Thomas Heverin, PhD, CISSP, associate teaching professor, College of Computing & Informatics (CCI) at Drexel University, was named a co-inventor in a patent with the US Navy tiled “Cyber Vulnerability Assessment Tool Threat Heuristic.”
The patent encompasses the design of newly developed tools, known as the Cyber Vulnerability Assessment Tool (CVAST) and CVAST Threat Assessment Heuristic (THRASH), which help to assess how vulnerable Cyber Physical Systems (CPSs) are to cybersecurity risks. CPSs are systems that combine both digital and physical elements, like ship engineering systems, smart grids, manufacturing plants, and more.
To assess the cybersecurity risk of these systems, the tools use ontological models (i.e., a way to represent knowledge using concepts and their relationships) along with large-scale computational analysis. This analysis was previously a time-consuming task that could only be performed manually and at a smaller scale and depended on the specific experience of a cybersecurity analyst.
The inspiration and need for the invention came about while Heverin was working as a cybersecurity researcher supporting Naval Sea Systems Command (NAVSEA) located at the Navy Yard in Philadelphia. Heverin and his fellow team members discovered that analyzing risk across Navy ship systems consisted of a lot of time-intensive work, including manually searching technical manuals and documentation, network diagrams, system diagrams, spreadsheets, emails, databases and more. The team's invention helps create a central repository for information and helps to automate processes that contribute to analyzing system-wide cyber risks.
Heverin began work on this project after completing his PhD in information science at CCI. He currently teaches in CCI’s BS in Computing & Security Technology program, including courses in ethical hacking, computer forensics, network forensics, cloud security and cybersecurity. He also served in the Navy as a surface warfare officer.
In addition to earning an MS in library and information science from Syracuse University and a BS in meteorology from Penn State University, he holds a Certified Information Systems Security Professional (CISSP) certification. Heverin is a dedicated mentor to cybersecurity students, and he also volunteers in K-12 schools conducting hands-on workshops in cybersecurity.
View the full patent on the US Patent and Trademark Office’s website [PDF].