As buildings become “smarter,” new technologies rely more heavily on networks to integrate with central control systems to maximize their performance and optimize system-wide operations. The control systems, ranging from building environmental controls to large-scale systems such as the electrical power grid, are often integrated with organizational IT systems to promote connectivity, efficiency, and remote access capabilities. This level of interconnectivity increases the “attack surface” for cyber threats. Within the DoD, there are an estimated 2.5 million unique control systems that are used in more than 300,000 buildings and each building may have between five and 20 subsystems such as HVAC, lighting, and fire, as well as more than 250,000 linear structures such as airfield lighting, pipeline, and rail). Recognizing the growing threat posed by cyber attacks to these control systems, ESTCP has invested in demonstrations aimed at developing innovative hardware and software solutions to secure industrial controls against cyber-attack.
ESTCP also offers webinars, training material, such as Risk Management Framework (RMF) 101, tools such as the RSAT tool and checklists, and information on DoD RMF process that is required to obtain an Authorization To Operate (ATO) on the DoD Information Network (DoDIN).