The objective of the Zero Trust assessment for Department of Defense (DoD) microgrids is to utilize Malcolm, a powerful network traffic analysis tool suite, to conduct a comprehensive evaluation of a microgrid's adherence to Zero Trust architecture principles. This engagement focuses on the Device, Networks and Environments, and Visibility & Analytics pillars of the DoD Zero Trust strategy.

• Device: Device inventory, detection of remote access.
• Networks and Environments: Data flow mapping, macro and micro-segmentation.
• Visibility & Analytics: Logging traffic, common security and risk analytics.

Malcolm is a robust network traffic analysis tool suite designed to evaluate network architecture and detect anomalous communications. The assessment using Malcolm encompasses several key components:

• Architecture Design Review: Leveraging Malcolm to meticulously evaluate the network architecture design and its connectivity with internal and external systems.
• Network Traffic Analysis: Malcolm supports offline packet capture analysis by ingesting a network capture or near real-time online analysis via a network tap or span port. The Malcolm suite enables multi-pronged analysis for traditional adversary detection and monitoring Industrial Control Systems protocols, allowing detection of malicious misuse of control systems.

There are currently no specific visualizations in Malcolm tailored to DoD Zero Trust guidelines to facilitate understanding and adherence to these standards nor any specific Microgrid visualizations. By adding these enhancements to Malcolm, it will allow near real time visualization of system network and devices, enabling system owners and cyber experts the ability to identify abnormal system behavior.

Recognizing the gap in standard cybersecurity tools for DoD Zero Trust and microgrid analysis, this assessment utilizes a proven methodology and Malcolm's robust visualization to ensure an installation's microgrid’s ports, protocols, and services conform to expected configurations and to detect Zero Trust-impacting misconfigurations. It also provides an opportunity to use Malcolm for continuous monitoring, enhancing the installation's security posture. Malcolm's open-source nature offers a cost-effective solution, requiring only readily available hardware like a high-end laptop (under $5,000) or an existing ESXI server. (Anticipated Project Completion - 2028)