NORAD-USNORTHCOM is the sponsoring defense agency for a $1.7M award through the Department of Defense Rapid Innovation Fund Program for an industrial control cyber security system to Imprimis, Inc. and root9B, a root9B Technologies Company, the companies announced March 2.
Imprimis, Inc. (i2) has partnered with root9B to develop an advanced network Intrusion Detection System (IDS) designed to optimize Industrial Control System (ICS) network defense with a focus on automated analysis, detection, and response to national-level threats. The system is composed of both root9B’s IDS capabilities which will be modified to achieve advanced baselining and packet inspection and Imprimis’ Cyber Threat Activity Matrix (CTAM) database. The CTAM is a database designed to provide tailored threat intelligence information.
The system is designed for broad use throughout the Department of Defense, Department of Homeland Security, Department of Energy, as well as the commercial sector for use in energy and utilities, oil and gas, and many others. The IDS will provide network intrusion detection utilizing advanced packet analysis to baseline ICS network traffic and immediately identify anomalies. The system will provide real-time response to anomalies on ICS that represent cyber threats. The objective of this project is to develop a tool that applies an innovative methodology to map ICS-specific threats and their tactics, techniques and procedures (TTP) to observable network behavior and design.
Michael Semmens, Imprimis’ President stated, “The CTAM IDS will advance cyber protection by combining baselining, smart packet inspection, real-time intelligence, and network behavioral monitoring into a single state-of-the-art system, yielding a new and strong cyber defense capability to better protect critical infrastructure.”
“The goal of this project is to provide immediate identification of both anticipated and unique threats,” said root9B’s Chief Executive Officer Eric Hipkins. “root9B will develop a network analysis platform unique in its ability to monitor traffic and identify threats based on advanced algorithms and smart packet inspection.”
Source: Imprimis, Inc. and root9B