The statements in this section merely provide background information related to the present disclosure and may not constitute prior art.
Cyber security is an area of increasing focus and importance for both governments as well as private industry. Hackers are becoming increasingly creative, and on occasion are believed to even be funded by governments and terrorist organizations. Annual losses from cyber attacks to business and governments are presently estimated to approach one trillion dollars. With increasing frequency, governments and private industries are being targeted for attack. Often, attacks may not be identified for months or even years after significant damage has been done to computers and/or other network or infrastructure equipment.
Present day cyber security tools like virus scanners and network traffic monitors are designed to run on the production network (sometimes referred to as a “main” network) of a facility. As such, they themselves are sometimes the object of cyber attacks. If an attacker compromises the network, or even a single component, whether that be an information technology (IT) device or an infrastructure device (e.g., air conditioning unit, power distribution unit, etc.), the potential arises for that compromised component to distribute the virus to other components that it is in contact with. As another example, consider a server that has been hacked. The sources of data used by antivirus software that are present on the server may also then be compromised. Alternatively, the virus scanner itself may have been hacked. In either case, from that point on the virus scanner software cannot be relied upon to give accurate data about attacks. Similarly, other commonly used network components such as routers can also be hacked. And once compromised, router based network monitoring (e.g., of IP addresses) cannot be fully relied upon to produce accurate data on potential cyber attacks.