burakoktenli / blade-infra-ot-governance-node Public

BLADE-INFRA-OT Governance Node: an authority-governed, fail-closed IT/OT bridge for cross-boundary OT command adjudication in critical-infrastructure environments. A bump-in-the-wire governance appliance at the segmentation boundary between corporate IT networks and operational-technology control assets. Each cross-boundary message is parsed, scored, and adjudicated through the AUTHREX authority-governance pipeline to one of three actions: propagate, hold for deliberation, or isolate. Malformed input fails closed by default. Four OT authority regimes (NOMINAL, ELEVATED, LOCKDOWN, SAFE-HALT). Dual Xilinx Kria K26 governance and network planes, managed Ethernet switch with SFP+ ports, Microchip ATECC608 root of trust, TPM 2.0 measured boot, and a Form C fail-closed fault relay, in a 1U fanless reference form factor (48 BOM line items, 35 electrical, 42 mechanical). Every decision is written to a seed-deterministic, SHA-256 hash-chained, tamper-evident audit ledger. Ninth BLADE platform; the operational-technology companion to BLADE-INFRA. Hardware TRL 2-3; simulation TRL 3-4. Research reference design and seeded simulation study; not a certified or field-deployed product.

blade-infra-otit-ot-bridgeoperational-technologycritical-infrastructureics-securityfail-closedcommand-adjudicationauthrexauthority-governanceaudit-ledgersha-256tpm-2-0atecc608kria-k26nist-sp-800-82iec-62443nerc-cip
1U fanless reference 14 files CC BY 4.0 DOI: 10.5281/zenodo.20342067
main 14 files · v1.0 · May 2026
Zenodo Open Simulator Project Page
README.mdRepository overview, adjudication model, and reference hardwareMay 2026
blade-infra-ot-simulation.htmlInteractive deterministic OT-bridge governance simulator (Simulation Engine v5) · four authority regimes · fail-closed handling · SHA-256 audit ledgerMay 2026
blade-infra-ot-paper.pdfZenodo research paper, full methodology and resultsMay 2026
blade-infra-ot-ICD-001.pdfInterface control document ICD-INFRA-OT-001May 2026
blade-infra-ot-assembly-guide.pdfHardware assembly guideMay 2026
blade-infra-ot-VnV.mdSimulation verification and validation documentationMay 2026
blade-infra-ot-schematic.svgElectrical design system schematic (vector, node-graph view)May 2026
blade-infra-ot-schematic.pdfElectrical design system schematic (PDF)May 2026
blade-infra-ot-render.pngReference appliance rendering (1U fanless)May 2026
blade-infra-ot-PARTS.csvBill of materials, 48 line items (CSV)May 2026
blade-infra-ot-ELECTRICAL.jsonElectrical connection graph (35 connections)May 2026
blade-infra-ot-MECHANICAL.jsonMechanical connection graph (42 connections)May 2026
blade-infra-ot-CONFIG.jsonProject configuration and node metadataMay 2026
LICENSECC BY 4.0May 2026
README.md

BLADE-INFRA-OT Governance Node

Authority-Governed IT/OT Bridge for Cross-Boundary OT Command Adjudication

A research prototype and reference implementation of a fail-closed, bump-in-the-wire governance appliance positioned at the segmentation boundary between corporate information-technology (IT) networks and operational-technology (OT) control assets. Each cross-boundary message is parsed, scored, and adjudicated through the AUTHREX authority-governance pipeline before it is propagated, held for deliberation, or isolated. Ninth platform in the BLADE family; the operational-technology companion to BLADE-INFRA.

This is a research reference design and seeded simulation study (Hardware TRL 2-3; Simulation TRL 3-4). No hardware has been fabricated. No production deployment, live operational-technology corpus, penetration test, regulatory certification, or hardware-in-the-loop validation is claimed. All quantitative results are derived from the included seeded simulation environment.

Publication

DOI: 10.5281/zenodo.20342067
Author: Burak Oktenli · Georgetown University, M.P.S. Applied Intelligence
ORCID: 0009-0001-8573-1667
License: CC BY 4.0 · Version: v1.0 · May 2026 · Document ID: ICD-INFRA-OT-001

Adjudication

Each cross-boundary command is resolved to one of three actions:

  • Propagate - authorised under the current regime; forwarded to the OT side.
  • Hold - ambiguous or elevated; held for human deliberation and operator clearance.
  • Isolate - unauthorised, malformed, or failing a safety check; blocked and the source isolated.

Four OT authority regimes (NOMINAL, ELEVATED, LOCKDOWN, SAFE-HALT) change how strictly commands are adjudicated. Malformed input fails closed by default. Every decision is written to a seed-deterministic, SHA-256 hash-chained, tamper-evident audit ledger; the included simulator can verify the chain to detect tampering.

Reference Hardware (1U fanless)

  • 48 BOM line items, 35 electrical connections, 42 mechanical connections.
  • Governance plane and network plane: dual Xilinx Kria K26 industrial system-on-modules.
  • Network fabric: managed industrial Ethernet switch with SFP+ ports (IT side and OT side).
  • Root of trust: Microchip ATECC608 secure element; TPM 2.0 measured boot and authority-tier state.
  • Safe state: Form C fault relay for fail-closed isolation of the OT segment.
  • Power: primary DC/DC unit and secondary 24V input; system alarm and power indicator LEDs.

Commercial off-the-shelf components; selections are research reference placeholders.

Simulation Engine

  • Four OT authority regimes and three adjudication outcomes.
  • Fail-closed malformed-input handling; Byzantine and fault-injection scenarios.
  • Time-dependent clock drift and operator-clearance delay modeling.
  • Replay-grade traffic export, CSV metrics export, and external-dataset ingestion.
  • Seed-deterministic SHA-256 tamper-evident audit ledger with chain verification.

Standards Alignment

  • NIST SP 800-82 (Guide to Operational Technology Security).
  • ISA/IEC 62443 (zones, conduits, and security levels for industrial control systems).
  • NERC CIP (electronic security perimeter and access control concepts).
  • NIST AI Risk Management Framework 1.0 (govern, map, measure, manage).

Alignment is a design-intent mapping for this research reference design; no certification or audit against these standards is claimed.

Related Work

  • SATA: 10.5281/zenodo.18936251
  • HMAA: 10.5281/zenodo.18861653
  • CARA: 10.5281/zenodo.18917790
  • ADARA: 10.5281/zenodo.19043924
  • MAIVA: 10.5281/zenodo.19015517
  • FLAME: 10.5281/zenodo.19015618
  • BLADE-EDGE (defense): 10.5281/zenodo.19177472
  • BLADE-AV (automotive): 10.5281/zenodo.19232130
  • BLADE-MARITIME (maritime): 10.5281/zenodo.19246785
  • BLADE-INFRA (critical infrastructure): 10.5281/zenodo.19277887
  • BLADE-SPACE (orbital): 10.5281/zenodo.20183269
  • BLADE-CUAS (counter-UAS): 10.5281/zenodo.20299604
  • BLADE-AGENT-HSM (agentic AI): 10.5281/zenodo.20299821
  • BLADE-SWARM (swarm autonomy): 10.5281/zenodo.20351198
  • BLADE-FINANCE (financial sector): 10.5281/zenodo.20374692

Author

Burak Oktenli
Georgetown University, M.P.S. Applied Intelligence
ORCID: 0009-0001-8573-1667
Website: burakoktenli.com