b'Resilient Attack InterceptorDetecting nefarious control system exploitation by recognizing and responding for Intelligent Devices to distributed side channel anomalies ensures critical control system operations.I NL and the University of Idaho Resilient Attack Interceptor for Intelligent Devices developed external monitoring methods to protect operational technology and industrial Internet of Things devices by collecting and analyzing observable physical aspects that are produced naturally and involuntarily during the operational life cycle with anomalous functionality. More specifically, analog signalsPROJECT NUMBER:physical side channelsthat may be used for this purpose are electromagnetic 20A44-003 emissions, power consumption, thermal profile, or acoustic activity of a protected device and its components. The developed system relied on two side channelsTOTAL APPROVED AMOUNT:electromagnetic and thermal signals along with conventional network traces $660,000 over 3 years and the collected observationsfused using a novel approach that integrates PRINCIPAL INVESTIGATOR:scalable physics relationships with unsupervised anomaly detection methods. The Craig Rieger developed technology provided an analytical approach to recognize several different attack types that include denial of service, data injection, and others over a large CO-INVESTIGATORS: set of industrial Internet of Things device types. A primary design tenet was the Jacob Ulrich, INL decoupling of the proposed monitoring system from the protected system and its Robert Ivans, INL normal operation. The resulting patent pending technology provides an alert with Costas Kolias, University of Idaho physical or plant system context for disposition, allowing for human-in-the-loop COLLABORATOR: orchestration and potentially automated response, and is currently being marketed Cynalytica for commercialization. The solution developed under this research can detect the injection of a single instruction at the assembly level (bottom).92'