Control System Agnostic Secure Enclave (CASE)
Joseph Bush | USACE-ERDC-CERL
The objective of the project is to provide a Type Authorized solution for Risk Management Framework (RMF) (cybersecurity) accreditation of facility related control systems that could not otherwise be accredited, either due to excessive costs or fundamental system vulnerabilities. Achieving RMF for these systems will allow the Department of Defense (DoD) to more easily develop and demonstrate energy and water savings technologies and also allow DoD to realize projected energy and water savings from systems already installed that are currently threatened with demolition or functional abandonment due to inability to meet cybersecurity requirements.
This project develops and obtains Authorization for a secure enclave for demonstration and legacy control systems (SEDALCS). The enclave incorporates both technical and procedural elements to achieve an "interim secure" state for facility-related control system. A key enabling technology for the enclave is a security device based on commercial off-the-shelf (COTS) hardware and software and providing a virtual private network (VPN) for the control system.
For demonstration systems, CASE provides a means to expedite fielding of the system without requiring the system to obtain its own authorization. This decreases time-to-fielding while simultaneously decreasing the cost to field the demonstration system.
For many legacy systems which are NOT capable of obtaining an authorization without extensive replacement of components (or the entire system), CASE provides a path to operation over the network which would otherwise not exist. With control system replacement costs in the tens or hundreds of thousands of dollars per system, this is the true value of CASE – it doesn’t just make authorization more affordable, it makes it practical when it would otherwise be virtually impossible.