Federal-Need Application · Critical Infrastructure

AUTHREX-ICS-GATE

Operational-technology authority governance for critical infrastructure.

When an AI system proposes an action on a live power grid or water-treatment plant, the question is not "is the AI smart?" It is "is this action authorized to reach a physical controller right now?" AUTHREX-ICS-GATE sits at the IT/OT boundary and answers that question: it authorizes the deterministic safety logic, with evidence and a pre-armed rollback, and it never makes the safety decision itself.

7
Pipeline Stages
4
Authority Tiers
IT/OT
Boundary Gate
SIL 3
Platform Class
The Concept

What AUTHREX-ICS-GATE actually does.

Operational technology, the controllers that run power grids, water plants, and pipelines, was built to be deterministic and safe. AI is now being pointed at these systems to optimize and patch them automatically. The danger is obvious: an AI that can write to a live controller at machine speed can also break it at machine speed, and OT failures are physical, a blackout, a contaminated water supply, a pipeline shutdown.

AUTHREX-ICS-GATE is the authority boundary between the AI (in the IT zone) and the controller (in the OT zone). Every action an AI proposes for OT must pass the gate first. The gate verifies the action's provenance (SATA), sets its authority tier by the criticality of the target (HMAA), enforces a human deliberation window for high-consequence writes (FLAME), and pre-arms a rollback before any change reaches the controller (CARA). The same proposed action gets a different outcome depending on what it touches: a write to an isolated test bench may execute autonomously; the same write to a live grid controller drops to a lower tier and requires human confirmation; an action based on a spoofed or untrusted reading is refused at the boundary.

The crucial distinction, and the cleanest claim in the whole framework: ICS-GATE authorizes the safety logic; it does not replace it. The deterministic safety system still makes the safety call. The gate only governs whether the AI's proposed action is permitted to reach that system at all.

The Benefit, and Who It Serves

Who needs this, and why.

Utility Operators

A water or power utility can adopt AI-driven optimization without handing an autonomous system unmediated write access to live controllers. The gate guarantees that high-consequence actions slow down for human confirmation and can always be rolled back.

Critical-Infra Owners

Owners get a boundary that is auditable and fail-closed: if the gate cannot verify an action is authorized, the action does not pass. A spoofed sensor reading is refused rather than acted upon, which is exactly the failure mode that causes physical incidents.

Regulators & CISA

Regulators get a concrete control that maps to existing OT-security expectations (NERC CIP, IEC 62443) and to the new CISA/NSA AI-in-OT principles, expressed as an enforceable gate rather than a policy document.

How It Benefits the U.S. Government

The national-importance case.

Critical infrastructure is a designated national-security priority, and the government has just published guidance for exactly this problem.

It implements named federal guidance

The CISA/NSA "Principles for Secure Integration of AI in Operational Technology" (3 Dec 2025) calls for safe operating bounds, drift monitoring, and validating outputs before redeployment. ICS-GATE is a concrete reference implementation of those principles as an enforced boundary.

It protects physical public safety

OT failures are not data breaches, they are blackouts and water-supply events that harm the public directly. A gate that refuses unauthorized actions before they reach a controller is a public-safety control, which is the strongest form of national importance.

It maps to existing standards

The gate cross-walks to NIST SP 800-82, ISA/IEC 62443, and NERC CIP, the standards utilities are already held to, so it extends existing compliance rather than replacing it.

It is sector-portable

Power, water, pipelines, and manufacturing share the same IT/OT boundary problem. One gate pattern serves every critical-infrastructure sector CISA is responsible for.

The DARPA Questions · Heilmeier Catechism

Answered, plainly.

1 · What are you trying to do?
Build an authority gate that decides whether an AI's proposed action is allowed to reach a live operational-technology controller, scaled by how critical the target is. No jargon: a smart safety valve between the AI and the power grid.
2 · How is it done today, and what are the limits?
Today, OT security relies on network segmentation and human operators. The limit is that AI is being granted automated write access faster than those controls were designed for, and there is no enforced, criticality-aware authority check on AI-proposed OT actions.
3 · What is new in your approach?
Setting authority by target criticality, the same proposed action gets a different authority tier depending on whether it touches a test bench or a live controller, and arming rollback before the action reaches OT. The gate authorizes the safety logic without ever making the safety decision.
4 · Who cares? If you succeed, what difference does it make?
Utilities, infrastructure owners, CISA, and the public care. If it works, AI can optimize critical infrastructure without an autonomous system being able to push an unverified action straight onto a live controller.
5 · What are the risks?
The main risks are mis-calibrated criticality tiers (treating a critical target as low-criticality) and latency (a gate that is too slow for real-time OT). The simulation shows the tiering logic so it can be inspected; latency budgets are a design parameter, not yet measured on hardware.
6 · How much will it cost?
The reference platform, BLADE-INFRA-OT, is a 1U fanless appliance built from commodity parts. The governance logic is software. The cost is integration and validation, not exotic hardware.
7 · How long will it take?
The architecture and simulation exist now (TRL 3-4). A documented testbed run against a real OT protocol stack is the next milestone; independent validation follows.
8 · What are the midterm and final exams?
Midterm: the gate correctly refuses a spoofed-reading action and permits a legitimate one in simulation. Final: the gate runs in-line on a real OT testbed, refusing an unauthorized write to a live-equivalent controller within the latency budget.
9 · What is explicitly out of scope?
ICS-GATE does not make safety decisions, does not replace the deterministic safety system, and does not certify any utility for compliance. It governs whether an AI action may reach the controller. Independent research, no agency adoption implied.
Try It · Interactive Simulation

Send an action at the OT boundary.

Pick what the AI is trying to do and what it is trying to touch. The gate sets authority by target criticality and checks the action. A test target may execute autonomously; a live controller requires human handoff; a spoofed or untrusted action is refused at the boundary. Illustrative simulation of the boundary logic, not operational validation.

◇ THE IT/OT AUTHORITY BOUNDARY · SIMULATOR
Pick an action · run it · see if it reaches the controller
AI-Proposed OT Action
1
SATA
Action provenance & reading trust verified
2
HMAA
Authority tier set by target criticality
3
FLAME
Human window for high-consequence writes
4
CARA
Rollback path pre-armed before OT write
Illustrative simulation of the IT/OT boundary logic. Synthetic scenarios; no real controller is touched. The gate authorizes the safety logic and never makes the safety decision itself.
Formal-Methods Foundation

The authority logic is model-checked, not just described.

Every AUTHREX application shares one verified core. The HMAA authority state machine is specified in TLA+ and exhaustively model-checked: 48,751 reachable states verified, with 8 of 9 safety properties holding (no skip-ahead, monotonic downgrade, no zombie tier, among them). The ninth, the MAIVA CriticalSafe invariant, is flagged as a known violation in the issue register rather than hidden, which is the honest state of the work. The model checker also caught a real S5 view-change regression during development, evidence the method finds defects rather than rubber-stamping them.

48,751
Reachable States
8 / 9
Safety Properties Hold
1
Known Violation, Logged
TLA+
Formal Spec
TLA+ spec & Rover testbed → Full verification detail on AUTHREX-AGENT →
Anchors & Honest Limitations

What this rests on, and what it is not.

Federal anchors: CISA/NSA "Principles for Secure Integration of AI in Operational Technology" (3 Dec 2025); NIST SP 800-82; ISA/IEC 62443; NERC CIP.

Hardware Anchor: BLADE-INFRA-OT → BLADE-INFRA → Homepage section →
  • This is a reference architecture at TRL 3-4. It is specified and simulated, not fielded or operationally validated on a live OT network.
  • Real-time latency budgets for in-line OT operation are a design parameter, not yet measured on hardware.
  • The criticality-to-tier mapping is one researcher's analytical judgment, released openly for independent review.
  • All scenarios in the simulator are synthetic. No real controller is touched. No agency adoption or endorsement is implied.