U2opia licensed two technologies from the Department of Energy’s Oak Ridge National Laboratory that offer a new method for advanced cybersecurity monitoring in real time.
“Identifying and quickly responding to attempted cybersecurity attacks is an urgent need across government and industry,” said Susan Hubbard, deputy for science and technology at ORNL. “ORNL’s leadership in cyber resilience has led to the development of two powerful tools that will enable a more secure cyber environment.”
The licensing package pairs two technologies developed in ORNL’s Cyber Resilience and Intelligence Division: Situ, a system for identifying and visualizing suspicious behavior from real-time cybersecurity data, and Heartbeat, a system that collects and statistically analyzes power measurements directly from hardware to detect the telltale, unconcealable signatures of malware.
2opia, a woman-, minority- and disabled veteran-led company, is directed by Maurice Singleton III, CEO, and chaired by Joaneane Smith. Over the last 23 years, Smith’s information technology solutions company, GCS, based near New Orleans in Harvey, Louisiana, has successfully executed multiple assignments on behalf of the U.S. Navy, Army and Air Force; the Department of Agriculture; the Department of Homeland Security, or DHS; and NASA.
These assignments have earned the company multiple awards, including the USDA Office of Procurement and Property Management HUBZone — Historically Underutilized Business Zone — Contractor of the Year.
“ORNL will help us become one of the premier organizations in the country in cybersecurity,” Smith said. “Special thanks to the scientists at ORNL, as well as the Small Business Office at ORNL and DOE headquarters. They deserve special praise for being our champions.”
Situ, developed by a team led by John Goodall, is based on years of ORNL research and development in anomaly detection algorithms that are rooted in machine learning and probabilistic modeling. The system combines anomaly detection and data visualization to provide a distributed, scalable, streaming platform for discovering and explaining suspicious behavior to enhance situation awareness.
Situ helps network operators discover and understand events that would otherwise go undetected. It reduces huge volumes of network data to a manageable number of events to be examined. This powerful tool is currently used at ORNL to detect abnormal cyber events.
Heartbeat, developed by a team led by Stacy Prowell, detects cyberattacks by focusing on the physical behavior of the device being protected. The Heartbeat system collects power trace measurements directly from the hardware, is invisible to malware and is resilient to internet service interruption. This tool offers efficiency, scalability and flexibility by implementing a data collection process with low computational requirements, is fast, and uses mechanisms that are present in almost all modern computing systems.
ORNL’s technologies are integrated into U2opia’s anomaly detection system to deliver advanced security capabilities with an artificial intelligence-informed visualization tool. The software can be deployed quickly with no added hardware and limited human engagement.
The Situ development team includes Kelly Huffer, Joel Reed and Dave Richardson. The technology was supported by funding through ORNL’s Laboratory Directed Research and Development program, the Department of Defense, DOE and DHS. Heartbeat was supported through the lab’s Technology Innovation Program.