Cyber-attacks against high-value combat systems are a growing concern across the Department of Defense. Today, engineers at Star Lab are addressing the threat to America’s combat systems by productizing its third solution code named Warden. Warden complements our existing products, Crucible Embedded Hypervisor and Titanium Security Suite, by addressing a gap in security solutions for combat systems, namely the lack of solutions that provide early-warning of malicious, undocumented cyber activity targeting combat systems.
Warden provides early-warning using a heuristic-based anomaly detection approach. This is possible because combat systems typically have infrequent update cycles and low entropy. Also, because many combat systems have extremely high determinism requirements and are of a mission/safety-critical nature, Warden uses a multitude of minimally invasive sensor modalities such as application performance statistics and application control-flow statistics. Warden also includes machine learning algorithms and an artificial neural network to reduce or eliminate false positives. This is particularly important, as false alarms have been known to quickly erode operator trust.
Productization is focused on creating an easy to deploy, effective solution. We are continually evaluating Warden using the following metrics:
- detection quality
- detection latency
- application performance impact
- network latency impact and
- overall overhead.
Initial testing has been very positive; Warden successfully detected all seven instances of six attack classes (educated by MITRE’s Common Attack Pattern Enumeration and Classification (CAPEC) list) with an average detection latency of less than 250 μs. Also, there was no perceivable application impact observed while testing the performance degradation of an application being monitored. Initial transition plans are currently focused on integrating Warden with the Aegis Weapon System through a partnership with Lockheed Martin Rotary and Mission Systems (RMS). Contact Star Lab if you are interested in integration opportunities, pilots, or if you just want to learn more about this exciting technology.