Throughout our modern world, most of the global population has evolved a heavy reliance on computing and networks for almost all essential components of our lives. Unfortunately the threats to the information we maintain on our systems and networks are ever growing and the risks to our personal lives, economic base, national security and critical infrastructure are increasing at an overwhelmingly rapid rate. Machines are being used to attack other machines and to harvest information and prevent valid access, all at machine-processing rates. Identification of these threat actors, their techniques and their presence in restricted cyber space locations can no longer be accomplished by human analyst exploring indicators at human-processing rates. The automated tools and techniques currently in place are disjointed, proprietary in many cases, they monitor for well-defined (known) events or triggers, and provide labor intensive information for review by the analyst. The technology proposed to address these problems is adaptive and predictive rather than solely responsive after a penetration, exfiltration or malicious event has occurred. This sophisticated capability addresses the many perilous gaps and seams in the cyber situational awareness information currently available to the analyst and provides comprehensive SA over systems and infrastructure.
Benefit: The results from the concept exploration and follow on development of the proposed system will have a significant impact on addressing the US Navys as well as the global cybersecurity and cyber SA problem. This capability will greatly improve accuracy and speed to response for the cyber analyst. The system will facilitate information sharing among stakeholders, trusted partners and allies. It will enhance our predictive capabilities and allow our nation to recognize indicators before the threat grows to achieve malicious intent. We recognize this is complex initiative and the reward for meeting the defined objectives are significant both from a global cyber SA as well as a small business success perspective.
Keywords: inference engine, inference engine, cyber threat, cybersecurity, advanced persistent threat, Cyber Situational Awareness, Machine Learning, Expert System, Information Sharing