Distributed automated response control networks and related systems and methods

1 . A distributed automated response controller network, comprising: a plurality of information technology devices; and a plurality of operational technology devices, the plurality of information technology devices and the plurality of operational technology devices comprising a plurality of communication endpoints organized to operate in a distributed hierarchy including: a bottom tier of the distributed hierarchy including a first portion of the plurality of communication endpoints, the first portion of the plurality of communication endpoints configured to perform device controls for the plurality of operational technology devices responsive to a detected threat; and one or more higher tiers of the distributed hierarchy including one or more other portions of the plurality of communication endpoints, the one or more other portions of the plurality of communication endpoints configured to perform network controls responsive to the detected threat. 2 . The distributed automated response controller network of claim 1 , wherein the first portion of the plurality of communication endpoints is configured to continue to perform the device controls for the plurality of operational technology devices responsive to last instructions received from the one or more other portions of the plurality of communication endpoints of the one or more higher tiers even if operation of the one or more other portions of the communication endpoints is interrupted. 3 . The distributed automated response controller network of claim 1 , wherein the first portion of the plurality of communication endpoints of the bottom tier of the distributed hierarchy is configured to perform local remedial action responsive to a determination that a communication endpoint of the plurality of communication endpoints is compromised. 4 . The distributed automated response controller network of claim 3 , wherein the remedial action includes one or more of isolating compromised equipment and replacing operation of the compromised equipment with operation of redundant equipment. 5 . The distributed automated response controller network of claim 1 , wherein the one or more higher tiers include a centralized orchestration tier configured to orchestrate action of the distributed automated response controller network. 6 . The distributed automated response controller network of claim 5 , wherein the one or more higher tiers include an intermediate defense tier configured to perform network behavior analysis and response. 7 . The distributed automated response controller network of claim 5 , wherein the plurality of communication endpoints is configured to establish a new centralized orchestration tier responsive to loss of operation of the centralized orchestration tier. 8 . The distributed automated response controller network of claim 1 , wherein the plurality of communication endpoints is configured to detect anomalous behavior responsive to observed network traffic that deviates from expected network traffic. 9 . The distributed automated response controller network of claim 1 , wherein the device controls include isolation of access controls, services, and device indicators of attack. 10 . The distributed automated response controller network of claim 1 , wherein the network controls include application of perimeter protection and traffic controls. 11 . The distributed automated response controller network of claim 1 , wherein the bottom tier of the distributed hierarchy includes a distributed defense tier configured to sense network intrusions and respond to the network intrusions. 12 . The distributed automated response controller network of claim 1 , wherein each of the bottom tier and the one or more higher tiers implements a cyber-physical feedback loop considering both cyber data and physical data. 13 . The distributed automated response controller network of claim 12 , wherein the cyber-physical feedback loop is configured to make adjustments to operator setpoints, control action, and sensed data responsive to attacks on settings, controls, and the sensed data, respectively. 14 . A method of operating an automated response controller network, the method comprising: performing, with a first portion of a plurality of communication endpoints including a plurality of information technology devices and a plurality of operational technology devices, device control for the plurality of operational technology devices responsive to a detected threat, the first portion of the plurality of communication endpoints operating as a bottom tier of a distributed hierarchy of the plurality of communication endpoints; and performing, with one or more other portions of the plurality of communication endpoints, network control of the automated response controller network responsive to the detected threat, the one or more other portions of the plurality of communication endpoints operating as one or more higher tiers of the distributed hierarchy. 15 . The method of claim 14 , wherein performing the device control comprises performing local remedial action responsive to a determination that a communication endpoint of the plurality of communication endpoints is compromised. 16 . The method of claim 14 , further comprising detecting a threat responsive to observed network traffic that deviates from expected network traffic. 17 . The method of claim 14 , wherein performing the network control comprises applying perimeter protection and traffic controls. 18 . The method of claim 17 , wherein applying the perimeter protection comprises applying a firewall. 19 . A power control system, comprising: a plurality of operational technology devices including power generation devices, substation devices, and loads; and a plurality of information technology devices, the plurality of information technology devices and the plurality of operational technology devices comprising a plurality of communication endpoints organized to operate in a distributed hierarchy including: a distributed defense tier of the distributed hierarchy, the distributed defense tier including a first portion of the plurality of communication endpoints, the first portion of the plurality of communication endpoints configured to perform device controls for the plurality of operational technology devices responsive to a detected threat; an intermediate defense tier of the distributed hierarchy, the intermediate defense tier including a second portion of the plurality of communication endpoints; and a centralized orchestration tier of the distributed hierarchy, the centralized orchestration tier including a third portion of the plurality of communication endpoints, the intermediate defense tier and the centralized orchestration tier configured to perform network controls responsive to the detected threat. 20 . The power control system of claim 19 , wherein each of the plurality of communication endpoints is configured to continue operation even if operation of one or more other communication endpoints is lost.