CANDID Helps Detection of Cyber Breaches in Vulnerable Systems
Charles River Analytics (CRA) has been funded by the US Army to develop a custom solution for detecting cyber anomalies in armoured vehicles – the Controller Area Network Defense in Depth (CANDID) system. CANDID can help analysts detect cyber security breaches in tanks that rely on vulnerable commercial protocols and electronic systems.
“Electronic control units are embedded computers that control nearly all essential functions of modern tanks; these units have little built-in security and rely heavily on insecure communication protocols,” explained CRA Senior Software Engineer and Principal Investigator on the CANDID effort, Dan Mitchell. “This lack of security makes cyber attacks on tanks extremely dangerous – impacts range from loss of confidential information to total loss of vehicle control. CANDID integrates easily into existing tank systems, where it can detect cyber threats and take defensive actions.”
CANDID detects cyber attacks by learning what normal system behaviour looks like and detecting anomalies during runtime. If CANDID identifies a cyber threat, it can drop or modify corrupt or malevolent system messages without affecting the tank’s ability to complete its mission.
CRA is building on a rich cyber security expertise and history of successful anomaly detection to develop CANDID. The related Detecting Anomalies in Application Memory Space (DAAMS) effort provides attack-detection capabilities specifically for memory space, another vulnerable area of military vehicle systems. The cross-disciplinary approach on CANDID fuses scientists and engineers from CRA’s Decision Management and Sensing, Perception and Applied Robotics divisions and also leverages the hardware capabilities of its Point Judith facility to develop the CANDID hardware device.