Idaho National Laboratory partners with the Department of Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA) to defend against today’s threats and collaborates to build a more secure and resilient infrastructure for the future.
INL’s National and Homeland Security expertise and capabilities support CISA with research and development of technologies, tools, and training to stay ahead of evolving cyber and physical threats. This effort supports all 16 critical infrastructure sectors that are important to the functioning of our country and everyday lives, including communications, energy, transportation, and water.
One outcome of this collaboration is Malcolm, an open source powerful network traffic analysis tool suite. Although all of the open source tools which make up Malcolm are already available and in general use, Malcolm provides a framework of interconnectivity which makes it greater than the sum of its parts. And while there are many other network traffic analysis solutions out there, ranging from complete Linux distributions like Security Onion to licensed products like Splunk Enterprise Security, the creators of Malcolm feel its easy deployment and robust combination of tools fill a void in the network security space that will make network traffic analysis accessible to many in both the public and private sectors as well as individual enthusiasts.
Malcolm provides an easily deployable suite of tools for full packet capture artifacts (PCAP files) and Zeek logs. While Internet access is required to build it, it is not required at runtime.
Video Presentations
Custom IT architecture design and software development for infrastructure applications serves to solve complex challenges in critical infrastructure protection. These innovative applications are developed using modeling and simulation, information system analytics, and host data. Subject matter experts administer these certified applications and safely handle protected critical infrastructure information, sensitive regulatory, and proprietary data.
The Cybersecurity and Infrastructure Security Agency (CISA) works with partners to defend against today’s threats and collaborates to build more secure and resilient infrastructure for the future. Our partners in this mission span the public and private sectors. Programs and services we provide are driven by our comprehensive understanding of the risk environment and the corresponding needs identified by our stakeholders. We seek to help organizations better manage risk and increase resilience using all available resources, whether provided by the Federal Government, commercial vendors, or their own capabilities. >> Read more on Malcolm
Idaho National Laboratory is a world leader in providing industrial control system (ICS) cybersecurity research and development. The laboratory’s distinctive history in protecting critical infrastructure systems puts the lab at the forefront of thought leadership and applied innovation in critical infrastructure cybersecurity testing. INL uses a comprehensive approach to developing ICS cybersecurity research to meet the energy sector’s needs identified by the DOE, utilities, and other organizations. >> Read more on INL National Security