The only thing worse than a pandemic would be a pandemic without power. If the lights dim due to a disruption in power generation or distribution, our productivity and quality of life do, too. In today’s cyber environment, diverse and highly skilled adversaries including nation-states, transnational groups, and criminal gangs, are seeking to subvert our critical systems such as the power grid. The National Security Agency (NSA) and the Department of Homeland Security (DHS) recently issued an alert recommending that all asset owners and operators of critical infrastructure take immediate steps to reduce exposure across their operational technologies and control systems. The alert warns that our most critical infrastructures (e.g., the energy, communications and manufacturing sectors) are vulnerable to cybersecurity attacks.
NIST has resources that can help our critical infrastructure sectors as they implement the recommendations from NSA and DHS. NIST provides Industrial Control Systems (ICS) security guidance and state-of-the-practice security controls to help organizations implement many of these recommendations along with practical example solutions.
Today’s complex systems in critical infrastructure applications need a multidimensional protection strategy that includes a high degree of penetration resistance, damage-limiting and open system architectures, and the implementation of techniques and approaches that achieve true cyber resiliency We should not presume a particular outcome or solution to this difficult and challenging problem, but rather begin to address both the immediate technical solutions while working on the longer-term solutions.
Some organizations are looking to highly assured, trusted operating systems to be a foundational part of the defensive tool kit of developers and operators of critical systems, such as those described by NSA and DHS in their alert.
NIST’s systems security engineering guideline, SP 800-160, Vol. 1, states that “trustworthy components within Industrial Control Systems, including for example, highly assured, kernel-based operating systems in Programmable Logic Controllers, can help achieve a high degree of system integrity and availability through domain separation with control over cross-domain flows and use of shared resources.” Today’s trusted operating systems include a multitude of commercial vendors, albeit at differing levels of assurance. Several commercially built operating systems have met the most rigorous NSA specification (i.e., Trusted Computer System Evaluation Criteria Class A1) and some of these systems have been independently evaluated. In addition to trusted operating systems, NIST also has extensive guidance on developing cyber resilient systems, capable of addressing attacks from Advanced Persistent Threats.
To address the need for trustworthy systems and components, critical infrastructure owners and operators need to determine how much it would cost to transition current platforms to highly assured operating systems and how long it would take. These costs must be balanced against the costs of not implementing this type of high assurance solution or determining alternative risk mitigations. The goal should be to find the most efficient path for developing systems with a high degree of security.
But what about the long-term solution for protecting critical systems in an era of complex systems, hyper connectivity, and cyber-physical convergence? NIST, along with its agency partners and industry, is working on that. In addition to the resources listed above, the following references may also be useful to help ensure that critical systems have the appropriate levels of protection, assurance, and resiliency to facilitate trust in those systems.