In This Story
When a manufacturing machine is cutting, drilling, or shaping metal, it is following a precise set of digital instructions, with every motor turn intentional. But what happens when there’s a subtle change along the way?
That is the problem Matt Jablonski is working to solve. Jablonski, an assistant professor in the George Mason University's Department of Cyber Security Engineering, received $50k from Virginia’s Commonwealth Cyber Initiative (CCI) through its Industry Faculty Collaboration Acceleration Program. He is teaming up with Northern Virginia-based startup SARC Solutions, which is developing a product called Beholder based on technology licensed from Oak Ridge National Laboratory.
The project focuses on protecting cyber physical systems, complex machines that blend software, electronics, and physical components. These systems power everything from manufacturing equipment to critical infrastructure. Securing them is challenging because traditional cybersecurity tools can interfere with real-time operations.
“If you add too much security overhead to a control system, you risk disrupting the very thing you are trying to protect,” said Jablonski, who has a master's and a PhD degrees from George Mason.
Instead of monitoring a machine directly with heavy security software, Jablonski is taking a lighter approach, collecting indirect measurements, including electrical power traces from motor drives and select operating system statistics, to observe how a machine behaves during operation. These indirect signals, often called side channels, can reveal patterns about what the system is doing without interfering with it.
The concept builds on Jablonski’s previous research in cyber physical system safety and security. It also connects directly to a course he teaches on practical side-channel attacks and defenses. Historically, side-channel analysis has been used by attackers to extract secrets by studying metadata such as timing, temperature, or power usage. Jablonski is applying those same ideas defensively.
In this project, the focus is a large manufacturing machine that follows digital instructions known as G-code. A 3D computer-aided design is translated into G-code, which tells the machine exactly how to move and cut. The team’s goal is to align those instructions with the physical signals coming from the machine’s motors and systems.
By mapping the expected digital commands to the observed physical behavior, the team is developing artificial intelligence models that learn what “normal” looks like and can flag when the system drifts from that state. Rather than generic anomaly detection, the models aim to identify subtle signs that the machine is not operating as intended.
“We are looking for indications that the system is not performing in a normative sense,” Jablonski said.
The grant will help support doctoral student Sanjay Kumar Samala, who begins his PhD in the fall. Together, they are building out the testbed and developing early models, with a demonstration targeted for this summer.
The partnership with SARC reflects the broader CCI mission of accelerating collaboration between academia and industry. By pairing faculty expertise with emerging companies, the program aims to move ideas more quickly from lab to application.
“This award is exactly what Virginia does well: pair applied academic expertise with a startup that can transition research into a deployable capability,” said Joseph Carter, strategy, execution and adaptation at SARC Solutions. “Our goal with George Mason is to turn Beholder into a pilot-ready, ‘signals-to-decisions’ monitoring layer that helps manufacturers detect subtle manipulation before it impacts quality, safety, or uptime.”
For Jablonski, whose interest in security deepened during his freshman year of college in the wake of 9/11, the project fits squarely within a decade of work focused on making cyber physical systems safer. “We live in interesting times,” he said. “As systems become more connected and more intelligent, safety has to remain a priority.”