SBIR/STTR Award attributes
Cyber threat identification includes the ability to detect, track, and disrupt advanced persistent threats. While emerging avionics system architectures support limited cyber hygiene and rudimentary defense, well-tailored cyber-attacks remain elusive to current detection technology. Additionally, the inherent structure of avionics systems makes monitoring and detection difficult. To meet thenbsp;NASAnbsp;need, QED proposes the Cybernbsp;Overwatchnbsp;tool that provides a host-based threat detection capability for identifying and correlating attacks targeting aircraft avionics. Overwatch is based onnbsp;QEDrsquo;snbsp;history of developing and evaluating avionics malware for assessment and testing of aircraft and the positive results demonstrated during the Phase I effort.nbsp;Overwatch epitomizes the innovations expected of a NASA sponsored project. To date, there is very little focus on host-based intrusion detection capabilities for embedded device real-time operating systems.nbsp;The focus of this SBIR effort is novel in that the solution resides at the host-level and provides an ability to encompass end-point security for embedded systems, with flexibility to address the varying communications protocols. The solution also provides systematic reporting to enable in-depth analysis and event correlation.nbsp;Overwatch shall be tested and validated in a relevant environment to include multiple instances of real-world avionics systems against associated sample malware. We anticipate that by the end of Phase II, we shall demonstrate the ability ofnbsp;Overwatch to detect malware targeting aircraft avionics systems while adhering to the stringent requirements of operating in the aviation environment.
