ICS in the Army

When most people think of industrial control system users, the Army may not be the first thing that comes to mind, but the U.S. Army depends heavily on industrial control systems for managing critical power plants, dams and water supplies, as well as combat related operations.

Adam Stone explores military ICS applications in a recent FedTech feature. He said that the control technology that the military uses is just as vulnerable to cyberattack as that run by states and the private sector, and that the federal government is moving ahead to cyber-harden critical infrastructure by applying more robust protections to both non-combat and combat applications.   

Non-Combat ICS

A major non-combat user of ICS and SCADA systems is the U.S. Army Core of Engineers (USACE). USACE delivers vital engineering solutions to “secure our Nation, energize our economy, and reduce disaster risk.” In January of 2019,  the USACE created a Critical Infrastructure Expertise Center to authorize operation of projects or facilities that involve control systems. Its charge is to protect control systems from internal and external threats across the entire control system life cycle.

The USACE role in just the hydropower industry demonstrates the importance of their role in protecting critical infrastructure. According to Stone, with the U.S. Bureau of reclamation, USACE is the largest operator of hydropower generation plants in the U.S. This includes the Grand Coulee Dam in Washington state, which now generates nearly half of all hydropower in the country and has the capacity to generate more electricity than any other power plant in the United States. This includes also the Dalles Dam in Oregon, which itself is one of the largest hydropower generators in the country and is upgrading SCADA controllers and modules. The U.S. Bureau of Reclamation is also the nation’s largest wholesaler of water and is also updating its SCADA systems to standardize its systems and collect data and alerts more quickly.

In addition to protecting critical hydropower and water management, the USACE Cybersecurity expertise center authorizes control systems used in navigation, flood risk management, dam safety, environmental, marine traffic control, and military bases.

ICS in Combat 

“We have a lot of control systems — in our weapon system platforms, in installations — running our most complex manufacturing processes,” U.S. CIO Army Raj Iyer told Stone, adding that most of this equipment has embedded software built into it and it’s the software that runs all of these activities on the hardware and controls the hardware.

“If this software is not updated, you have the risk of cyberattacks,” he says. He said that the Army is also identifying all the control system assets on its networks, from tiny sensors to huge complex systems. “… we’re actually putting sensors across our network to identify these assets, classify them, tag them, and understand their current security posture,” he says.

This is all part of risk assessment to guide the Army in finding substitutes for outdated operating systems that could lead them to divest the old technology and move onto “newer control systems” that “are cybersecurity safe from the get-go.”

For more information on how Bedrock Automation has leveraged intrinsic cyber security technology that has been advanced in military and aerospace applications see our white paper: Securing Industrial Control Systems: Best Practices.