SBIR/STTR Award attributes
Cyber threat hunting is defined in current standards as a proactive search capability in organizational systems to search, detect, track, identify, and disrupt advanced persistent cyber threats. While emerging control system architectures support cyber hygiene and rudimentary defense and response, well-tailored cyber-attacks remain elusive to current detection technology. The next generation of surface tactical platforms is heavily reliant on computer and network technology for combat systems and navigation functions leading to a growing concern of cyberattacks at sea. We propose a Combat System Cyberspace Operations Module (CSCOM) comprised of an integrated estimation process coupled with a sensor/source management process that has matured over a series of programs coupled with Elastic’s established and ever-evolving cyberspace capabilities. This integrated approach addresses the various functions which need to be integrated into a complete real-time analysis process. Leveraging and adapting the Data Fusion (DF) Level 0-3 functions of Silver Bullet’s Phase II SBIR Cyber Ontology and Data Fusion project at the Army Intelligence and Information Warfare Directorate (I2WD) will provide three functions: 1) make inferences from combat system (CS) cyber sensors and source data to possible threat objects and events, 2) develops linkages between them, and 3) assert predictions about those objects and events. The Resource Manager (RM) Level 4 DF function exploits an information-theoretic approach that optimizes data/information collection to disambiguate DF hypotheses utilizing data-pull. This process, called Information Based Cyber Sensor/Source Management (IBCSM), measures information by the expected decrease in uncertainty in the object or event hypotheses to maximize the expected information value rate (EIVR) through sensor cues and source requests. DF and RM algorithms are wrapped by Elastic’s cyber threat capabilities which are well-known at the enterprise-level and in many commercial spaces. In CSCOM, Elastic’s device interfaces and normalizations support MOSA through use of open cyber data standard such as Elastic Common Schema, Schema One, or Structured Threat Information Expression (STIX™) and could be adapted to Navy cyber schemas such as NAVWAR MBSE Cybersecurity Schema. As well, Elastic’s cyber displays and UI can be adapted to the CS displays using Navy MBSE and DevSecOps environments and tools for renowned cyberspace situation awareness of threats, ownforce condition, and planned or ongoing cyberspace operations and mitigations.
