Press Release
Johns Hopkins APL’s Out-of-Band Communications Technology Receives Boost From Department of Homeland Security
A novel communications technology developed at the Johns Hopkins Applied Physics Laboratory (APL) geared toward providing secure access to networks facing outages or under cyberattack has earned funding from a federal program intended to foster innovation and accelerate commercialization.
APL is one of seven federal laboratories chosen to receive funding from the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) in the latest round of its Commercialization Accelerator Program (CAP), which identifies groundbreaking technologies that demonstrate great potential for commercialization. Other CAP awardees in this cycle included laboratories at the Departments of Energy, Defense and Commerce.
APL’s technology is the Out-of-Band over Existing Communication (OBEC), which allows a new, physically isolated out-of-band (OOB) network to be created on an existing Ethernet infrastructure, without additional networking equipment or wireless connections.
OOB communications take place outside the normal systems, allowing users to communicate securely and privately, even on a compromised network. Two common types of OOB include restricted-access text, voice or video messaging services secured with end-to-end encryption and unofficial company email accounts with multifactor authentication.
“Industrial control system network connectivity is critical to the operation and management of facilities and their processes,” explained Alexander Beall, an electrical engineer at APL and project manager in the Asymmetric Operations Sector’s Cyber Operations Mission Area. “Cyberattacks against the network itself can have widespread and severe consequences, endangering the safety of operators, halting critical operations and resulting in costly downtime.”
According to Beall and OBEC co-inventor Joseph Maurio, OOB communication allows for network resiliency, situational awareness and secure management of networked devices by creating alternate communication paths to manage network infrastructure devices. These alternate paths isolate nonessential traffic from operational traffic, preventing hackers from harming network operations or compromising network infrastructure.
However, traditional physically isolated OOB networking is expensive, requiring duplicative infrastructure or costly wireless devices, Beall explained.
“Logical or cryptographically separated OOB networks provide another solution, but they don’t have the same security benefits because they rely on the same networking equipment as the existing networks, which could become compromised,” Beall explained. “And legacy systems, particularly legacy control systems, often have limited space for wired network expansion — adding wireless networking capability is not always possible, making it difficult or impossible to install an OOB network.”
Piggybacking on Existing Network Infrastructure
APL researchers developed OBEC, a “bump-in-the-wire” passive technology that allows a new, physically isolated OOB network to be created on an existing Ethernet infrastructure, without additional networking equipment or wireless connections. Bump-in-the-wire is a class of communications devices that can be inserted into existing systems to enhance the integrity, confidentiality or reliability of communications across an existing logical link without altering the communications endpoints.
Installed at all networking equipment endpoints, the OBEC modules couple the OOB networking signals to the existing network cables in an electrically isolated manner, preventing signal interference or detection. OBEC features a completely passive design that does not introduce latency or interference and can be implemented as a backfitted or forward-fitted solution, Beall explained. Small, discrete OBEC modules can be installed at network endpoints and stacked at networking equipment.
This technology can also be incorporated within the enclosures of new network equipment, further reducing the space and equipment needed to add OBEC to a network. OBEC supports zero-trust network architectures, provides flexible protocol support and can be integrated with most wired Ethernet infrastructure.
A Variety of Applications
APL Technology Manager Ivy Rivlin said OBEC is an enabling technology that can meet a variety of needs.
“Facilities can add sensors at endpoints and use the OOB to centralize monitoring without impacting the primary network. It can be leveraged to perform all management, monitoring and maintenance of networked equipment on the OOB network. Operators can also use the OOB network as a fallback network in the event the primary network is compromised,” said Rivlin.
Numerous critical infrastructure sectors could benefit from this technology, including critical manufacturing, the defense industrial base, the energy sector, the information technology sector and the transportation sector. Water treatment plant operators are already leveraging OBEC as part of a suite of cost-effective cyber defense technologies.
“The Commercialization Accelerator Program bridges the gap between research and the marketplace, accelerating the use and expanding the availability of federally funded technologies,” said Dimitri Kusnezov, DHS Under Secretary for Science and Technology, in a release announcing the selections. “We are proud to leverage innovative research from labs across the federal government to support the DHS mission in addressing critical homeland security challenges.”