Skip to content

Problem Genome Project

Patterns Perspectives Collection About

Loading

© 2026

Problem Genome Project—N+A Labs at Dartmouth

← ALL CLUSTERS

C08

You can bolt on monitoring, threat detection, and encryption — but the underlying system was designed in an era when 'cybersecurity' wasn't a word, and it can't be replaced without shutting everything down.

Built to Be Open. Now Under Attack

Critical Infrastructure OT/Cyber-Physical Security Gap

10 problems across 7 domains · v3: 3 → v4: 5 → v5: 7 → v6: 10

Shared Structural DNA

constrainttechnical

failure modeignored-context

breakthroughsensing

These 10 problems share a paradox: monitoring technology works, but it's bolted onto infrastructure designed before cybersecurity existed. At 500 briefs, three new members expanded the cluster: building automation systems using BACnet/Modbus protocols with no authentication, water treatment SCADA with no independent safety limits on chemical dosing, and maritime navigation systems accepting unverified AIS/GPS position data. Among the 8 operational core members (physically deployed systems), installed-base prevalence is 100%. You can't upgrade the underlying system, so security solutions fail when retrofitted to legacy hardware.

Member Problems

infrastructure-scada-legacy-ai-detection

Smart Defenses for Dumb Controllers

AI-Based Intrusion Detection Cannot Deploy on Legacy SCADA/PLC Systems

technical / infrastructure

digital-scada-adversarial-ai-robustness

Explain the Defense, Expose the Weakness

Explainable AI in SCADA Security Creates Exploitable Attack Surfaces

technical / data

infrastructure-water-ot-security-gap

The Water Plant Runs on Software from the Nineties

Water Utilities Run Decades-Old Control Systems That Cannot Be Secured Against Modern Cyber Threats

economic / infrastructure

Low-Resource Context Deployment Failures

transportation-pipeline-leak-detection

The Pipe Leaks, Nobody Shuts It Off

Natural Gas Pipeline Leak Detection and Automated Shutoff

technical / regulatory

Standards/Codes Void for Emerging TechnologiesSafety Investigation Regulatory Gap

transportation-rail-bearing-detection

The Bearing Fails Between Detectors

Rail Wayside Bearing Detection and Hazmat Tank Car Crashworthiness

technical / regulatory

Standards/Codes Void for Emerging TechnologiesSafety Investigation Regulatory Gap

health-device-cybersecurity-postmarket

The Ventilator Has a Password Problem

Millions of Networked Medical Devices in Hospitals Are Unpatchable and Exposed to Cyber Attack

economic / regulatory

Standards/Codes Void for Emerging Technologies

digital-software-supply-chain-composition-security

Millions of Parts, No Map of the Whole

No Science of Safe Composition Exists for Software Systems Built from Millions of Components

infrastructure-building-automation-ot-security-gap

The Building Runs on Protocols with No Passwords

Commercial Building Automation Systems Use Protocols With No Authentication or Encryption

technical / infrastructure

water-treatment-scada-chemical-dosing-vulnerability

The Chlorine Pump Accepts Any Command

Water Treatment SCADA Systems Controlling Chemical Dosing Have No Cyber-Physical Safety Limits

technical / infrastructure

ocean-maritime-navigation-system-cyber-vulnerability

Ships Trust Position Data from Strangers

Ship Navigation Systems Accept Unverified Position Data That Can Be Spoofed From Shore

technical / regulatory

Domain Spread

digital(8)energy(1)health(1)infrastructure(8)ocean(1)transport(3)water(2)