Critical Infrastructure As Code

Stage 2

Defending cyber physical processes from digital threats requires that process operators maintain positive control of their systems.  This implies the digital state of their Level 0, 1, and 2 devices remain discoverable and trustworthy, and the current configuration be revertible to a known trusted state when desired.  In IT, open and standards-based configuration management would help fill this role using an Infrastructure-as-Code (IaC) methodology:  codifying software, configurations, and policy; maintaining declarative infrastructure descriptions; continuously (and automatically) testing systems; and version controlling everything.

In OT, however, open and standards-based configuration management of Level 0, 1, and 2 devices is an open problem. Secure, revision-controlled backups of configurations frequently don’t exist. Tools for saving device state are typically provided by the vendor and require Windows platforms and manual user interaction. Configuration files are saved in vendor-proprietary formats that do not lend themselves to quick inspection or easy verification. This leads to systems that are nearly indefensible—if operators cannot determine the state of the digital system nor revert to a known trusted state, then safely controlling the physical process becomes nearly impossible when faced with a digital threat.

The talk would describe our efforts to build Critical-IaC (CIAC) for a small substation and generation control system. We are building utilities to abstract away the vendor tools and provide infrastructure definitions in json and yaml files. These allow for quick inspection, clear declaration of what services and features a device should have, and provide a way to attest that a field device is running with the correct configuration. This approach is useful for internal testbed development, and, we think, for field deployments where device configurations can be managed and continuously attested. We hope that this talk would bring the CIAC methodology to the community, educating assets owners and motivating industry to develop tools in alignment with open, standards-based configuration management.

Secure Design & Dev