Attacks and Vulnerabilities
CISA
Control device security
Critical infrastructure
News
Risk & Compliance
Supply Chain Security
Technology & Solutions
Threat Landscape
Vulnerabilities

Idaho National Laboratory’s CELR research zone delivers interactive test site for ICS, OT environments

May 17, 2022
Idaho National Laboratory’s CELR research zone delivers interactive test site for ICS, OT environments

The Industrial Control Systems (ICS) Cyber Emergency Response Team of the Cybersecurity and Infrastructure Security Agency (CISA) has expanded the scope of the Idaho National Laboratory’s Control Environment Laboratory Resource (CELR) research zone. The laboratory environment will now deliver an interactive test site for ICS and OT (operational technology) environments, allowing government and private industry partners to experience the possible effects of kinetic cyber-physical attacks.

The CELR test range environment uses multiple platforms capable of hosting simulated risk scenarios against real critical infrastructure (CI) processes and allows users to perform security research on ICS and supervisory control and data acquisition (SCADA) systems. It is also highly adaptable, simulates numerous corporate network configurations, and provides control system hardware and kinetic outputs of various CI sectors. With the ability to host multiple concurrent simulations, analysts across the U.S. can interact with the environment, while being both on and offsite through extended range connections.

The CELR research zone permits its users to simulate speculative risk scenarios that would otherwise introduce unacceptable risks to production environments. The laboratory environment provides opportunities for enhancing the way government and industry partners defend ICS networks

Potential users include but are not limited to federal civilian agencies, such as the Department of Energy (DOE), the Department of Justice (DOJ), and the Department of the Interior (DOI); U.S. asset owner-operators; vendors/integrators; Department of Defense (DOD) Cyber Protection Teams (CPTs) and the National Security Agency (NSA). It also includes academic researchers, third-party cyber firms and researchers, and international partners. CISA designed CELR with CI partners in mind to serve as many industry groups as possible. The range is a common environment where a variety of partners can research, learn, and share TTPs (tactics, techniques, and procedures).

CELR combines functional ICS/SCADA systems with hacker TTPs, hosts simulations for both red and blue teams to experience specific hacker TTPs, and shows disruptive and destructive consequences of cyber attacks against ICS and how to defend against them. It also supports concurrent simulations supporting diverse user groups, custom corporate environments ranging from small businesses to international conglomerates 16 sector-specific scenarios for ICS skids, and delivers remote access to simulations.

The core capabilities of the range enable the studying of red team capabilities, techniques, artifacts, and impacts within specific network configurations. It also enables blue teams to hone defensive skills and develop new processes for detecting malicious cyber activity and validate and understand the impact of vulnerabilities within ICS hardware and configurations. The CELR test range is also capable of concurrently supporting multiple exercises and can demonstrate potential kinetic effects between sectors. CELR aligns with CISA’s priorities and risk determination set by the CISA National Risk Management Center (NRMC). 

CELR notably differs from traditional OT ranges in its focus on ICS technologies and the ability to simulate cyberattacks carried out to the point of physical disruption and destruction. Unlike attack scenarios of traditional ranges, CELR-generated attack scenarios integrate kinetic motion to successfully account for infrastructure interdependencies across unique test scenarios. The capability to accurately respond in real-time enables CELR to go beyond static simulation and support teams engaging across the entire cyber attack lifecycle, from internet entry points to the external demilitarized zone (DMZ), corporate local area network (LAN), and ICS networks, and physical components.

CELR facilitates the user’s ability to study the interdependencies between processes as well as sectors, critical to strengthening the nation’s collective defense against complex attacks, such as those seen during the HatMan, CrashOverride, and BlackEnergy campaigns, in an evolving threat landscape. CELR allows users to encounter elements involving physical limitations of equipment, the magnitude of unrelated datasets, and to understand the associated second-order effects. This visibility provides responders key insights to better inform detection mechanisms and defensive strategies.

The Idaho National Laboratory also offers a consequence-driven, cyber-informed engineering discipline developed and pioneered by the laboratory. These initiatives are supported by the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) in the Department of Energy. The methodology is focused on securing the nation’s critical infrastructure systems. Developed at Idaho National Laboratory, CCE operates with the assumption that if a critical infrastructure system is targeted by a skilled and determined adversary, the targeted network can and will be penetrated.

Last month, the CISA expanded its Joint Cyber Defense Collaborative (JCDC) initiative to include the ICS industry consisting of security vendors, integrators, and distributors. The move will strengthen and bolster the U.S. government’s focus on building cybersecurity posture and resilience of ICS/OT environments. Companies initially joining the JCDC-ICS effort include Bechtel, Claroty, Dragos, GE, Honeywell, Nozomi Networks, Schneider Electric, Schweitzer Engineering Laboratories, Siemens, and Xylem, as well as several JCDC alliance partners.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading
Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience
Enhancing industrial cybersecurity by tackling threats, complying with regulations, boosting operational resilience