SBIR/STTR Award attributes
Digital Twins (DT) – computer simulations of electro-mechanical systems – have been employed for many years to monitor and predict the behavior of the physical systems they model. Since the introduction of malware such as Stuxnet, an urgent need has arisen to predict and prevent such operational technology (OT) systems from catastrophic critical infrastructure attacks before malicious cyber actors (MCA) access or disrupt the OT “mission systems.” More recently, within the FY22 National Defense Authorization Act (NDAA), the U.S. Congress directed DoD agencies to develop and deploy Mission Thread Analysis (MTA) technologies to OT to protect all such OT and infrastructure from MCA. MTA identifies mission-critical systems from a functional perspective and in the context of a threat environment. The NDAA directive is “to complete a mapping of mission-relevant terrain in cyberspace for Defense Critical Assets and Task Critical Assets at sufficient granularity to enable MTA and situational awareness, including identification of access vectors; network topologies; reliant weapon systems; and cybersecurity defenses across information and OT.” MTA is intended to provide resiliency to mission systems by making them capable of preventing or mitigating cyber attacks that cause damage to physical systems. The effective application of DT technology, along with Mission Thread Analysis, provides the protection of OT required by the NDAA clause. This approach also aligns with Defense Logistics Agency (DLA) SBIR topic DLA23-004, Digital Twin for cybersecurity of OT Systems. Accordingly, Sentar proposes a concept to bring Operational Resiliency (OR) to DLA and its defense industrial base contractors. OR protects against cyber attacks with impacts on the physical OT – cyber-physical attacks. Sentar proposes the concept for a Digital Twin for Operational Resiliency, or DTOR. The DTOR concept leverages and extends existing Sentar capabilities in MTA and high fidelity, physics-based Digital Twin simulations to intercept MCA attacks in the intrusion detection layer, mitigate cyber-physical attacks when possible, and prevent damage to the physical systems due to cyber attacks to ensure continuity of operations. The goal of the approach is for DLA to achieve zero damage to OT systems and minimal downtime to the OT.
