SERDP & ESTCP Webinar Series: Securing DoD Control Systems and Infrastructure from Cyber Threats
This webinar will present results from two ESTCP-funded projects on securing DoD control systems and infrastructure from cyber threats. This includes the development of a new baseline automated security enumeration and configuration tool to rapidly identify vulnerable and misconfigured building automation systems associated with DoD building and energy infrastructure, and the use of low-cost data diodes for facility equipment monitoring to meet the needs of critical infrastructure managers across DoD by quickly enabling secure access to equipment data.
________________________________
Webinar #115 (07/09/2020)
Securing DoD Control Systems and Infrastructure from Cyber Threats
Dr. Jonathan Butts and Mr. Billy Rios, QED Secure Solutions
Mr. Colin Dunn, Fend Incorporated
July 9, 2020
12:00 PM ET (9:00 AM PT)
Abstracts
“Securing Military Installation Critical Infrastructure Against Cyber Attacks: The Baseline Automated Security Enumeration and Configuration Tool” by Dr. Jonathan Butts and Mr. Billy Rios, QED Secure Solutions ( ESTCP Project Webpage)
This ESTCP project supports Department of Defense (DoD) efforts to evaluate system configurations and cybersecurity vulnerabilities in building automation systems supporting Risk Management Framework requirements. The primary challenges facing the DoD include costs associated with onsite assessments, testing/reporting takes weeks, evaluations are manual and do not readily scale to multiple sites, and evaluation results are not always consistent because the process is manual. Our research examines the Baseline Automated Security Enumeration and Configuration (BASEC) tool designed to protect DoD organizations by providing a scalable means to identify, baseline, and certify the cyber security configuration for building automation systems. Through this effort, BASEC capabilities have demonstrated the ability to rapidly identify vulnerable and misconfigured building automation systems associated with DoD building and energy infrastructure. In addition, BASEC capability has demonstrated the ability to establish and enforce cyber security standards for military installation building automation systems at a significant cost reduction over current manual practices. Service components have been able to leverage BASEC capabilities to meet Congressionally mandated requirements for evaluating critical infrastructure security postures on military installations. This presentation will discuss the findings from military installation field trials and detail the trends discovered in misconfigurations of deployed building automation systems.
“Physical Cybersecurity: Low-Cost Data Diodes for DoD Facility Equipment Monitoring” by Mr. Colin Dunn ( ESTCP Project Webpage)
Managers of critical infrastructure benefit from the situational awareness provided by remote monitoring. This information leads to improved equipment performance and reduced unplanned downtime. However, recent attacks on U.S. and international power grids and building systems highlight the need for improved security on the industrial internet of things. Relatively few manufacturers provide the majority of control systems, exacerbating the impact of distributed cyberattacks. Legacy systems often run outdated, unsupported operating systems and will never receive security patches. Firewalls and software-based security are vulnerable to compromise by hackers.
Data diodes are security appliances that enable a physically-enforced, one-way information stream about the state of this equipment. These devices physically isolating the equipment from lower-security networks. Data diodes are used today to protect the most critical of assets but at an expense often exceeding $100,000 per connection.
Fend’s hardware is a low-cost device that provides the one-way data transfers of data diodes while removing the need for extensive on-site configuration. On-board processors enable Fend’s hardware to communicate with protected equipment and transmit this information to an on-site network or cloud service. Fend’s diode would serve the unmet needs of critical infrastructure managers across DoD by quickly enabling secure access to equipment data. This presentation will present the results of an ESTCP-funded project designed to demonstrate the hardware’s interoperability with various equipment types, ease of installation and cost performance.
Speaker Biographies

Dr. Jonathan Butts is a retired Air Force officer and co-founder of QED Secure Solutions. Jonathan is the Committee Chair for the International Federation for Information Processing (IFIP) Working Group on Critical Infrastructure Protection and has served as a representative to the Institute for Information Infrastructure Protection, advisor to the Cyber Security Education Consortium, member of the Department of Homeland Security research and development joint working group, and technical director for cyber security efforts supporting Presidential-directed projects. Dr. Butts has performed research with the Department of Defense, Department of Homeland Security, National Security Agency, Central Intelligence Agency and U.S. Secret Service and is a published author on various topics including critical infrastructure protection, malware analysis, protocol verification and operationalizing military actions in cyberspace. He earned a bachelor’s degree in computer science from Chapman University, a master’s degree in information assurance from the Air Force Institute of Technology, and a doctoral degree in computer science from University of Tulsa.
Mr. Billy Rios is the co-founder of QED Secure Solutions. He is recognized as one of the world’s most respected experts on emerging threats

related to Industrial Control Systems (ICS), critical infrastructure, and, medical devices. He discovered thousands of security vulnerabilities in hardware and software supporting ICS and critical infrastructure. He has been publicly credited by the Department of Homeland Security (DHS) numerous times for his support to the DHS ICS Cyber Emergency Response Team (ICS-CERT). Mr. Rios has worked at Google where he led the front-line response for externally reported security issues and incidents. Prior to Google, he served as the security program manager at Internet Explorer (Microsoft) where he led the company’s response to several high-profile incidents. Mr. Rios earned a bachelor’s degree in business administration from University of Washington, a master’s degree in information systems from Hawaii Pacific University, and an MBA from Texas A&M.

Mr. Colin Dunn is the CEO and founder of Fend Incorporated in Arlington, Virginia. He started Fend because he saw great advances in sustainable infrastructure threatened by hackers who seek to render new technologies useless and put our modern livelihood at risk. Prior to his role at Fend, Mr. Dunn worked as a design engineer, manager, and consultant for 15 years, helping teams bring products to market and improve the resilience of our built environment. He is a Professional Engineer, LEED Accredited Professional, and Certified Energy Manager. Mr. Dunn earned a bachelor of science degree in mechanical engineering from the University of Virginia and an MBA from Penn State.
Past Webinars
- Installation Energy and Water (17)
- 07/09/2020 - Securing DoD Control Systems and Infrastructure from Cyber Threats
- 02/06/2020 - Battery Storage Resiliency Results from Installation Microgrid Simulations and Opportunities for Field Demonstration
- 01/14/2020 - Improving Energy Efficiency through Advanced Building Controls
- 08/08/2019 - Building Energy and Water Efficiency Solutions
- 02/21/2019 - Utilization of Advanced Conservation Voltage Reduction for Energy Reduction on DoD Installations
- 07/12/2018 - Innovative Low-Cost Building Automation Sensors and Controls
- 03/22/2018 - Cloud Computing Services for DoD - We Are Going to The Cloud!
- 11/16/2017 - Building Envelope Technologies
- 06/15/2017 - Coupling Geothermal Heat Pumps with Underground Seasonal Thermal Energy Storage
- 04/20/2017 - Solutions for Installations' Participation in Energy Markets
- 01/12/2017 - Award Winning Projects: Energy and Water
- 10/06/2016 - Cyber Security and its Impacts on Installation Energy Management
- 07/14/2016 - Remote Methods for Water Conservation
- 05/05/2016 - Cost Effective and Resilient Building-Scale Microgrid Solutions for Increased Energy Security
- 10/15/2015 - LED-ing the Way: Sophisticated and Energy Efficient Exterior Lighting Systems for DoD Installations
- 02/19/2015 - Raise the Roof: Increased Rooftop Solar Efficiency Beyond Flat Panel PV
- 12/18/2014 - Energy Audits: From Clipboard to Cloud
- Environmental Restoration (46)
- 12/10/2020 - Approaches for Managing Contaminated Sediments
- 11/19/2020 - Abiotic Degradation of Chlorinated Solvents in Subsurface Environments
- 10/22/2020 - Managing Aqueous Film Forming Foam (AFFF) Impacts to Subsurface Environments and Assessment of Commercially Available PFAS-Free Foams (Part 2)
- 10/08/2020 - Managing AFFF Impacts to Subsurface Environments and Assessment of Commercially Available PFAS-Free Foams (Part 1)
- 07/23/2020 - PFAS Fate, Transport and Treatment
- 06/18/2020 - Advances in the Treatment of 1,4-Dioxane in Mixed Contaminant Plumes
- 05/07/2020 - Innovative Technologies for PFAS Destruction in Investigation Derived Wastes
- 04/09/2020 - Ecological Risk Assessment Approaches at PFAS-Impacted Sites
- 03/12/2020 - Applying Compound-Specific Isotope Analysis to Document Contaminant Degradation and Distinguish Sources
- 12/12/2019 - Advances in Remediating Groundwater Contaminated with Chlorinated Solvents
- 11/07/2019 - Status of SERDP and ESTCP Efforts on PFAS and Innovative Approaches for Treatment of Waste Derived from PFAS Subsurface Investigations
- 10/24/2019 - Advances in Managing Contaminated Groundwater Using High Resolution Site Characterization and Contaminant Mass Flux Reduction
- 10/17/2019 - Managing AFFF Impacts to Subsurface Environments and Assessment of Commercially Available Fluorine-Free Foams
- 09/05/2019 - The Use of Advanced Molecular Biological Tools in Groundwater Contaminated with Chlorinated Solvents
- 06/20/2019 - Vapor Intrusion: Modeling Tools and Cost Effective Mitigation
- 05/23/2019 - Treatment Options for the Emerging Contaminants 1,2,3-Trichloropropane and 1,2-Dibromoethane
- 04/11/2019 - Managing Contaminated Sediments: Passive Sampling Methods and In Situ Treatment
- 02/07/2019 - The REMChlor-MD Groundwater Transport and Remediation Model for Sites with Matrix Diffusion
- 11/15/2018 - Stormwater Impacts on Sediment Recontamination
- 10/18/2018 - Restoration of Chlorinated Solvent Contaminated Groundwater Sites: The Value of Information Challenge
- 10/04/2018 - Managing Groundwater Impacts at Chlorinated Solvent Sites
- 08/09/2018 - Energy Sustainable Wastewater Treatment Systems for Forward Operating DoD Installations
- 06/28/2018 - Managing Sites Impacted by 1,4-Dioxane: New Developments in Molecular Tools and Conceptual Site Models
- 09/07/2017 - Research and Development Needs for Management of DoD's PFAS Contaminated Sites
- 07/27/2017 - Management of Energetic and Propellant Material Releases on Testing and Training Ranges
- 05/18/2017 - High-Resolution Site Characterization at Chlorinated Solvents Sites
- 04/06/2017 - 1,4-Dioxane Impacts and Innovative Cleanup Technologies at DoD Contaminated Sites
- 03/09/2017 - Award Winning Projects: Environmental Restoration
- 02/23/2017 - Monitoring and Risk Assessment of Environmental Risks Posed by Munitions Constituents in Aquatic Systems
- 12/15/2016 - Advances in the Assessment and In Situ Treatment of Contaminated Sediments
- 11/03/2016 - Bioavailability of Contaminants of Concern in Soils at DoD-Impacted Sites
- 09/08/2016 - Practical Assessment and Optimization of Redox-Based Groundwater Remediation Technologies
- 07/28/2016 - Geophysics 101 – Realistic expectations for geophysics when used for site characterization and remediation monitoring - Part 2
- 06/30/2016 - Geophysics 101 – Realistic expectations for geophysics when used for site characterization and remediation monitoring - Part 1
- 06/02/2016 - Insensitive Munitions: Environmental Health Criteria, Fate and Transport
- 04/21/2016 - Long Term Monitoring Issues at Chlorinated Solvent Sites
- 01/28/2016 - Per- and Polyfluoroalkyl Substances (PFASs): Analytical and Characterization Frontiers
- 01/14/2016 - Vapor Intrusion: Regulatory Update and Advances in Assessment Tools
- 12/03/2015 - Emerging Contaminants: DoD Overview and State of Knowledge on Fluorochemicals and 1,4-Dioxane
- 10/29/2015 - Assessment and Treatment of Contaminated Sediments
- 08/20/2015 - Characterization and Remediation in Fractured Rock Environments
- 05/28/2015 - New Tools for Characterizing and Remediating Munitions and Energetics at Military Ranges
- 03/19/2015 - Quantitative Framework and Management Expectation Tool for the Selection of Bioremediation Approaches at Chlorinated Solvent Sites
- 01/08/2015 - DNAPL Source Zone Management Approaches
- 11/20/2014 - New Tools for Improving the Management of Contaminated Sediment Sites
- 10/30/2014 - Key Advances in Vapor Intrusion Assessments at Contaminated Sites
- Munitions Response (14)
- 09/24/2020 - Munitions Mobility and Burial in Underwater Environments
- 04/23/2020 -
- 07/25/2019 - Understanding Underwater Munitions Mobility and Behavior on the Beach Face and in Shallow Muddy Environments
- 08/23/2018 - Sediment Volume Search Sonar Development
- 11/02/2017 - Platforms for Underwater and Near-Shore Munitions Surveys
- 06/01/2017 - Classification of Military Munitions using Electromagnetic Induction Data
- 02/09/2017 - Award Winning Projects: Munitions Response
- 06/16/2016 - Quality Assurance Project Plan (QAPP) for Advanced Geophysical Classification Investigations – Part 2
- 05/19/2016 - Quality Assurance Project Plan (QAPP) for Advanced Geophysical Classification Investigations – Part 1
- 02/25/2016 - Recent Advances in the Classification of Underwater Munitions near a Water-Sediment Boundary
- 11/12/2015 - Munitions Response: Land Based Program Closeout
- 09/17/2015 - Munitions Response: Underwater Geophysical Sensors
- 05/07/2015 - Factors Affecting Munitions Mobility Underwater and In Situ Measurements
- 02/05/2015 - Acoustic Methods for Underwater Munitions
- Resource Conservation and Resiliency (25)
- 11/05/2020 - Changes in Pathogen Exposure Pathways under Non-Stationary Conditions and Their Implications for Wildlife and Human Exposure on Department of Defense Lands
- 08/20/2020 - Addressing Threatened and Endangered Species on DoD Lands
- 05/21/2020 -
- 03/26/2020 - Long-Term Ecological Studies: Evaluating Responses to Ecosystem Restoration and Optimizing Recovery of Plant Communities
- 10/03/2019 - Variation in Phenological Shifts: How do Annual Cycles and Genetic Diversity Constrain or Enable Responses to Climate Change?
- 08/22/2019 - Pacific Island Ecology and Management: Recovery of Native Plant Communities Following Removal of Non-Native Species
- 06/20/2019 - Developing Adaptation Strategies to Address Climate Change and Uncertainty
- 05/09/2019 - Roles of Soil Microbial Communities in Ecosystem Restoration
- 03/14/2019 - Determining the Temporal and Spatial Scales of Non-Stationarity in Temperature and Precipitation across the Continental United States
- 11/01/2018 - Plant Diversity and Biological Nitrogen Fixation in Longleaf Pine Ecosystems at Military Installations
- 09/20/2018 - Plant Diversity and Biological Nitrogen Fixation in Longleaf Pine Ecosystems at Military Installations
- 09/06/2018 - Informing Restoration Programs for Threatened and Endangered Plant Species
- 06/14/2018 - Approaches to Managing Threatened, Endangered and At-Risk Bird Species
- 05/03/2018 - Overview of the Defense Coastal/Estuarine Research Program (DCERP)
- 03/08/2018 - Quantifying and Modeling Fugitive Dust Emissions from DoD Activities
- 12/07/2017 - Management of Novel Hawaiian Ecosystems
- 10/05/2017 - New Resource Conservation Insights to Desert Environments
- 06/29/2017 - Future Vulnerabilities to Alaskan Ecosystems and Tools for Permafrost Assessment
- 02/23/2017 - Award Winning Projects: Resource Conservation and Resiliency
- 10/20/2016 - DoD Decision Making and Climate Change
- 09/22/2016 - Managing the Brown Treesnake Headache: Assessment of the Aerial Acetaminophen Bait Drop on Guam
- 04/07/2016 - Use of Climate Information for Decision Making and Impacts Research
- 12/17/2015 - Watershed Assessment and Stormwater Management Optimization Tools
- 03/26/2015 - Innovative Tools for Species Inventory, Monitoring, and Management
- 11/06/2014 - New Tools for Advancing Our Understanding of Marine Mammal Behavioral Ecology
- Weapons Systems and Platforms (23)
- 09/10/2020 - Reducing Hazardous Materials in Weapons Systems: Advances in Waterjet Applications and Cold Spray Technologies
- 06/04/2020 - Waste Reduction and Treatment in Armed Forces Vessels
- 02/27/2020 - Advances in the Development of Environmentally Friendly Pyrotechnic and Propellant Formulations
- 10/31/2019 - Developing and Demonstrating Non-Toxic and Sustainable Coating Systems for Military Platforms
- 09/19/2019 - Life Cycle Assessment and Developmental Environment Safety and Occupational Health Evaluation: Tools for Sustainment and Health
- 06/06/2019 - Developing and Demonstrating Non-Toxic and Sustainable Coating Systems for Military Platforms
- 04/25/2019 - Accelerated Corrosion and Ageing Studies
- 05/31/2018 - Resonant Acoustic Mixing of Energetic Material Formulations
- 04/05/2018 - Advanced Nanocrystalline Alloys as Alternatives for Repair and Replacement of High Wear Parts
- 02/08/2018 - Improved Methods to Evaluate Aerial Emissions and Develop Pollutant Emission Factors
- 10/19/2017 - Laser De-Paint and Surface Preparation Mechanism and Technologies
- 08/17/2017 - Zinc Nickel Dip and Brush Plating
- 05/04/2017 - Novel Coatings Systems for Use as High Performance Chemical Resistant Powder Topcoats
- 01/26/2017 - Award Winning Projects: Weapons Systems and Platforms
- 08/11/2016 - An Environmentally Acceptable Alternative for Fast Cook-Off Testing, Demonstration, Validation and Implementation Efforts
- 03/24/2016 - Cadmium and Chromate Elimination Efforts: Implementation Plans and Strategic Roadmaps for Three DoD Depots
- 02/11/2016 - Chromate/Hazardous Material Free Coating Systems for Military Aircraft and Ground Support Equipment
- 10/01/2015 - Hexavalent Chrome Elimination from Hard Chrome Surface Finishing
- 07/16/2015 - Sustainable Pyrotechnics: Flares and Projectiles
- 04/16/2015 - Blast Noise Measurements and Community Response
- 03/05/2015 - Understanding and Mitigating the Risks Associated with Lead-Free Electronics
- 01/22/2015 - Bio-Based Methodologies for the Production of Environmentally Sustainable Materials
- 12/04/2014 - Waste to Energy Options for Base Camps: Efficient Tar Management and Rotary Kiln Gasification
Featured Initiatives
The latest developments in science, engineering, and technology.