Secure By Design
Operational technology (OT) security is challenging for NSF CI operators in part due to lack of security in the original design, as well as diversity of OT systems and vendors. Security by design is particularly important in OT where systems cannot be patched or updated after deployment and expected system life can be many decades, as we discovered in our 2022 OT study. Numerous NSF major facilities and mid-scales are currently undergoing new or refreshed design, construction, and acquisition. Application of secure-by-design principles by software and hardware vendors remains hit-or-miss at best. At the same time, CISA notes the alternative is vulnerable by design.
Trusted CI began pilot engagements with NSF academic maritime and polar facilities in early 2023 to help build in security by design at the outset of construction and acquisition. These engagements have already produced a questionnaire that can be used by NSF facilities to create RFPs for OT vendors. These engagements are an initial step in a major Trusted CI strategic push to broaden community awareness of the criticality of secure-by-design principles to additional essential CI operators in pre-operational periods, such as major facilities under construction via NSF MREFC and MSRIs. These pilots are intended to develop initial insights and documentation to inform the structure of secure-by-design cohorts and a CoP that we plan to implement in parallel to the Framework cohort for facilities undergoing design, construction, and refresh phases. The goal will be to help facilities design and procure systems for their 20+ year lifecycles that are as secure as possible for foreseeable future needs and with mitigations guided by operational and scientific needs, cost, physical constraints, environmental conditions, and human usability factors.
Secure-by-design cohorts and CoP will focus on the underlying security of OT components, communications, and physical security and help facilities understand security properties to specify to vendors when issuing RFPs. In rare cases, vendors may be able to design directly to specifications. More commonly, security specifications will narrow a supplier list to those that can adhere to them. When no vendor can adhere to specifications, as with most legacy OT, security design must be handled on a system rather than a component level. Thus, Trusted CI’s push will include architectural discussions that take into account network architecture, component interactions (e.g., sonar used for both ship operations and research), and physical security, such as when physical security is assumed by the designer of computing equipment, but physical security is impossible due to facility safety requirements, or environmental conditions such as water, radiation, or extreme temperatures.
Resources
Trusted CI Operational Technology Procurement Vendor Matrix
Blog posts
Highlights from the 2024 NSF Research Infrastructure Workshop
Announcing publication of the Operational Technology Procurement Vendor Matrix
Updates on Trusted CI’s Efforts in Cybersecurity by Design of NSF Academic Maritime Facilities