There are many Critical National Infrastructures within the UK, and each one of these has a duty to understand both if their networks and systems are operating normally, but also whether they are safe and secure. For this latter requirement the network operators must firstly be able to understand the makeup and configuration of their network which will allow them to deploy appropriate safeguards, and understand where security weaknesses may reside - which can change over time both as new vulnerabilities are identified, but also as new devices and connections to sub-networks are added to the network.
The project, “Industrial Gargoyle” (IG), seeks to answer the questions “What is on my network? How are they connected?” within a generalised industrial network, with a stretch target of answering “What does my threat posture look like?”. As envisaged, IG is a collaborative and distributed set of sensors and agents capable of gathering data about a network, and collaborating both together and with human(s) in the loop to answer these questions in a short amount of time.

We have ideated a “Industrial Gargoyle” (IG) as a platform for understanding computer networks, their contents and interactions, and that is capable of identifying changes over time. IG is capable of accomplishing this through a number of mechanisms both active and passive.
Our solution is a combination of software, hardware, and cloud based systems which combine to provide the overall IG platform. Currently the platform is designed to be installed within the network environment that it is monitoring; however, the solution has been built in a modular fashion that allows for multiple modes of operation.
Custom software probes, which can be installed onto existing hardware, or our own hardware to perform different types of scanning. Our hardware units support a range of connectivity including Ethernet, WiFi, LoRaWAN, etc. The software is capable of understanding the surrounding network environment, and combining with other sensors to provide a complete picture of the network. Additionally, the software is capable of interfacing with existing gateways on the network to gain their understanding of the network to provide a richer picture. This information is made available to an appropriate operator via a cloud platform where the contents, structure, and interactions are depicted. The operator is able to interact with this information to correct any issues, or enrich the information further.
Whilst very much in its infancy, an AI agent is being explored which the human operator can interact with to further understand their network via natural language input. Allowing for questions and clarifications to be made.
The cloud system is also capable of interacting with threat information to allow for an understanding of weak points in the network that might be more sensitive or require hardening.
Plans for extending this to include generation of security documentation such as STRIDE outputs are also being explored.