Strengthening and protecting our nation’s critical cyber infrastructure is a monumental task, one that the Science and Technology Directorate (S&T) takes seriously. Together with the Cybersecurity and Infrastructure Security Agency (CISA), S&T is developing and testing new technologies and tools that will help combat daily threats, both physical and online.
“All critical infrastructure sectors—including the energy, manufacturing, and transportation sectors—rely heavily on sophisticated technologies like industrial control systems, cellular networks, and artificial intelligence,” said S&T program manager Alex Karr. “These are all accessed, monitored, and controlled via the internet, which, in turn, makes them susceptible to hacking, malware attacks, and other malicious activities.”
Our critical infrastructure and associated online networks and technologies play a vital role in ensuring that the most essential services of our government and private sectors can do their job. Because of this, any potential weaknesses that can be exploited, disrupted, or damaged represent a significant threat to the safety of our citizens and our country. “This is why it’s crucial that we do everything we can to boost our online security and make sure we’re ready to respond to any attempts to compromise these crucial services and related systems,” Karr said.
S&T is working with a multi-agency team to do just that, collaborating with CISA, the Idaho National Laboratory (INL), Pacific Northwest National Laboratory (PNNL), and other government and private stakeholders to design and implement two state-of-the-art training tools, both a part of CISA’s Control Environment Laboratory Resource (CELR) test environment. These CELR test environments, one designed by INL and the other by PNNL, will eventually be integrated into CISA’s existing suite of internet security tools.
“CELR test environments are miniaturized test environments that emulate crucial facilities and their associated technologies and physical components,” explained Tim Huddleston, INL program manager for Infrastructure Assurance and Analysis. “They are designed to provide first responders and security professionals with a safe setting to simulate cyberattacks, conduct research on and analysis of these attacks, and practice the implementation of countermeasures that will enable them to detect, mitigate, or prevent such incidents in the real world.”
“S&T, CISA, INL and PNNL currently operate six CELR test environments: a chemical processing plant; an electric distribution substation; an electric transmission substation; a natural gas compressor station; a building automation system; and a water treatment facility,” explained Karr. “And recently, we’ve identified the need to develop additional training and testing tools for our transportation sector, which is why we are working with INL, PNNL and subject matter experts in this field to build and implement two new cutting-edge automotive and rail test environments.”
Thanks to a new partnership with the auto industry, S&T, CISA, and INL have procured a state-of-the-art electric, semi-autonomous car and are converting it into an automotive testbed that will host cybersecurity incident response training, research, and analysis on this increasingly utilized class of energy-efficient, “smart” vehicles.
“This test environment will provide CISA staff, automotive manufacturers, and transportation security experts with a tool to help them gain a better understanding of electric semi-autonomous vehicles, their communications systems, control units and other electrical and physical components, and the ways that these systems and components can potentially impact other drivers and vehicles that share our roads,” explained CISA’s branch chief of Industrial Control Systems Section, Alex Reniers. “It will also help them discover whether or not these vehicle technologies—such as over the air maintenance, safety sensors, Bluetooth capabilities, key fobs, payment systems, and charging station ports—can be accessed and hacked for malicious purposes.”
Any potential IT vulnerabilities that are discovered during the development and implementation of the automotive test environment will promptly be shared with the auto industry in order to help them develop appropriate security measures that can be deployed in future models of their energy-efficient, “smart” vehicles.
“Semi-autonomous electric vehicles and their associated technology and infrastructure requirements represent a significant and ongoing evolution in the world of automotive transportation,” said Reniers. “And we want to ensure the safe development and rollout of these vehicles as they become more popular and widely available to consumers everywhere.”
In addition to the automotive test environment, S&T, CISA, and PNNL are also working with rail transportation subject matter experts to develop a similar CELR test environment that will provide CISA, other internet security professionals, and rail operators and manufacturers with a tool that enables them to better understand, manage, and reduce the possibility and effects of successful hacking and cyber-physical attacks aimed at our trains and associated infrastructure.
“Our test environment will model freight line operations; emulate traffic control, train control, and train communications systems; and serve as an educational platform for rail industry IT staff, manufacturers, and operators to prepare for real-world cyberattacks,” explained PNNL cyber security research scientist Thomas Edgar. “Communications disruptions and hacking of the computer systems used to ensure the safety of our rail systems are two of the most common threats that rail operators face on a regular basis—and our test environment will ensure that they are ready to mitigate or prevent these threats before they negatively impact these crucial systems and associated technologies.”
While both the automotive and rail CELR test environments are still in the early stages of implementation and development, Karr is optimistic about the positive benefits that they will offer to professionals in the critical transportation infrastructure cybersecurity field.
“Strengthening, maintaining, and securing our critical infrastructure and associated networks and assets requires proactive and coordinated efforts from everyone in the field, ranging from federal agencies like S&T, all the way down to state and local government, and owners and operators of these crucial systems and associated technologies,” he said. “This is exactly why we collaborate with so many industry leaders to design and implement these test environments. All professionals in this field can experience tangible benefits from using CELR—whether it’s for research and development or training purposes. Once they’re fully developed and implemented, I’m sure that the automotive and rail test environments will serve as valuable tools that—along with our other test environments—will continue to help our subject matter experts and first responders improve their readiness and preparedness, and ensure that they can meet any challenges they might face in the future.”
With more CELR environments being explored by CISA, INL, and PNNL, S&T looks forward to supporting these efforts that will expand the diversity and coverage of the training tools they provide to critical infrastructure cybersecurity professionals.