Testing environments assist S&T, CISA to safeguard transportation infrastructure, expand training tools

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Science and Technology Directorate (S&T) are developing and testing new technologies and tools that will help combat daily threats, both physical and online. The agencies face a ‘monumental task’ of strengthening and protecting the nation’s critical cyber infrastructure.

“All critical infrastructure sectors—including the energy, manufacturing, and transportation sectors—rely heavily on sophisticated technologies like industrial control systems, cellular networks, and artificial intelligence,” Alex Karr, S&T program manager, said in a media statement. “These are all accessed, monitored, and controlled via the internet, which, in turn, makes them susceptible to hacking, malware attacks, and other malicious activities.”

“This is why it’s crucial that we do everything we can to boost our online security and make sure we’re ready to respond to any attempts to compromise these crucial services and related systems,” Karr added.

The latest announcement follows a May announcement that the Industrial Control Systems (ICS) Cyber Emergency Response Team of the CISA has expanded the scope of the Idaho National Laboratory’s Control Environment Laboratory Resource (CELR) research zone. The laboratory environment was to deliver an interactive test site for ICS and OT (operational technology) environments, allowing government and private industry partners to experience the possible effects of kinetic cyber-physical attacks.

The S&T is the research and development arm of the Department of Homeland Security (DHS) that conducts basic and applied research, development, testing, and evaluation activities in alignment with the DHS mission. The unit works on the science that strengthens the nation’s overall security and develops and transitions the technologies that allow those on the front lines to complete their missions.

Last November, S&T said that it is “engaged in world-class research projects through an interconnected network of partners across government, academia, research institutes, businesses, and other stakeholders to ensure all 16 critical infrastructure sectors, including energy, communications, and transportation systems, are secure and resilient.”

Apart from collaborating with the CISA, the S&T is working with a multi-agency team that includes the INL, Pacific Northwest National Laboratory (PNNL), and other government and private stakeholders to design and implement two training tools, both a part of CISA’s CELR testing environment, according to the Wednesday’s announcement. These CELR testing environments, one designed by INL and the other by PNNL, will eventually be integrated into CISA’s existing suite of internet security tools.

“CELR test environments are miniaturized test environments that emulate crucial facilities and their associated technologies and physical components,” Tim Huddleston, INL program manager for infrastructure assurance and analysis, said. “They are designed to provide first responders and security professionals with a safe setting to simulate cyberattacks, conduct research on and analysis of these attacks, and practice the implementation of countermeasures that will enable them to detect, mitigate, or prevent such incidents in the real world.”

“S&T, CISA, INL, and PNNL currently operate six CELR test environments: a chemical processing plant; an electric distribution substation; an electric transmission substation; a natural gas compressor station; a building automation system; and a water treatment facility,” Karr explained. “And recently, we’ve identified the need to develop additional training and testing tools for our transportation sector, which is why we are working with INL, PNNL, and subject matter experts in this field to build and implement two new cutting-edge automotive and rail test environments.”

S&T, CISA, and INL have procured a ‘state-of-the-art’ electric, semi-autonomous car and are converting it into an automotive testbed that will host cybersecurity incident response training, research, and analysis on this increasingly utilized class of energy-efficient, ‘smart’ vehicles.

“This test environment will provide CISA staff, automotive manufacturers, and transportation security experts with a tool to help them gain a better understanding of electric semi-autonomous vehicles, their communications systems, control units, and other electrical and physical components, and the ways that these systems and components can potentially impact other drivers and vehicles that share our roads,” Alex Reniers, CISA’s branch chief of Industrial Control Systems Section, explained. “It will also help them discover whether or not these vehicle technologies—such as over-the-air maintenance, safety sensors, Bluetooth capabilities, key fobs, payment systems, and charging station ports—can be accessed and hacked for malicious purposes.”

Any potential IT vulnerabilities that are discovered during the development and implementation of the automotive testing environment will promptly be shared with the auto industry to help them develop appropriate security measures that can be deployed in future models of their energy-efficient, ‘smart vehicles.

“Semi-autonomous electric vehicles and their associated technology and infrastructure requirements represent a significant and ongoing evolution in the world of automotive transportation,” Reniers said. “And we want to ensure the safe development and rollout of these vehicles as they become more popular and widely available to consumers everywhere.”

In addition to the automotive test environment, S&T, CISA, and PNNL are also working with rail transportation subject matter experts to develop a similar CELR test environment that will provide CISA, other internet security professionals, and rail operators and manufacturers with a tool that enables them to better understand, manage, and reduce the possibility and effects of hacking and cyber-physical attacks aimed at our trains and associated infrastructure.

“Our test environment will model freight line operations; emulate traffic control, train control, and train communications systems; and serve as an educational platform for rail industry IT staff, manufacturers, and operators to prepare for real-world cyberattacks,” Thomas Edgar, PNNL cyber security research scientist, explained. “Communications disruptions and hacking of the computer systems used to ensure the safety of our rail systems are two of the most common threats that rail operators face on a regular basis—and our test environment will ensure that they are ready to mitigate or prevent these threats before they negatively impact these crucial systems and associated technologies.”

While both the automotive and rail CELR test environments are still in the early stages of implementation and development, Karr is optimistic about the positive benefits that they will offer to professionals in the critical transportation infrastructure cybersecurity field.

“Strengthening, maintaining, and securing our critical infrastructure and associated networks and assets requires proactive and coordinated efforts from everyone in the field, ranging from federal agencies like S&T, all the way down to state and local government, and owners and operators of these crucial systems and associated technologies,” Karr added. “This is exactly why we collaborate with so many industry leaders to design and implement these test environments. All professionals in this field can experience tangible benefits from using CELR—whether it’s for research and development or training purposes.” 

Karr added that once they’re fully developed and implemented, “I’m sure that the automotive and rail test environments will serve as valuable tools that—along with our other test environments—will continue to help our subject matter experts and first responders improve their readiness and preparedness, and ensure that they can meet any challenges they might face in the future.”

With more CELR environments being explored by CISA, INL, and PNNL, S&T looks forward to supporting these efforts that will expand the diversity and coverage of the training tools they provide to critical infrastructure cybersecurity professionals.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.