A Triple-Threat Against Cyberthreats

01 Dec 2017

The Department of Energy's Pacific Northwest National Laboratory has licensed three of its most unusual technologies for preventing cyberattacks to Cynash Inc., a startup company funded by IP Group, an intellectual property commercialization company. Cynash was formed specifically to bring these three cyber protection technologies to market to provide a powerful new approach to the detection and prevention of cyberattacks.

Cynash intends to integrate these technologies into a suite of products and services to enhance cybersecurity in private enterprise, the public sector and industrial control systems.

Two of the technologies, DigitalAnts and MLSTONES are inspired by nature and biology.

The third, SerialTap, addresses vulnerabilities inherent in remotely controlled physical systems common in infrastructure and manufacturing.

The Ants go marching

DigitalAnts, was inspired by the power of ants swarming to protect their colonies. In this case, the colonies are large scale networks or even connected devices such as phones and sensors and many others that make up the entire Internet-of-Things and can provide a foothold for cybercriminals. Distributed ant-like software agents wander across networks from device to device to detect suspicious behavior by watching types of information, such as network bandwidth or power consumption. Like their natural counterparts, DigitalAnts throw down markers much like pheromones to attract other ants to the location of concern. This concept of indirect coordination, known as stigmergy, allows rapid validation of an anomaly by several independent agents. Once an anomaly is confirmed, the DigitalAnts technology alerts users and other systems to take appropriate action.

A protein by another name

MLSTONES, which stands for Machine Learning String Tools for Operational and Network Security, was developed by researchers applying the power of high performance computing to vast amounts of biological data being captured to study protein similarity. They considered using this approach to cyber-related data such as software and specifically malware. This biological-based approach allows MLSTONES to recognize evolving, never seen before malware by detecting similarities in evolving malware —something that conventional malicious software detectors cannot do effectively. It also allows MLSTONES to classify malware into families based on behavioral similarity.

Tapping into the data

SerialTap was developed to bridge the gap between older serial based devices and modern networks in industrial control systems. An industrial control system sends and executes directions for remotely operating infrastructure such as valves, switches and sensors in distant field locations. They number in the millions and may be vulnerable to cyberthreats. When communications lines to these remote operations or serial devices are tied into the IT networks of industrial control systems, it may leave them open to bogus commands that could do serious damage. SerialTap taps into these older communications devices to translate information and mitigate threats. SerialTap is an inexpensive means of wrapping the data from the serial communications device in a form that can be used by modern assessment tools that don't 'speak the same language,' thus providing situational awareness to a company's engineering and security team.

PNNL | http://www.pnnl.gov