Work is ongoing in identifying cyber threats, and vulnerabilities, and locating hacker penetration in electric utility and other OT networks. However, existing technologies including IDS, IPS, SIEM, and SOAR can’t predict the future movement of a cyber intrusion that has successfully breached the OT network. Under US Air Force and DOE contracts, GCAS and its subcontractors Lockheed Martin, Applied Control Solutions, Carnegie Mellon University, and Georgia Tech have developed a prototype modeling approach to forecast a cyberthreat’s future maneuvers in compromised OT networks – the Cyber Attack Forecasting Systems (CAFS). The approach is based on techniques used by the DoD for ballistic missile attack warning and assessment. The technology provides an additional capability to cyber defense by predicting the potential next move of the attack vector once inside an OT network. This is particularly important for ICS OT cyber security because so many attacks on those systems have originated in business networks and subsequently pivoted into the OT networks. This technology became critical as the DOE-sponsored literature search found the most recent and comprehensive work on cyberattack forecasting by Iranian researchers.
