NSF Award
2001789
Remote monitoring and control of industrial control systems are protected using firewalls and user passwords. Cyberattacks that get past firewalls have unfettered access to command industrial control systems with potential to harm digital assets, environmental resources, and humans in proximity to the compromised system. To prevent and mitigate such harms in scientific industrial control systems, this project enhances the security of open-source cyberinfrastructure used for high energy physics, astronomy, and space sciences. The results of this project enhance the security of scientific instruments used in particle accelerators, large-scale telescopes, satellites, and space probes. The benefits to science and the public include greater confidence in the fidelity of experimental data collected from these scientific instruments, and increased reliability of scientific cyberinfrastructure that reduces the costs associated with accidental misconfigurations or malicious cyberattacks.<br/><br/>The objective of this project is to enhance the security of the open-source Real-Time Executive for Multiprocessor Systems (RTEMS) real-time operating system and the Experimental Physics and Industrial Control System (EPICS) software and networks; RTEMS and EPICS are widely used cyberinfrastructure for controlling scientific instruments. The security enhancements span eight related project activities: (1) static analysis and security fuzzing as part of continuous integration; (2) cryptographic security for the open-source software development life cycle; (3) secure boot and update for remotely-managed scientific instruments; (4) open-source cryptographic libraries for secure communication; (5) real-time memory protection; (6) formal modeling and analysis of network protocols; (7) enhanced security event logging; and (8) network-based intrusion detection for scientific industrial control systems. The project outcomes provide a roadmap for enculturating cybersecurity best practices in open-source, open-science communities while advancing the state-of-the-art research in cyberinfrastructure software engineering and industrial control system security.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
