ArticleCS - Article View

System Control Platform Enclave: A Cyber-Security Solution for Facility-Related Control Systems

U.S. Army Corps of Engineers, Civil Works
Published Feb. 11, 2020

WASHINGTON—Army sites have a large number of facility-related control systems (FRCSs), often from different vendors. As a result, obtaining the risk-management framework (RMF) authorization for these systems can be challenging. Issues, such as integrating the control system with traditional information technology (IT) infrastructure, resolving the vulnerabilities in front-end software and code, and addressing a lack of support for encryption and other common-level services that a traditional IT system provides, all add significant cost to control system procurement. In the Army, many systems are undergoing RMF authorizations on a site-by-site basis. The Directorate of Public Works (DPW) staff are typically responsible for ensuring the cybersecurity of the traditional IT components of the control system, as well as the operational technology (OT) components. By leveraging common IT services and infrastructure, it is possible to reduce RMF-related costs while increasing the chances of successfully obtaining an authority to operate (ATO) for these control systems.

The Engineer Research and Development Center (ERDC)–Construction Engineering Research Laboratory (CERL) has developed a solution to help installations obtain an ATO for their FRCS. The System Control Platform Enclave (SCPE) is a solution that provides common IT infrastructure designed for the needs of FRCSs. The SCPE currently has a type authorization for use on the Corps network, and ERDC–CERL is working with the U.S. Army Materiel Command (AMC) to obtain type authorization across the AMC. The SCPE is designed to enable installations to operate their control systems across the Installation Campus Area Network (ICAN) without a separate, dedicated network.

In addition to common IT infrastructure, the SCPE works with modern control systems and provides additional layers of security that may not be available with commercial off-the-shelf (COTS) systems. The SCPE allows the creation of a secure network enclave in which to operate the control system, but unlike other enclave solutions that maintain separation between the enclave and the rest of the ICAN, the SCPE provides a ‘gatekeeper’ to allow for secure communication between the two elements. This allows for common access card-enabled access to the control system from a regular computer on the network (rather than having computers dedicated to the control system), as well as the transmission of information, such as emails and meter data, out of the control system and across the ICAN.

The SCPE solution is made up of two authorizations: a type ATO for the enclave and a site ATO for the specific control system. The type ATO combines common IT-level services and infrastructure  to reduce the IT burden on individual installations. By using a memorandum of understanding, installations can work with local IT providers to obtain common-level IT services. Each site then obtains a separate site ATO for the control system that includes any front-end software and devices below the front end. Using this approach, the site ATO can inherit cybersecurity controls from the type ATO and the DPW staff can focus on the security of the OT components. This inheritance approach reduces the overall risk cost of obtaining a site ATO for the system. For additional information please contact Tapan Patel, Mechanical Engineer, ERDC–CERL,