Moving beyond defense-in-depth to strategic resilience for critical control systems

Critical control systems such as the North American Power Grid are undergoing significant modernization involving increased use of computer and communication systems. While these advances promise better capabilities, for example, an electric grid with increased reliability and efficiency, they also increase the risk to the control systems from cyber attacks. A significant effort is underway by government, industry, national labs and academia to develop and deploy security technologies that assess and mitigate this increased risk. This effort includes select programs funded by the US Departments of Energy¹ and Homeland Security², the US Reinvestment and Recovery Act, the National Institute of Standards and Technologies led Smart Grid Interoperability Panel³, and standard development bodies to name a few. The focus of this effort includes electric grid systems ranging from smart meters and SCADA (Supervisory Control and Data Acquisition) systems to synchrophasor based Wide Area Measurement Systems⁴, oil and gas SCADA systems, and industrial control systems. A timely challenge in this environment, therefore, is to explore the right cyber security constructs and principles that can guide the effort and ultimately result in secure critical infrastructure for the nation. It is our contention that commonly employed defense-in-depth constructs centered on building layers of defense are insufficient to achieve that objective. Instead, there is a need to explore strategic resilience-based approaches that involve designing the systems to protect critical components and functions, strive to provide service in the face of cyber attacks, and ensure timely response and recovery if the attacks succeed.