
Advancing cutting-edge solutions to national security challenges
The Cyber Sensing and Analytics group focuses on threat analysis, operational technology cybersecurity, and advanced detection of adversarial activity. We confront real-world cybersecurity problems by exploring innovative technologies and methodologies that push the boundaries of current science and engineering.
Our mission is to develop scalable, practical, and high-impact solutions for both U.S. government and industry partners. Specializing in novel techniques to detect and defend critical infrastructure, our interdisciplinary team brings together deep expertise in signal processing, cybersecurity, data science, computer science, and power systems engineering.
We stand at the forefront of addressing today’s most urgent cybersecurity threats—driving innovation that strengthens national resilience and secures the infrastructure our society depends on.
Solving complex technical challenges
We are a mission-driven team tackling some of the nation’s hardest security challenges—where creative research, relentless curiosity, and hands-on technical work converge to develop novel techniques that protect the critical infrastructure our country depends on.
Our researchers conduct network and endpoint security, threat hunting and intelligence analysis, malware analysis and behavioral detection, cyber incident response and forensics, data science, artificial intelligence, and power system engineering. To do this, our team has skills in computer science, cybersecurity, information assurance, digital forensics, security engineering, and electrical engineering. Explore open positions on a team that doesn't just theorizing solutions—we build them, break them, and reimagine what’s possible in the face of rapidly evolving threats.
Projects

Improving operational monitoring for critical infrastructure with the ORNL Testable Access Control Kit (OTACK)
• Power grids (SCADA/ICS systems)
• Water treatment facilities
• Transportation networks (airports, rail systems)
• Communications (5G, satellite networks)
Use of monitoring systems such as OTACK can provide:
• Early warning for cyberattacks or physical sabotage (e.g., ransomware targeting utilities or malware in smart grids).
• Detection of insider threats or unauthorized access attempts to high-security systems.
• Tracking foreign or state-sponsored intrusion campaigns that aim to disrupt infrastructure during geopolitical tensions

Using LLMs to Pentest Critical Infrastructure to Ensure Security with UnCLE, the Un(conventional) C(yber) L(lMs) E(xecutor)
• Assisting in proactive identification of supply chain vulnerabilities or exploitable legacy systems.
• Supports cyber ranges or red-blue team exercises within government and defense agencies.
Contact
