Navy Pioneers OT Cybersecurity with New Prototype

A U.S. Navy cybersecurity prototype could help other defense agencies and military services quickly identify cyberattacks against operational technology (OT), including industrial control systems and critical infrastructure, as foreign adversaries increasingly search for ways to infiltrate these systems.

“There’s inherently no intelligence value for an adversary being on, let’s say, defense critical infrastructure system,” Chris Cleary, the Navy’s principal cyber advisor, said at the Cybersecurity in the Modern Intelligence Community Forum Wednesday. “What there is is there’s an operational value, there’s a prepositioning component to it. There’s an understanding our dependencies on a lot of defense critical infrastructure and how that infrastructure could be engaged, attacked, or degraded. And how that will really flow down to degrade some of the core functions of the Department of the Navy, whether it be, you know, Navy or Marine Corps assets, across the breadth and scope of all the missions that we undertake.”

More Situational Awareness For Industrial Control Systems, or MOSAICS, is a program that the Navy is “going all in on.” Released in 2020, the Navy Implementation of MOSAICS document defines MOSAICS as a capability to “detect, mitigate and recover from a cyber attack on Industrial Control Systems (ICS) networks combined with decision support, analytics, visualization, and information sharing tools.”

“We’re beginning to get better at protecting this infrastructure, but censoring it, being aware of things that are happening on it is … this new thing that we’re that we’re tiptoeing into,” Cleary said. “I believe that all the services are going to be slapping the table pretty soon on the MOSAICS reference architecture and across the breadth and scope of the Defense Department. This is going to be the language that we continue to speak.”

The Navy saw initial successes in the MOSAICS working prototype, which conducted a military utility assessment in August 2021 at Naval Facilities Southwest in California. Over the testing period, MOSAICS surveilled a 3,000-node network and successfully identified every attack launched against a simulated control station on the base, achieving a 100% success rate with fewer than 1% false positives.

The Navy licensed MOSAICS for one more year, seeking to deploy the technology at additional bases.

Cleary said he has seen adversary activity getting in the way the Navy does business, making the OT area “front and center,” particularly with Meredith Berger, the undersecretary of the Navy for energy, installations and the environment.

“What I can tell you is in 2024, there’s some significant funding … that has been given to the Department of the Navy to continue to advance the MOSAICS effort,” Cleary said. “I think you’re going to see this area begin to take off now. … I think you will see a lot of movement in this space very aggressively in the new year.”