Success Story

Sophia: Software Boosts Security by Passively Monitoring Networks

Sophia offers Industrial Control System (ICS) managers an effective computer network fingerprinting software tool that provides a visual representation of all connections and network traffic to and from an ICS. In the past, control systems running energy sector facilities didn’t require much security because they were isolated from the outside world.

Today, control systems that run critical infrastructure such as power grids often are connected to the Internet via company computer networks. The Sophia software develops a fingerprint for a given system, then operates passively in the background to observe communications across the entire ICS network.

Administrators charged with securing these systems must maintain situational awareness of dozens or hundreds of computer systems that are constantly talking to each other. Idaho National Laboratory's (INL) cyber experts have long worked with industry to assess their control systems networks to identify and help protect against vulnerabilities.

INL’s vulnerability assessment experience revealed the need for a tool to map communication pathways for control system’s static networks — systems whose communication patterns are fairly fixed. The Sophia software develops a fingerprint for a given system, then operates passively in the background to observe communications across the entire network.

If Sophia detects something out of the ordinary, it simply alerts the operator or network administrator, who can then investigate. The software lets the human operator evaluate new activity — it doesn't attempt to decide if the novelty is threatening. Sophia flags new devices or novel communication pathways that may not be noticed by operators. Developers named the software using the Greek word for wisdom because it provides new insights and visual patterns to help network administrators watching for cybersecurity threats.

Utilities participating in initial demonstrations called Sophia “a great asset” that “adds the characteristics of a full-time employee.” Funded by DOE-OE, the alpha and beta testing of Sophia was conducted with 44 industry, academic and government entities and seven government agencies took a direct license from INL. NexDefense, Inc. of San Mateo, CA licensed the technology during 2013.