Control System Security research and development (R&D) covers a spectrum of monitoring and resilience technologies that provide additional cyber awareness of attack and resilient design mitigations to defend against compromise. Teams of control and security researchers form multidisciplinary teams to develop tools, perform assessments and training, and develop cutting edge R&D products. From both the context of security and failure, consideration of both cyber and physical interdependencies provides a foundational approach to our efforts. The result is a more comprehensive characterization of all-hazards threat and appropriate response actions, whether automated or through human action. This R&D complements the development efforts of programs that include the Industrial Control System Computer Emergency Readiness Team (ICS-CERT), funded by the Department of Homeland Security (DHS).
Cyber Awareness and Resilient Design
Because of the human element of a malicious actor, traditional methods of achieving reliability cannot be used to characterize cyber awareness and resilient design. Dynamic mechanisms of probabilistic risk analysis that can link human reliability with the system state are still maturing. The intellectual level and background of the adversary makes stochastic methods unusable due to the variability of both the objective and the motives. In addition, the strength of the adversary is increased because the existing control system architecture is not random, and response characteristics are reproducible. Therefore, a resilient design can find strength in similar fashion by becoming atypical of normal control system architectural design, and appearing random in response and characteristics to the adversary.
The R&D focus is on technologies to advance the state of the art within the area of cyber resilience, which requires a necessary paradigm shift to address the evolving threat. For cyber awareness, these include diverse, multilayered and potentially out-of-band indicators of cyber threat across the control system architecture. In addition, physical indicators of cyber compromise provide a well-understood baseline for operation. Holistically, these diverse indicators provide a trustworthy basis for quick identification and response by the human, providing more fidelity and less false positives in interpretation of cyber threat. In addition, they provide basis for more autonomous action by active defenses that include moving target design. Active recognition coupled with modification and obfuscation of the environment provides resilience to attack.