Forensic Integrated Security Toolkit

Period of Performance: 06/15/2016 - 12/12/2016


Phase 1 STTR

Recipient Firm

Mission Secure, Inc.
341 Glenwood Station Lane Array
Charlottesville, VA 22901
Firm POC
Principal Investigator

Research Institution

University of Virginia
351 McCormick Rd ECE Dept., Thornton Hall
Charlottesville, VA 22904
Institution POC


Cyber security forensic functions depend on highly structured conformance to log formats for generation and transmission capabilities including identity, network time stamps and event message formats. Without this structure there is no effective way to reconstruct the time sequencing patterns that reveal the presence of unauthorized actions and actors inside of a network. Limitations in the capacity of embedded process control networks onboard U.S. Navy ships hamper the ability to apply the forensic functions. The operational impact is heightened by the evolving move to information-led combat missions with a greater dependency on the resiliency of cyber physical systems on the hull mechanical and engineering (HM&E) systems. Mission Secure Inc. proposes research and development for augmenting an existing platform to serve as a small footprint overlay security network enabling forensics. This Sentinel security network can also provide the information needed for real-time incident management. It would capture logs of relevant events at various points in the network hierarchy starting at the analog signaling from the sensors to detect unauthorized variances in operational parameters. The proposed solution makes possible a true defense in depth security architecture for current (deployed and soon to be deployed) systems and a means to evolve future systems.