More Details

250311-O-RN894-6501

The More Situational Awareness for Industrial Control Systems (MOSAICS), developed years ago by scientists and systems engineers at Naval Information Warfare Center (NIWC) Atlantic, is a technological innovation in cybersecurity aimed at defending against cyber actors who seek to compromise networks and remotely access critical industrial control systems.

SHARE IMAGE:

Download Image

Image Details

Photo By: Wendy Jamieson

VIRIN: 250311-O-RN894-6501

CHARLESTON, S.C. — An innovation in cybersecurity and systems engineering spearheaded by Naval Information Warfare Center (NIWC) Atlantic to cyber-defend critical industrial control systems (ICS) — the central nervous system of plants that generate power, treat water, etc. — could soon be adopted into Department of Defense (DoD) building code.

The implementation of More Situational Awareness for Industrial Control Systems (MOSAICS) into the DoD’s Unified Facilities Criteria (UFC) 1-200-01, DoD Building Code (General Building Requirements), would provide DoD detailed systems-engineering requirements that safeguard ICS by guiding engineers in the design and development of cyber technologies.

“It is exciting to see something that began here years ago as an idea for a science and research project poised to impact ICS standards not only in our Navy but also within DoD and possibly beyond,” said Kevin Charlow, NIWC Atlantic’s acting executive director. “Using a scientific and technological approach, our systems engineering professionals launched this MOSAICS framework that is now shaping and prompting wholesale change.”

According to Richard Scalco, a senior cybersecurity engineer at NIWC Atlantic and the government’s lead for MOSAICS technical management, it would be a major achievement for the MOSAICS cyber-focused framework to find its way into building code specifications typically known only for mechanical and electrical requirements.

“These specifications would be part of a comprehensive set of standards and regulations for the design, con
struction and maintenance of all military facilities, which could help DoD ensure safety, security, durability and functionality for critical ICS,” he said.

The specifications are often outlined in a series of documents, codes and guidelines, including the UFC, which is a central part of the DoD’s design and construction of structures, mechanical systems, electrical systems, security systems and energy efficiency.

Relatedly, the Unified Facilities Guide Specifications provides technical specifications for contractors and engineers working on Defense Department projects and could be used in conjunction with the UFC.

“NIWC Atlantic’s groundbreaking work on MOSAICS is on the cusp of delivering enhanced cybersecurity for critical infrastructure across DoD,” Scalco said.

Why MOSAICS?

MOSIACS addresses a significant and fast-growing problem in the modern age: Overcoming cyber vulnerabilities in the critical infrastructure sector. Critical infrastructure, once composed of standalone systems, now comprise fully networked facilities that employ both hardware and software to control industrial equipment.

Facilities that use these operational technologies, or OT, are vulnerable to cyber actors who seek to compromise networks and remotely access controls to physical devices.

The MOSAICS framework helps protect OT against cyber threats using a suite of vendor-agnostic, non-proprietary, commercial-off-the-shelf hardware and software tools all integrated onto one automated system.

With cyber-monitoring and response protocols tied directly to physical devices in the field like actuators, relays and sensors, MOSAICS provides operational resilience to ICS owners and assets that require real-time visibility of adversarial threats, according to Dr. Aleksandra Scalco, former MOSAICS lead systems engineer at NIWC Atlantic.

“By enabling passive, safe and active ICS monitoring, the MOSAICS framework supports asset owners and operators in defending their systems against cyberattacks,” said Dr. Scalco, now a professor of systems engineering at Defense Acquisition University (DAU).

MOSAICS was included in the Navy’s Defense-in-Depth Functional Implementation Architectures last year as part of the Navy's Risk Management Framework, which includes the AFLOAT Inheritance Model and an inheritance model for shore-based systems. This follows the Office of the DoD Chief Information Officer signing out the MOSAICS integrated reference framework two years ago as an appendix to the DoD Cybersecurity Reference Architecture.

In DoD, MOSAICS is poised to not only defend against cyber threats to facilities that support the warfighter but also enhance the morale and safety of their families at home.

How MOSAICS Began

Dr. Scalco, who was the U.S. Navy’s cyber subject matter expert for Mission Critical Control Systems (MCCS) while at NIWC Atlantic, set the building blocks for MOSAICS in 2018, when she initiated a research and development (R&D) proposal under NIWC Atlantic’s Naval Innovative Science and Engineering (NISE) program.

As the NISE project quickly garnered widespread DoD support, Richard Scalco helped grow MOSAICS into a formal Joint Capability Technology Demonstration (JCTD) by leveraging his experience and technical leadership garnered from years as a senior executive officer at the National Security Agency (NSA) and through partnerships with the U.S. Army, U.S. Air Force and other Navy commands.

John Kosky, a NIWC Atlantic systems engineer working in cyber warfare capabilities, served as a Microsoft subject matter expert for MOSAICS from the beginning, while also assisting with software integration and the deployment of MOSAICS software into a modeling and simulation tool.

“My position evolved from there,” said Kosky, who later served as overall technical expert and configuration manager, providing input and feedback across the various sub-teams.

Richard Scalco also brought MOSAICS into partnerships with Johns Hopkins University Applied Physics Laboratory as well as several Department of Energy labs nationwide, including Sandia National Laboratories, Idaho National Laboratory and Pacific Northwest National Laboratory.

Following the successful completion of various capabilities assessments, including the successful JCTD Military Utility Assessment at an operational site of Naval Facilities Engineering Systems Command (NAVFAC), MOSAICS today is a collaboration among federal agencies and research institutions all working together to cyber-defend the nation’s critical infrastructures.

“It’s been a unified effort,” Dr. Scalco said. “MOSAICS continues to gain momentum, and we see potential applications across our national infrastructures, from the power grid and gas pipelines to water treatment plants.”

MOSAICS operational capabilities meet the U.S. Navy’s Cyberspace Vision released in 2022, the same year MOSAICS received an R&D 100 Award, a prestigious distinction known within the R&D community as the “Oscars of Innovation.”

Dr. Scalco said the award was a great honor for the team and helped demonstrate the value of the MOSAICS capability in an interconnected world.

“When we look at critical infrastructure, protection requirements reach beyond our fence lines,” she said. “A secure grid means national economic security and public safety. What’s so exciting to me is seeing the possibilities for MOSAICS cyber-defense standards expanding across our public and private sectors.”

About NIWC Atlantic
As a part of Naval Information Warfare Systems Command, NIWC Atlantic provides systems engineering and acquisition to deliver information warfare capabilities to the naval, joint and national warfighter through the acquisition, development, integration, production, test, deployment, and sustainment of interoperable command, control, communications, computer, intelligence, surveillance, and reconnaissance, cyber and information technology capabilities.