SBIR Phase II: Dynamically Assessing Network Security Policy Compliance with NP-Live

Period of Performance: 09/11/2015 - 08/31/2017

$727K

Phase 2 SBIR

Recipient Firm

Network Perception, Inc.
60 Hazelwood Dr
Villa Grove, IL 61820
Firm POC, Principal Investigator

Abstract

The broader impact/commercial potential of this Small Business Innovation Research (SBIR) Phase II project results from it significantly strengthening the ability of network operators and security administrators to implement the correct set of rules to keep critical assets out of reach of cyber adversaries. The power grid has been said to be the most important engineering achievement of humankind. Modern civilisation depends on electricity at such an intrinsic level that we cannot imagine a world without it. In fact, disruptions of power infrastructures quickly lead to chaotic situations in which human lives are at risk. Now that power grid control centers are relying on IT infrastructures, it has become of the utmost importance to ensure the resiliency of systems and networks through methodical IT security protection, monitoring, and response. Through automated continuous verification technologies, this project has a direct impact on the capabilities of our nation to improve its resiliency. The benefit to the power industry, to computer science security, and for society at large is a technological advance to improve the security of our most important resources. This Small Business Innovation Research (SBIR) Phase II project plans to develop a constructive approach to providing cyber security. Cyber security tools are often driven by the necessity to respond to market demand without having the time and resources to develop the proper formalisms and algorithms to solve long-term issues. The innovation proposed here is uniquely positioned to change this paradigm thanks to having roots in both a fundamental academic background and an extensive collaboration with industry partners. Consequently, this project responds to critical customer needs while providing innovations in science, technology, and engineering of critical infrastructure security. The approach taken to compliance assessment has been evaluated in the field and provides a basis for new research leading to theoretically sound solutions to network security modeling, and further development of innovative and provably correct algorithms and tools for accurate and scalable cyber security assessment under real industry constraints.