Asset Publisher
Afloat Network Defense Cyber Operations

This research is intended to advance shipboard cyber incident response (IR) capability aboard CANES-enabled vessels by modeling such a capability using already established shipboard response systems (e.g. EOSS and CSOSS). The current state of shipboard cyber IR is limited, relying predominantly upon the Tier 2 CNDSP (NCDOC) for both detection and remediation services. CANES includes a SIEM (Security Information and Event Management) capability that is not being utilized to its maximum potential. We will advance shipboard cyber IR capability in three principal areas. 1) Improve the current CANES SIEM tool configuration so as to enhance its incident detection and investigation capabilities. 2) Drafting “if-then”, indicator-to-action, sequencing TTP that would aid in the containment and eradication of malicious logic artifacts. 3) Development of IR operator SIEM training to enable informed interaction with SIEM consoles dedicated to incident detection, investigation, reporting, and case tracking. For all three of these, the IR focus/priority is on any malicious actions/artifacts associated with each of the four cyber incident categories identified in CJCSM 6510.01B: root-level intrusion, user-level intrusion, denial of service, and malicious logic. Advances in these three areas will present a nascent CDOSS (Cyber Defense Operational Sequencing System) capability to CANES-enabled Naval vessels.
51 Naval Research Program
51 Naval Research Program
Navy
2017