber incident categories identified in CJCSM 6510.01B: root-level intrusion, user-level intrusion, denial of service, and malicious logic. Advances in these three areas will present a nascent CDOSS (Cyber Defense Operational Sequencing System) capability to CANES-enabled Naval vessels.
Keywords
Publications Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal
Data Publications, theses (not shown) and data repositories will be added to the portal record when information is available in FAIRS and brought back to the portal