Understanding Facility Related Control Systems in U.S. Federal Facilities
The Claroty Team
/December 9th, 2024/
9 min read
Within U.S. federal buildings and across installations both domestically and abroad, Facility-Related Control Systems (FRCS) are responsible for crucial operations, making them potential targets for cyber threats. Protecting these systems, which are a category of Operational Technology (OT), is imperative to securing the broader federal environments they’re a part of, from U.S. military operations to critical manufacturing and maintenance, energy and biomedical laboratories to diplomatic missions. Securing these systems requires OT and CPS-specific security expertise and capabilities that go beyond superficial protocol analysis and a comprehensive exposure analysis of each asset or system.
Learn more about the world of FRCS cybersecurity, its importance in federal environments, the unique challenges it presents, and the strategic measures to enhance CPS security.
Defining Facility Related Control Systems and their Criticality
The building control systems handling essential utilities for a specific environment, including temperature, electricity, and humidity control;
Electronic security systems that govern access to facilities such as bases, campuses, buildings, and rooms; and
Fire and life safety systems such as fire suppression systems.
FRCS cybersecurity aims to protect these access controls from adversaries looking to exploit the system and, thus, hinder the system’s objective or worse, use them as a launching point into the broader federal network. Within the U.S. DoD, Unified Facilities Criteria (UFC) govern the handling of these systems and the Risk Management Framework, through DoD Instruction 8510.01, governs the security of these systems by impact level. Within U.S. civilian agencies, FISMA governs FRCS security, requiring the identification, risk assessment, security controls and regular monitoring of these systems.
Common Types of FRCS
The devices that comprise Facility-Related Control Systems are susceptible to cyber attacks that could circumvent controls, laterally move into the broader network, and/or lead to serious harm. From overtaking physical security into a facility, to thwarting life-saving systems to impeding mission-critical operations in an airfield, adversaries who gain access to FRCS can derail operations, destroy property, and endanger physical safety.
Common types of FRCS that must be secured include building automation systems (BAS) like HVAC, lighting, and electricity, life safety systems, energy monitoring systems, water management systems, environmental sensors, electronic security systems and more.
Criticality of Securing FRCS
Beyond the role of FRCS, two other considerations make securing FRCS a priority: the sheer magnitude of these systems throughout federal environments, and their locations often outside the control of the U.S. government. For example, within DoD, the U.S. Navy alone is estimated to manage approximately 260,000 FRCS. And maintaining control of and securing such systems becomes even more complex when they are outside the U.S. For example, the U.S. military is estimated to maintain over 128 installations across 51 countries and the U.S. State Department maintains 3,000 properties in almost 300 U.S. diplomatic posts - all of which include these critical functions and systems.
Definition
Facility-related control systems (FRCS) serve crucial roles in maintaining safe and effective operation of DoD facilities both in CONUS and OCONUS. Yet, these systems are often the overlooked aspects of the security of the mission, regardless of whether that mission is defense or supports defense, such as medical operations or utility monitoring.
Problem Statement
The interruption of any FRCS can often impede mission-critical operations. Disrupting the base or building power supply can obviously bring downstream impact to supply movement, fueling systems, and even airfield lighting. Today, FRCS systems have grown, increasingly connect to and are controlled via the internet, offer remote access, and commonly utilize insecure protocols and legacy systems. As a result, they create new attack vectors and their vulnerabilities are growing. Without adequate security controls, they tend to be uniquely vulnerable to cyber threats and can be used by adversaries as a stepping stone into the rest of the OT network, sitting dormant until ‘trigger’ time. Further compounding these issues are visibility limitations, as the Services struggle to know what assets they have – both in CONUS and on foreign soil OCONUS.
Solution
To eliminate many of these core challenges, Claroty can assist the Services in applying OT-specific security following the Zero trust reference architecture (ZTRA). Using the Claroty purpose-built OT security portfolio, you can 1) gain visibility and vulnerability insight into all FRCS, 2) segment the network with least impact to the OT network, 3) secure remote access for staff and contractors, 4) maintain protection across FRCS by monitoring for any change to the devices, communication patterns, anomalous communications within each protocol, and misconfigurations, providing alerting and audit trails, and 5) extend existing IT security controls and governance to OT.
Facility-related and other building controls
Building automation systems
Life safety systems
Utility monitoring & control systems
Communications
Intrusion detection systems
Robotics
Definition
Facility-related control systems (FRCS) serve crucial roles in maintaining safe and effective operation of DoD facilities both in CONUS and OCONUS. Yet, these systems are often the overlooked aspects of the security of the mission, regardless of whether that mission is defense or supports defense, such as medical operations or utility monitoring.
Problem Statement
The interruption of any FRCS can often impede mission-critical operations. Disrupting the base or building power supply can obviously bring downstream impact to supply movement, fueling systems, and even airfield lighting. Today, FRCS systems have grown, increasingly connect to and are controlled via the internet, offer remote access, and commonly utilize insecure protocols and legacy systems. As a result, they create new attack vectors and their vulnerabilities are growing. Without adequate security controls, they tend to be uniquely vulnerable to cyber threats and can be used by adversaries as a stepping stone into the rest of the OT network, sitting dormant until ‘trigger’ time. Further compounding these issues are visibility limitations, as the Services struggle to know what assets they have – both in CONUS and on foreign soil OCONUS.
Solution
To eliminate many of these core challenges, Claroty can assist the Services in applying OT-specific security following the Zero trust reference architecture (ZTRA). Using the Claroty purpose-built OT security portfolio, you can 1) gain visibility and vulnerability insight into all FRCS, 2) segment the network with least impact to the OT network, 3) secure remote access for staff and contractors, 4) maintain protection across FRCS by monitoring for any change to the devices, communication patterns, anomalous communications within each protocol, and misconfigurations, providing alerting and audit trails, and 5) extend existing IT security controls and governance to OT.
Facility-related and other building controls
Building automation systems
Life safety systems
Utility monitoring & control systems
Communications
Intrusion detection systems
Robotics
Definition
Facility-related control systems (FRCS) serve crucial roles in maintaining safe and effective operation of DoD facilities both in CONUS and OCONUS. Yet, these systems are often the overlooked aspects of the security of the mission, regardless of whether that mission is defense or supports defense, such as medical operations or utility monitoring.
Problem Statement
The interruption of any FRCS can often impede mission-critical operations. Disrupting the base or building power supply can obviously bring downstream impact to supply movement, fueling systems, and even airfield lighting. Today, FRCS systems have grown, increasingly connect to and are controlled via the internet, offer remote access, and commonly utilize insecure protocols and legacy systems. As a result, they create new attack vectors and their vulnerabilities are growing. Without adequate security controls, they tend to be uniquely vulnerable to cyber threats and can be used by adversaries as a stepping stone into the rest of the OT network, sitting dormant until ‘trigger’ time. Further compounding these issues are visibility limitations, as the Services struggle to know what assets they have – both in CONUS and on foreign soil OCONUS.
Solution
To eliminate many of these core challenges, Claroty can assist the Services in applying OT-specific security following the Zero trust reference architecture (ZTRA). Using the Claroty purpose-built OT security portfolio, you can 1) gain visibility and vulnerability insight into all FRCS, 2) segment the network with least impact to the OT network, 3) secure remote access for staff and contractors, 4) maintain protection across FRCS by monitoring for any change to the devices, communication patterns, anomalous communications within each protocol, and misconfigurations, providing alerting and audit trails, and 5) extend existing IT security controls and governance to OT.
Facility-related and other building controls
Building automation systems
Life safety systems
Utility monitoring & control systems
Communications
Intrusion detection systems
Robotics
Definition
Facility-related control systems (FRCS) serve crucial roles in maintaining safe and effective operation of DoD facilities both in CONUS and OCONUS. Yet, these systems are often the overlooked aspects of the security of the mission, regardless of whether that mission is defense or supports defense, such as medical operations or utility monitoring.
Problem Statement
The interruption of any FRCS can often impede mission-critical operations. Disrupting the base or building power supply can obviously bring downstream impact to supply movement, fueling systems, and even airfield lighting. Today, FRCS systems have grown, increasingly connect to and are controlled via the internet, offer remote access, and commonly utilize insecure protocols and legacy systems. As a result, they create new attack vectors and their vulnerabilities are growing. Without adequate security controls, they tend to be uniquely vulnerable to cyber threats and can be used by adversaries as a stepping stone into the rest of the OT network, sitting dormant until ‘trigger’ time. Further compounding these issues are visibility limitations, as the Services struggle to know what assets they have – both in CONUS and on foreign soil OCONUS.
Solution
To eliminate many of these core challenges, Claroty can assist the Services in applying OT-specific security following the Zero trust reference architecture (ZTRA). Using the Claroty purpose-built OT security portfolio, you can 1) gain visibility and vulnerability insight into all FRCS, 2) segment the network with least impact to the OT network, 3) secure remote access for staff and contractors, 4) maintain protection across FRCS by monitoring for any change to the devices, communication patterns, anomalous communications within each protocol, and misconfigurations, providing alerting and audit trails, and 5) extend existing IT security controls and governance to OT.
Facility-related and other building controls
Building automation systems
Life safety systems
Utility monitoring & control systems
Communications
Intrusion detection systems
Robotics
Definition
Facility-related control systems (FRCS) serve crucial roles in maintaining safe and effective operation of DoD facilities both in CONUS and OCONUS. Yet, these systems are often the overlooked aspects of the security of the mission, regardless of whether that mission is defense or supports defense, such as medical operations or utility monitoring.
Problem Statement
The interruption of any FRCS can often impede mission-critical operations. Disrupting the base or building power supply can obviously bring downstream impact to supply movement, fueling systems, and even airfield lighting. Today, FRCS systems have grown, increasingly connect to and are controlled via the internet, offer remote access, and commonly utilize insecure protocols and legacy systems. As a result, they create new attack vectors and their vulnerabilities are growing. Without adequate security controls, they tend to be uniquely vulnerable to cyber threats and can be used by adversaries as a stepping stone into the rest of the OT network, sitting dormant until ‘trigger’ time. Further compounding these issues are visibility limitations, as the Services struggle to know what assets they have – both in CONUS and on foreign soil OCONUS.
Solution
To eliminate many of these core challenges, Claroty can assist the Services in applying OT-specific security following the Zero trust reference architecture (ZTRA). Using the Claroty purpose-built OT security portfolio, you can 1) gain visibility and vulnerability insight into all FRCS, 2) segment the network with least impact to the OT network, 3) secure remote access for staff and contractors, 4) maintain protection across FRCS by monitoring for any change to the devices, communication patterns, anomalous communications within each protocol, and misconfigurations, providing alerting and audit trails, and 5) extend existing IT security controls and governance to OT.
Facility-related and other building controls
Building automation systems
Life safety systems
Utility monitoring & control systems
Communications
Intrusion detection systems
Robotics
Definition
Today’s military medical clinics and hospitals provide numerous services, the devices for which are all “connected” in ways like never before. When the DHA operates a facility, regardless of whether they are on a domestic base or OCONUS, they are reliant on MRIs, IV’s, Xray machines, and other medical devices collectively referred to as the Internet of Medical Things (IoMT) as well as other IoT devices required in the healthcare environment.
Problem Statement
Amid digital transformation, increasingly interconnected technology environments, and an evolving threat landscape, the cyber risks facing these healthcare systems are growing exponentially. And for clinics and hospitals that DoD operates OCONUS, they are typically run on infrastructure they don’t control. With DoD medical facilities more highly targeted by adversaries, the cyber risks may be even greater.
Solution
Claroty’s OT security portfolio helps the military medical community to 1) gain full visibility into all connected devices in your clinical environment, 2) integrate your existing IT tech stack and workflows with those of your IoMT, and 3) extend your existing IT security controls and governance into your clinical environment.
Claroty’s OT security platform has earned 30+ awards and accolades in healthcare cybersecurity, protecting 20M+ medical devices and IoT devices in healthcare environments. We deliver cyber resilience with device discovery, vulnerability and risk management, network protection and threat detection
Medical devices - IOMT
MRI
IV
X-Ray
Definition
When it comes to the DoD Mission Stack, DoD Mission Critical systems or Defense Critical Assets within DoD’s Missions and their weapons and platforms, are the highest priority. Fighter jets as platforms entail many components and subsystems – across navigation, propulsion, fuel and weapons systems – that are all critical to securely enable the mission. They also include supporting operations like airfield operations and fuel storage.
Problem Statement
Each component of the fighter jet as platform must be considered in securely enabling a successful mission(s). And each component has interdependencies, from the security of the fueling operations for successful arrival of fuel, to the security of the communications that inform real-time changes to missions.
Solution
Claroty sees the full picture of Operational Technology (OT) that securely enables the DoD Missions, and adherence to zero-trust controls and the Risk Management Framework (RMF). Our solutions enable DoD, per the NDAA, to ‘identify threats to, vulnerabilities in, and remediations for, the OT aspects of its missions and mission elements’. We can help you to automate asset inventories for operational systems, autonomously detect threats and vulnerabilities in these systems, provide full featured cyber risk management, recommend mitigations and automate micro-segmentation. These capabilities implemented on OT networks enforce zero-trust principles and improve the cyber resiliency and survivability of systems on these OT networks.
Mission Critical Systems
Fighter jets
Navigation
Propulsion
Fuel
Weapons
Airfield lighting
Fuel storage
Definition
When it comes to the DoD Mission Stack, DoD Mission Critical systems or Defense Critical Assets within DoD’s Missions and their weapons and platforms, are the highest priority. Surveillance aircraft as platforms come with many components and subsystems – across navigation, propulsion, fuel and surveillance systems – that are all critical to securely enable the mission.
Problem Statement
Each component of the Surveillance aircraft platform must be considered in securely enabling a successful mission(s). And each component has interdependencies, from the security of the fueling operations for successful arrival of fuel, to the security of the communications that inform real-time changes to missions.
Solution
Claroty sees the full picture of Operational Technology (OT) that securely enables the DoD Missions, and adherence to zero-trust controls and the Risk Management Framework (RMF). Our solutions enable DoD, per the NDAA, to ‘identify threats to, vulnerabilities in, and remediations for, the OT aspects of its missions and mission elements’. We can help you to automate asset inventories for operational systems, autonomously detect threats and vulnerabilities in these systems, provide full featured cyber risk management, recommend mitigations and automate micro-segmentation. These capabilities implemented on OT networks enforce zero-trust principles and improve the cyber resiliency and survivability of systems on these OT networks.
Mission Critical Systems
Surveillance aircraft
Navigation
Propulsion
Fuel
Surveillance
Definition
Entry Control Facilities (ECF) and Access Control Points (ACP) at DoD facilities CONUS and OCONUS are the first line of defense in physical DoD infrastructure. Covered by the security requirements of the Unified Facilities Criteria (UFC) documents, Bases, facilities and functions vary in their ECF/ACP capabilities, from cameras to automated entry systems. They also rely upon the base electrical power, data and communication infrastructure often not under the DoD’s direct control.
Problem Statement
ECF/ACP capabilities themselves are increasingly interconnected technology environments. Cyber adversaries can use the digital domain to attack physical infrastructure as part of a chain of events to diminish or disrupt mission systems and operations. With an evolving threat landscape and greater connectedness, the cyber risks facing these systems are growing exponentially and should be considered as part of a base’s cyber plan and that of Installations of the Future.
Solution
Claroty sees the full picture of Operational Technology (OT) that securely enables the DoD Mission stack. Our solutions enable DoD, per the NDAA, to ‘identify threats to, vulnerabilities in, and remediations for, the OT aspects of its missions and mission elements’. Claroty’s OT security solutions consider every device – including these easy-to-overlook physical security devices - of a cohesive cyber security plan for a base, facility or mission function. We deliver cyber resilience with:
•Device discovery
•Vulnerability & Risk Management
•Network Protection, and
•Threat Detection
across these functions, enabling adherence to UFC 4-022-01 and other Unified Facilities Criteria and mandates to secure DoD missions globally.
Entry control facility (ECF) / Access control point (ACP)
Automated identification equipment/entry (AIE) systems
Uniform traffic control devices
Active vehicle barriers (AVBS)
Turnstiles or other pedestrian controls
Cameras
Electrical power, data, and communication infrastructure
Definition
When it comes to the DoD Mission Stack, DoD Mission Critical systems or Defense Critical Assets within DoD’s Missions and their weapons and platforms, are the highest priority. Space assets as platforms come with many components and subsystems – whether communications or defense platforms such as the US Space Force (USSF) space launch infrastructure – that are all critical to securely enable the mission.
Problem Statement
Each component of a Space asset as a platform must be considered in securely enabling a successful mission(s). And each component has interdependencies, increasing the complexity in securing the whole of the platform. Increased connectivity adds to the complexity to create increased cyber-risk due to an expanding cyber-attack-surface. Therefore, these systems must be secure-by-design and have cybersecurity/zero-trust controls in place to protect these OT systems.
Solution
Claroty sees the full picture of Operational Technology (OT) that securely enables the DoD Missions, and adherence to zero-trust controls and the Risk Management Framework (RMF). Our solutions enable DoD, per the NDAA, to ‘identify threats to, vulnerabilities in, and remediations for, the OT aspects of its missions and mission elements’. We can help you to automate asset inventories for operational systems, autonomously detect threats and vulnerabilities in these systems, provide full featured cyber risk management, recommend mitigations and automate micro-segmentation. These capabilities implemented on OT networks enforce zero-trust principles and improve the cyber resiliency and survivability of systems on these OT networks.
Space assets
Definition
When it comes to the DoD Mission Stack, DoD Mission Critical systems or Defense Critical Assets within DoD’s Missions and their weapons and platforms, are the highest priority. Space assets as platforms come with many components and subsystems – whether communications or defense platforms such as the US Space Force (USSF) space launch infrastructure – that are all critical to securely enable the mission.
Problem Statement
Each component of a Space asset as a platform must be considered in securely enabling a successful mission(s). And each component has interdependencies, increasing the complexity in securing the whole of the platform. Increased connectivity adds to the complexity to create increased cyber-risk due to an expanding cyber-attack-surface. Therefore, these systems must be secure-by-design and have cybersecurity/zero-trust controls in place to protect these OT systems.
Solution
Claroty sees the full picture of Operational Technology (OT) that securely enables the DoD Missions, and adherence to zero-trust controls and the Risk Management Framework (RMF). Our solutions enable DoD, per the NDAA, to ‘identify threats to, vulnerabilities in, and remediations for, the OT aspects of its missions and mission elements’. We can help you to automate asset inventories for operational systems, autonomously detect threats and vulnerabilities in these systems, provide full featured cyber risk management, recommend mitigations and automate micro-segmentation. These capabilities implemented on OT networks enforce zero-trust principles and improve the cyber resiliency and survivability of systems on these OT networks.
Space assets
Key Security Risks and Vulnerabilities in FRCS
With the convergence of IT and OT, FRCS is increasingly connected to and controlled by the internet, opening them up to risks and exposures. Since FRCS commonly utilize insecure protocols and legacy systems, and are often accessed remotely, their security can be impacted by new attack vectors and vulnerabilities. See the three main security risks FRCS must be protected from.
IT and OT convergence, coupled with increased remote access have expanded the attack surface of Federal networks, including access to FRCS. Gaining network access via insecure remote connections can allow adversaries to access FRCS and potentially gain footprint onto Federal networks, moving laterally from FRCS if not segmented, secured, and otherwise addressed. Federal agencies and the U.S. Service Branches have begun adopting Zero Trust principles, including the DoD’s Zero Trust Reference Architecture, to improve their security accordingly.
Attacks against ICS vendors used by U.S. federal agencies is another concern to FRCS security. The cyberattack against Johnson Controls International, an ICS and FRCS manufacturer with several U.S. federal and DIB contracts, is but one example of risk within the US Federal supply chain. Such attacks, like this ransomware attack against the company’s IT infrastructure and applications, can pose a downstream risk to Federal customers exposing sensitive insights such as federal floor plans.
In addition, foreign adversaries have targeted U.S. industrial control systems (ICS) in food and agriculture, healthcare, and water and waste management sectors, making FRCS vulnerable to similar threats on control systems. However, the greatest concern for Federal FRCS is that of such targeted attacks - either with Living off the Land (LOTL) techniques as those perpetrated by Volt Typhoon or by insecure remote access set up for contractors, vendors or employees accessing operations remotely. OT malware attacks are also on the rise, requiring proactive strategies to guard against them.
FRCS Network Vulnerabilities
Any exposure in the network can broaden the attack surface to allow adversaries access to connected OT devices, including FRCS. Accurate asset inventories of FRCS - down to the line card and firmware version - and comprehensive network mapping to understand not just the network topology but the legitimate communications between assets, are foundational to FRCS security. With these as the foundation, detecting abnormal FRCS activity, swiftly, can be key to protecting FRCS. FRCS also typically include legacy systems with equipment sometimes older than 20 years, making them difficult to secure and sensitive to modern scanning methods that can disrupt the systems. Employing OT-specific capabilities - with deep OT protocol and OT communication proficiency - enable accuracy in identifying FRCS vulnerabilities and other exposures, in detecting anomalous FRCS communications and in reducing false positives to ensure against disruption to FRCS and broader network.
Securing FRCS
With the rise of cyberattacks on OT and CPS, federal agencies must prioritize securing FRCS. Lasting consequences of attacks on FRCS and high profile examples of cyber incidents necessitate a comprehensive strategy to protect these critical control systems.
How to Mitigate Threats
Much attention is being paid to the importance of protecting and securing FRCS in federal agencies. But it takes time with the expanse of FRCS real estate owned and operated by the Federal Government. In 2019, Naval Facilities Engineering Command (NAVFAC) directed installations to be standardized for FRCS, citing recent attempted and successful cyber attacks against critical infrastructure. The UFC has included FRCS for DoD facilities and was updated in 2023, and subsequent Defense authorization acts raise attention to the subject again.
Several assumptions often impede the progress of FRCS security:
Often, agencies assume they need to rip out and replace their entire switching infrastructure to even get started in asset visibility, so they put off the enormous task.
Previous attempts to catalog exposure to their assets have resulted in false positives, causing more work and slowing progress.
Lacking OT expertise onsite, agencies don’t know where or how to start and presume they must hire experts for each site or have no way to navigate the challenge.
How Claroty Protects Facility Related Control Systems in U.S. Federal Facilities
Despite the many challenges tied to FRCS security, employing a comprehensive, purpose-built OT (and broader CPS) protection platform that can help agencies overcome these hurdles may be an easier task than thought possible. Claroty Edge is a fast and simple solution to deliver an inventory of all OT, IoT and IT managed and unmanaged assets across an entire environment.
Discover with speed and ease: To get started, did you know that a small software agent can help you discover assets in minutes? Claroty Edge is a highly flexible data collector that delivers complete visibility into networks quickly without requiring network changes, sensors, or physical footprint at lower network levels.
Improve accuracy and reduce false positives: Backed by deep industry insight and OT expertise, identifying asset details at the lowest level possible makes exposure insights precise. Building the foundation on accurate information, vulnerability, EoL, and other insights proves to be valid, saving time and energy teams can use to focus on compensating controls.
Limited resources can be deployed and leveraged to overcome the OT security skills gap: Easily deploy the Edge agent and/or deploy assessment teams with carry-on flyaway kits to conduct FRCS discovery and assessments. Improve time-to-secure FRCS, multiply the benefit of existing expertise without waiting for training or added personnel, recommend and oversee remediations for faster security.
The Claroty Platform helps Federal agencies overcome obstacles in securing their FRCS, regardless of the magnitude of devices to protect - overall improving the security of their facilities and their missions. Implemented on OT networks and harnessing zero-trust principles, while enabling compliance with BODs, EOs, the RMF, the NDAA, and other Federal mandates,The Claroty Platform utilizes multiple discovery methods to automate asset inventories, detect exposures, and provide recommendations for network protection and micro-segmentation. When ready, The Platform supports continuous monitoring and threat detection efforts that build upon the FRCS security established.
To learn more about how to secure Federal FRCS with Claroty, reach out to speak to one of our experts today.
