CANDID

Controller Area Network Defense in Depth (CANDID)

CANDID uses advanced anomaly detection techniques to help detect, mitigate, and prevent cybersecurity breaches in military ground vehicles that rely on vulnerable commercial protocols and electronic systems.

CANDID detects cyberattacks by learning what normal system behavior looks like and detecting anomalies during runtime. If CANDID identifies a cyber threat, it can drop or modify corrupt or malevolent system messages without affecting the tank’s ability to complete its mission.

CANDID helps analysts detect cyber security breaches in tanks
CANDID helps analysts detect cybersecurity breaches in tanks (Image source: Department of Defense)

“Electronic control units are embedded computers that control nearly all essential functions of modern tanks; these units have little built-in security and rely heavily on insecure communication protocols. This lack of security makes cyberattacks on tanks extremely dangerous—impacts range from loss of confidential information to total loss of vehicle control. CANDID integrates easily into existing tank systems, where it can detect cyber threats and take defensive actions.”

Dan Mitchell,
Senior Software Engineer at Charles River Analytics and Principal Investigator on the CANDID effort
Dan Mitchell,
Senior Software Engineer at Charles River Analytics and Principal Investigator on the CANDID effort

We are building on our rich cybersecurity expertise and history of successful anomaly detection to develop CANDID. Our related DAAMS effort provides attack-detection capabilities specifically for memory space, another vulnerable area of military vehicle systems. Our cross-disciplinary approach on CANDID fuses scientists and engineers from both our Decision Management and Sensing, Perception, and Applied Robotics Divisions. We are also leveraging our Point Judith facility’s hardware capabilities to develop the CANDID hardware device.

Beyond the government, CANDID offers broad benefits to the commercial vehicle space—most cars and other vehicles rely on controller area networks for communication the same way tanks do. As vehicles become more interconnected, they are more vulnerable to cyberattacks—since 2012, the number of attacks on vehicles has greatly increased. CANDID offers an effective, cost-efficient solution to the emerging market of controller area network security.

CANDID
An adversary sends malicious data to attack a military ground vehicle’s controller area network. CANDID’s anomaly detection algorithms monitor and protect controller units, blocking cyberattacks. Without CANDID, electronic controller units (ECUs) are subject to these cyberattacks, compromising the military ground vehicle.

Contact us to learn more about CANDID and our other anomaly detection capabilities.

 


 

This material is based upon work supported by the Army Contracting Command under Contract No. W56HZV-20-C-0092. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Army Contracting Command.

Our passion for science and engineering drives us to find impactful, actionable solutions.