From security policies and tools to development processes and testing, multi-level cybersecurity protections identify cyber vulnerabilities and safeguard our most important resource—our data. Yet, security breaches are a continuing and disturbing occurrence for many organizations today.
Practices such as DevSecOps ensure that security concerns are continually addressed throughout the development and operational lifecycle of a system.
In development, measures such as secure static code analysis, secure coding standards, and security-hardened software (e.g., operating systems, databases, libraries) protect from some vulnerabilities. Other security vulnerability scanning tools such as anti-virus anti-malware scanning and penetration testing are used to identify and address security vulnerabilities. Often these tools are simply scanning, looking for something they know to be a cyber threat. As vulnerabilities are constantly changing, security tools are updated continuously to keep pace with new threats.
During system operations, multiple tools such as firewalls, access controls, encryption, VPNs, intrusion detection systems, and the like provide additional runtime protection. But is this enough?
Software applications can also provide a “last line of defense” during operations. Something Rite-Solutions recently developed, called CyberSensors, are embedded into applications to provide another layer of cyber protection. Instead of looking for known threats, the sensors continuously analyze an application looking for irregular behavior—something the application would recognize as a threat that the other cybersecurity measures would not.
The CyberSensors capture data, and decisions are made using a rules-based engine on whether a cyberattack is occurring. Different actions can be taken depending on the operating environment. If an operator is in the loop, recommendations can be displayed and acted upon by the operator. For some environments such as UxV, recommendations can be forwarded to command software to perform system actions automatically (e.g., log, restart system, shutdown processes, etc.) depending on the mission and severity of the attack.
Modifying application software is always a challenge because of additional development required and the impact on the existing codebase when adding or modifying new capabilities or features. In contrast, CyberSensor software is automatically generated using a no-code approach and injected seamlessly into applications using Aspect Orient Programming (AOP) techniques. Basically, this approach allows for the incorporation of new behaviors such as security or logging in an application without modifying existing code.
The CyberSensor concept, its performance, and the key technologies associated with implementing them were successfully validated in a Phase I Small Business Innovation Research (SBIR) program. As expected, our security testing demonstrated that several cyber vulnerabilities were detected at runtime. Another key finding was that incorporating CyberSensors using AOP methods had minimal impact on the performance of the software application that they were part of.
In the future, the solution will include a Machine Learning model to help CyberSensors better perform anomaly detection and identify new patterns associated with cyberattacks. Our approach isn’t limited to DoD/Navy tactical systems. It can be applied to other non-tactical environments, including commercial enterprise systems and federal business systems, to bolster their cybersecurity measures, too.
