Detecting CYber Attack
We live in a digitally connected world, and each connection creates new risks that impact system operations and national security. New generations of government and commercial Cyber Physical Systems (CPS) are constantly growing and connecting to expanding networks. This increased threat surface exposes the CPS to exponential vectors of cyber-attack.
Ball Aerospace’s Cyber Attack Alert (CyberA2™) is a software-based solution developed to that assess those critical CPS, including engines, avionics, electrical grids, ground-based systems and satellites communications. It confirms no evidence of malicious tampering, non-malicious human error or hardware degradation has occurred to prevent any disruption to operations.
We are all effected by critical CPS as we integrate them into the worlds of aerospace, automotive, ground-based systems and satellite communications public infrastructures, power grids, healthcare and consumer products. CyberA2™ provides an added layer of protection to mitigate attacks on multiple vectors, reduce threats and keep the CPS operational. Unlike conventional anti-virus software that only detects known threats in software components of a system, CyberA2™ detects any change, including Zero Day threats, to the system software and all other programmable components of the CPS.
What We're Doing
The development of CyberA2™ started in the Air Force Research Laboratory (AFRL), providing rapid, preflight and postflight verification of the system to confirm that no alteration or tampering has occurred. It uses a Trusted Verifier (controlled device e.g., Program Data Loader, CAPRE/iPad, Microsoft Surface Pro tablet) that connects to the system and compares the internal configuration and memory contents to Golden Data of the system.
CyberA2™ was developed with four key requirements in mind: quick integration, low-impact of recertification, no impact to the operational behavior of the system and minimal data exchange from Original Equipment Manufacturers (OEMs). Within these constraints, Ball Aerospace has developed a low-cost, efficient cyber risk reduction tool that meets the need of today’s modernization efforts.
Although CyberA2™ provides an industry leading initial phase of pre/post mission security, we recognize the dynamic state of operational connectivity. Ball Aerospace is actively defining a Dynamic CyberA2™ capability, which attests the system in real-time operation, alerting the user of any change.
The enhanced capability of Dynamic CyberA2™ will proactively detect malicious activity from untrusted sources. The alert of the malicious activity allows the system to take autonomous or user corrective action.