TECHNOLOGY AREA(S): Information Systems

ACQUISITION PROGRAM: PMS 397, COLUMBIA SUBMARINE Class Program Office.

OBJECTIVE: Develop an innovative software prototype that can model and evaluate the resiliency of industrial control systems in conjunction with processes and operations to reduce the risk of unacceptable consequences while eliminating the costs of unnecessary cybersecurity capabilities.

DESCRIPTION: The Navy is seeking a resiliency modeling prototype that can efficiently model existing systems-of-systems including technology and processes in order to identify resiliency concerns where disruption of services or unacceptable consequences are possible. The modeling prototype should also provide an accepted means to measure resiliency across systems-of-systems and inform current risk management practices and policies such as DoDI 8500.01 (Cybersecurity) and DoDI 8510.01 (Risk Management Framework (RMF)) in order to reduce or eliminate low-value administrative churn. These improvements will reduce procurement and sustainment costs by eliminating cybersecurity technology initiatives that provide little to no value for industrial control systems. The prototype will support the best analysis of alternatives from technologies and processes in order to determine affordable solutions, with the greatest improvement in risk reduction and resiliency, in a timely manner (days versus months).

Resilience is the capacity of any entity�an individual, a community, or a system�to prepare for disruptions, to recover from shocks and stresses, and to then adapt and grow from that disruptive experience. For a system, resiliency is a factor, not only of the technology employed, but also of the procedures established for operations, and the proficiency of operators and maintainers. Today, some practitioners of cybersecurity attempt to keep out all threats and eliminate all vulnerabilities. In this manner, their efforts can be seen as trying to fix every weak link in the chain. Practitioners of resilience believe there will always be weak links, so systems must be developed with the best combination of people, process, and technology to respond to the shocks and stresses that will inevitably come. Resilience is analogous to multiple diverse chains operating in parallel, so that even if one weak link in a chain fails, the entire system will not. There currently is not any commercial technology available that provides the process and software necessary to model and measure systems-of-systems resiliency, in a timely manner (days versus months), so that programmatic decisions can be made regarding the security and resiliency of the systems-of-systems.

There is currently a need to develop a process to ensure that industrial control systems (ICSs) on defense platforms, in shipyards or in National critical infrastructure are sufficiently resilient to current and future cyber threats. Many of today�s cybersecurity risk management approaches work toward establishing ever greater defense-in-depth to secure each individual system from an unknown number of threats. Unfortunately, this current state of affairs offers no way to measure how much defense-in-depth is enough, does not address future threats, and fails to address the resiliency that can be gained from a systems-of-systems approach. Providing the ability to model and assess the resiliency of people, process, and technology across systems-of-systems will ensure that this approach is not only effective, but that the most affordable solution, be it via cybersecurity processes or technologies, will be identified.

In the past, ICS had little resemblance to traditional information technology (IT) systems in that ICSs were isolated systems running proprietary control protocols using specialized hardware and software. ICS components were located in physically secured areas and the components were not connected to IT systems. Over time, widely available Internet Protocol devices have replaced many ICS solutions, which have increased the risk of cybersecurity incidents. However, the security objectives of ICS still typically follow the priority of availability and integrity, followed by confidentiality. A significant amount of effort has recently been devoted to improving cybersecurity for IT systems; without careful consideration when applied to ICS, this same approach, which emphasizes protection of information confidentiality would result in a waste of resources, and not ensure that ICS safety and reliability concerns were properly addressed. For industrial control systems on naval platforms, in shipyards, and in critical infrastructure, what matters is that those cyber-physical systems, coupled with the people and processes that operate them, provide sufficient resilience to assure that key services can be relied upon, and that unacceptable consequences will be suitably constrained. This topic seeks a software prototype to provide a holistic approach that addresses risk and resilience across systems-of-systems and best prepares Navy platforms, shipyards, and critical infrastructure against future cyber threats.

PHASE I: Investigate approaches to develop an innovative concept for a proposed ICS resilience modeling prototype that meets the requirements described above. Identify how this technical solution can be utilized to improve the resilience of industrial control systems (ICSs) while reducing procurement and sustainment costs of unnecessary cybersecurity technical initiatives. Develop two notional examples to demonstrate the feasibility of the information that would need to be gathered as input to and the expected output from the modeling prototype. Develop a Phase II plan. The Phase I Option, if exercised, will include the initial design specifications and capabilities description to build a prototype solution in Phase II.

PHASE II: Develop the ICS resilience modeling prototype for evaluation that uses the innovations identified and developed in Phase I. The performer�s SOW will provide performance goals and key technical milestones, address technical risk reduction, and include estimates of development cost and schedule as well as the associated cost, schedule, and performance risks. Demonstrate and validate the prototype�s performance using representative ICSs either provided or approved by the Government after submittal by the awardee. Test the prototype in the laboratory to evaluate performance to Navy requirements. Consider Reliability, Maintainability, and Availability (RM&A) and implement as part of the SOW. Determine ICS resilience benchmarking metrics to be measured by the software prototype in Phase II. This software modeling prototype is intended only to be used by shore-based organizations, and thus will not require testing at sea. Refine the system and prepare a Phase III development plan and RM&A predictions to test and prepare the system for Navy use.

PHASE III DUAL USE APPLICATIONS: Provide an ICS resilience modeling system that can transition to the Navy. Engage in the testing, qualification, and certification to make the system available for Navy use for platforms and facilities with industrial control systems (e.g., ships, submarines, maintenance facilities, other critical infrastructure. Ensure that the resulting system will support the assessment of ICS resiliency across system-of-systems. Provide benchmarking metrics to identify areas of concern and aid in the analysis of alternatives to determine the most suitable and affordable cybersecurity solutions.

This technology has potential commercial transition to industrial control systems throughout National critical infrastructure. The product will aid in risk reduction and resiliency of industrial control systems, agnostic of military or commercial domains, since resiliency of industrial control systems is a cross-cutting, critical capability need.� Possible other uses for this technology include the water, electric and power industries.� Large industrial plants in the private sector can will also be able to take advantage of this technology.

REFERENCES:

1. Young, Bill and Leveson, Nancy. �Systems Thinking for Safety and Security. Association for Computing Machinery (ACM), Massachusetts Institute of Technology, Engineering Systems Division; Department of Aeronautics and Astronautics, December 2013. http://hdl.handle.net/1721.1/96965

2. Bochman, Andy. �Internet Insecurity.� Harvard Business Review, May 29, 2018. https://hbr.org/cover-story/2018/05/internet-insecurity

3. Geer Jr., Daniel E. �A Rubicon.� A Hoover Institution Essay, Aegis Series Paper No. 1801, May 29, 2018. https://www.hoover.org/sites/default/files/research/docs/geer_webreadypdfupdated2.pdf

4. Rothrock, Ray. �Digital Resilience: Is Your Company Ready for the Next Cyber Threat?� American Management Association, New York, 2018.

KEYWORDS: Industrial Control Systems; Resilience; Critical Infrastructure; Risk Management; System of Systems; Cybersecurity Defense-in-depth