Prioritizing ICS Beachhead Systems for Cyber Vulnerability Testing
- Idaho National Lab. (INL), Idaho Falls, ID (United States)
- USDOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER) Washington, DC (United States)
Cyber Testing for Resilient Industrial Control Systems™ (CyTRICS™) is the Department of Energy’s (DOE’s) program for cybersecurity vulnerability testing, digital subcomponent enumeration, and forensic assessment. CyTRICS leverages best-in-class test facilities and analytic capabilities at six DOE National Laboratories and strategic partnerships with key stakeholders including technology developers, manufacturers, asset owners and operators, and interagency partners. During the program’s development, CyTRICS established a unique methodology for prioritizing digital components within operational technology (OT) and industrial control systems (ICS) in the Energy Sector Industrial Base (ESIB) for cyber vulnerability testing. The CyTRICS Prioritization Process leverages multiple characteristics of systems, components, and their contextual deployment to calculate a quantification of individual digital components for CyTRICS testing. The initial version of the CyTRICS Prioritization Process was premised largely upon the impact which could result to an industrial control system if the digital component under testing was compromised, either through malicious means, faulty engineering, or other modes. The worldwide compromise of the SolarWinds Orion platform, first reported in December 2020, through malicious interference with the digital patching cycle was a watershed event in cyber supply chain security. The SolarWinds compromised demonstrated the strategic importance of certain types of ubiquitous software, and the ability to generate widespread cybersecurity effects. To address this challenge and as a part of the Department of Energy’s response to the SolarWinds compromise, DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) directed the National Laboratories to evolve the CyTRICS Prioritization Process methodology to encompass additional factors related to the strategic importance of digital components. CESER directed CyTRICS researchers to identify, characterize, and append strategic factors to the CyTRICS Prioritization Process to provide additional weight to these characteristics. National Laboratory expert researchers identified functionality, distribution, and platform characteristics for digital components in ICS and OT that they assessed would be likely targeted in strategic initial-access cyber attack. CyTRICS has termed these factors “ICS Beachhead Systems,” leveraging a definition first advanced by Schneider Electric, which is intended as a blanket term to encompass digital components, products, and systems in OT. This paper describes the ICS Beachhead Systems identified and the rationale for inclusion. As a next step in the research and refinement process, the National Laboratories will validate this initial set of characteristics against digital components evaluated by the CyTRICS program and current implementation of the CyTRICS Prioritization Process. After validation, CyTRICS researchers will then develop a scoring methodology to generate a quantitative score to assess the degree to which a digital component is characterized as an ICS Beachhead System. Finally, the National Laboratories will append this scoring to the existing CyTRICS Prioritization Process algorithm.
- Research Organization:
- Idaho National Lab. (INL), Idaho Falls, ID (United States)
- Sponsoring Organization:
- USDOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
- DOE Contract Number:
- AC07-05ID14517
- OSTI ID:
- 1856808
- Report Number(s):
- INL/RPT-22-66453-Rev000; TRN: US2302920
- Country of Publication:
- United States
- Language:
- English
Similar Records
Autonomous System Inference, Trojan, and Adversarial Reprogramming Attack and Defense (Final)
HP in Cybersecurity: CyOTE