N15A-T022 TITLE: Cyber Resiliency for Critical Cyber Physical Systems

TECHNOLOGY AREAS: Information Systems

OBJECTIVE: Develop general methods and technology for achieving resiliency against cyber-attack for cyber physical systems, while maintaining strict real-time requirements of the critical systems.

DESCRIPTION: Critical real-time cyber physical systems (control systems) are widely deployed within the Navy�s infrastructures and assets. The current trend toward interconnectedness exposes many of these previously isolated systems onto external cyber environments.

A critical real-time control system often employs redundancy for resiliency against (physical) failures, using fault tolerant techniques such as dual modular redundancy, byzantine fault tolerant systems or quad-redundancy-control-systems [1,2,3]. These fault tolerant systems were designed and proven to be effective toward physical and random failures, where the failure is expected to affect only one (or a small portion) of the controllers. Software related failures and cyber-attacks, however, affect all of the redundant controllers which share or may be exposed to the malicious or erroneous failure vectors. The existing fault tolerant systems are ineffective against these types of cyber vulnerabilities. New methods and technologies need to be developed for enhancing current fault tolerant systems to also be resilient against cyber-attack and other system failures.

Developing cyber resiliency techniques for real-time cyber physical systems addressed in this STTR requires consideration of real-time cyber physical systems� two important and system dependent aspects:
1. Critical real-time control systems, in general, require that outputs are generated periodically and calculated within allowed time (epoch).
2. Critical real-time control systems drive the behavior of mechanical/physical systems, which follow the law of physics and have inertia; hence, they can tolerate loss of a sequence of internal states and control signals (outputs) for a limited period of time.

The objective of this topic is to develop methods and techniques for achieving resiliency on critical real-time control systems against cyber-attacks and other system failures for each individual controller itself. A resilient cyber physical system will continue to operate faithfully with minimal and tolerable disruption due to cyber-attacks and failures. This STTR does not solicit techniques targeted toward communication or networking aspects of control systems.

PHASE I: Define and develop a concept for achieving resiliency against cyber-attack for cyber physical systems. Select a particular cyber-physical system, such as machinery control, vehicular control/automation, drone (excluding power grid related systems or biomedical implants/devices), analyze the system parameters and requirements, and develop cyber resiliency techniques suitable for the system.

PHASE II: Develop a fully functioning prototype of cyber resiliency techniques, and demonstrate its efficacy within the actual, analog or simulation environment for the selected cyber physical system of Phase I.

PHASE III: Upon successful completion of Phase II, the performer provides support in transitioning the technology for Navy use. The performer may be asked to develop a plan for integrating the product into the Navy�s embedded control systems for various ship-board naval applications.

PRIVATE SECTOR COMMERCIAL POTENTIAL/DUAL-USE APPLICATIONS: Resilient real-time control systems are widely used in the commercial sector. They play critical roles in aviation, the automotive industry, machineries, manufacturing pipelines, industrial complexes, power plants, etc. These previously isolated systems are currently exposed to cyber-environments. A successful product of this STTR will contribute to satisfying commercial demands for resilient cyber physical system.

REFERENCES:
1. National Instrument, (2008) "Redundant System Basic Concepts," http://www.ni.com/white-paper/6874/en/pdf

2. Castro, M.; Liskov, B. (2002). "Practical Byzantine Fault Tolerance and Proactive Recovery". ACM Transactions on Computer Systems (Association for Computing Machinery) 20 (4): 398�461.

3. General Electric, "A Revolutionary Approach: Quad Redundancy Control", http://www.automation.com/pdf_articles/ge/QuadPac_WP_gft761.pdf

KEYWORDS: Cyber physical systems, Cyber security, Resiliency, Fault tolerant, Control Systems, Critical control system

** TOPIC AUTHOR (TPOC) **

DoD Notice:   Between December 12, 2014 and January 14, 2015 you may talk directly with the Topic Authors (TPOC) to ask technical questions about the topics. For reasons of competitive fairness, direct communication between proposers and topic authors is not allowed starting January 15, 2015 , when DoD begins accepting proposals for this solicitation.

However, proposers may still submit written questions about solicitation topics through the DoD's SBIR/STTR Interactive Topic Information System (SITIS), in which the questioner and respondent remain anonymous and all questions and answers are posted electronically for general viewing until the solicitation closes. All proposers are advised to monitor SITIS (15.A Q&A) during the solicitation period for questions and answers, and other significant information, relevant to the STTR 15.A topic under which they are proposing.

If you have general questions about DoD STTR program, please contact the DoD SBIR/STTR Help Desk at (866) 724-7457 or webmail link.