DoD Facility-Related Control Systems
By Michael Chipley
A number of DoD control system cybersecurity projects and programs underway are dramatically altering the way control systems are planned, designed, operated and monitored for DoD, other federal agencies and the private sector.
First is the More Situational Awareness for Industrial Control Systems (MOSAICS) Joint Capability Technology Demonstration (JCTD) effort to develop and demonstrate an operational capability for enhanced situational awareness and defense of industrial control systems associated with task critical assets from non-kinetic attacks.
Advanced sensing and intrusion protection capability operating within ICS networks, augmented by security orchestration to enable cyber defenders and facilities engineers to semi-autonomously identify, respond to, and recover from asymmetric attacks on critical infrastructure in mission-relevant time. MOSAICS will also produce reference architectures and facilities guides through which the lessons learned can transition to the DOD, federal agencies, and industry.
Next is the Control System Approved Products List with an objective to dramatically reduce the cost of acquiring and securing control systems across DoD and beyond by eliminating redundancy via centralized test and assessment. The APL is modeled after the DISA IT APL, but addresses the unique characteristics of Operational Technologies. The APL effort is closely aligned with the National Control Systems Cyber Range where vendors can have their technologies tested. Calls for APL vendors are planned for April 2019.
Lastly, the Environmental Security and Technologies Certification Program has over 20 cyber R&D efforts underway to evaluate cloud, mobile, microgrids, fuel cells, battery storage, machine learning and artificial intelligence with an emphasis on energy and water projects. The ESTCP cybersecurity website has become a resource for any organization to use the guidance, templates and checklists.