The Department of Defense (DoD) has substantial security requirements for industrial control systems (ICS) installed at DoD sites. To achieve a full authority to operate (ATO) at an installation, not only must the equipment meet strict functional requirements, but the actual certification process can be extremely taxing. Experience shows these costs can easily reach $100-200k for a site ATO, with typically two years needed from start to finish.

In practice, these costs and time requirements severely limit the technology available to the DoD. In the commercial realm, energy analysis and control systems are constantly improving and can provide impressive energy savings and control. However, the majority of commercial ICS manufacturers do not attempt to enter the DoD market due to these significant technical, time, and cost requirements. This project intends to help specify and demonstrate a new ICS "containerization" system which can conceivably allow a large subset of commercial ICS products to be quickly integrated into DoD installations using a pre-approved host system. In particular, we are targeting five key objectives:

i) Develop a vendor-neutral "Secure Standardized Container (SSC)" specification which standardizes key ATO requirements for ICS systems, providing all key ATO functionality such as user authentication, audit trails, backups, and network security through a self-contained package.

ii) Demonstrate a SSC host system on the Air Force COINE enclave using two different ICS systems as guests, and obtain a Type Authorization ATO from the Air Force for this SSC host system that would be applicable at a wide array of Air Force installations.

iii) Demonstrate a hardware "tunneling translator" device which can be utilized with the SSC host system to provide Federal Information Processing Standards (FIPS) 140-2 level encrypted tunneling for Internet Protocol (IP)-enabled ICS equipment, allowing third party ICS hardware to be connected to network enclaves with minimal risk and no network configuration changes.

iv) Demonstrate a "uni-directional" data transfer solution which can integrate a SSC system with other networks as either a "sender" or "receiver" of data.

v) Test the SSC host system on the Army System Control Platform Enclave (SCPI) architecture, and consult with both Army and Navy subject matter experts to confirm compatibility and security of the system on different DoD branches, preparing the system for future reciprocity across the DoD.

The ICS platform employs a novel architecture which allows a "core configuration" of hardware and software to serve as a host for third party ICS systems. This core configuration combines three new technologies: i) a hardware tunneling translator device which can provide secure FIPS 140-2 certified security to IP-enabled ICS equipment, and ii) a new Secure Standardized Container (SSC) host/guest system for encapsulating all critical ATO features for ICS software into a self-contained virtualized guest image, and iii) a one-way data store device which can facilitate transfer of data to or from the ICS system. By abstracting all key ATO requirements for a new ICS system and handling them with a core configuration, a single Type ATO for the core system can host multiple ICS systems at a site without the need for additional Site ATOs for each system.

This project will demonstrate a dramatic reduction in time and cost to apply new ICS technologies to DoD installations. Not only is significant DoD manpower saved from eliminating the need for Site ATOs, but the barriers to entry are minimized for commercial ICS manufacturers within the defense marketplace. Many of these commercialized ICS technologies can be immediately utilized for utility savings through performance contracting, providing substantial cost savings to the DoD. Additionally, this technology also drastically reduces risk at Level 2 (Field IP network) in DoD ICS networks. Currently there is very little risk mitigation within this network level, and enclaves typically provides no integrity or confidentiality protection among Level 2 equipment within it. The technology provides full end-to-end encryption and authentication for any hosted SSC system, as well as other key risk mitigation features.