The communications infrastructure for building automation systems was not originally designed to be resilient, and is susceptible to network attacks. Adversaries can exploit out-of-date legacy systems, insecure open protocols, exposure to the public internet, and outdated firmware to cause harm. To improve the defense strategies, significant efforts to provide defense through network detection have been conducted. However, the existing solutions require human intervention, such as analyst or an incident responder to investigate breaches and mitigate possible damages or data loss. Instead, this paper proposes an automated, device-level solution that can be deployed on a single board computer to effectively detect, and provide response strategies that deflect malicious signals and remediate infected devices when network-based cyber-attacks are successful. The solution monitors critical control networks, analyzes packet data, and actively detects and responds to attacks using an unsupervised artificial neural network.
The cybersecurity consortium, which was established by DOE/NNSA’s Minority Serving Institutions Partnerships Program (MSIPP), allows students from any of the partner schools (13 HBCUs, two national laboratories, and a public school district) to have all consortia options available to them, to create career paths and to open doors to DOE sites and facilities to student members of the consortium. As a part of this year consortium activities, Sandia National Laboratories and the University of Virgin Islands conducted a week long cyber workshop that consisted of three courses; Digital Forensics and Malware Analysis, Python Programming, and ThunderBird Cup. These courses are designed to enhance cyber defense skills and promote learning within STEM related fields.