The U.S. Department of Homeland Security’s (DHS) Science and Technology Directorate (S&T) and Cybersecurity and Infrastructure Security Agency (CISA) are testing out new technologies and tools to protect transportation infrastructure both online and off.
Like most things today, that infrastructure increasingly relies on online networks, meaning there are more means for them to be exploited, disrupted, or damaged. Thus, CISA and S&T have formed a multi-agency team with representatives from the Idaho National Laboratory, Pacific Northwest National Laboratory, and more to develop and implement two training tools through CISA’s Control Environment Laboratory Resource (CELR) test environments. Eventually, they will join the rest of CISA’s portfolio of internet security tools.
“CELR test environments are miniaturized test environments that emulate crucial facilities and their associated technologies and physical components,” Tim Huddleston, INL program manager for Infrastructure Assurance and Analysis, said. “They are designed to provide first responders and security professionals with a safe setting to simulate cyberattacks, conduct research on and analysis of these attacks, and practice the implementation of countermeasures that will enable them to detect, mitigate, or prevent such incidents in the real world.”
Currently, six such environments exist. Through a new partnership with the auto industry, researchers have also gained an electric, semi-autonomous car for conversion into an automotive testbed for cybersecurity incident response training, research, and analysis related to smart vehicles. The main goal there will be greater understanding, according to CISA’s branch chief of Industrial Control Systems Section, Alex Reniers.
“It will also help them discover whether or not these vehicle technologies—such as over-the-air maintenance, safety sensors, Bluetooth capabilities, key fobs, payment systems, and charging station ports—can be accessed and hacked for malicious purposes,” Reniers said.
Through this partnership, any flaws and exploits discovered would be promptly shared with the auto industry to institute changes. A similar arrangement is working to improve the rail industry through a tool to better understand, manage, and reduce potential hacking and cyber-physical attacks aimed at trains and affiliated infrastructure.
Both automotive and rail CELR test environments are in the early stages, but the potential exists.
“This is exactly why we collaborate with so many industry leaders to design and implement these test environments,” Alex Karr, S&T program manager, said. “All professionals in this field can experience tangible benefits from using CELR—whether it’s for research and development or training purposes. Once they’re fully developed and implemented, I’m sure that the automotive and rail test environments will serve as valuable tools that—along with our other test environments—will continue to help our subject matter experts and first responders improve their readiness and preparedness and ensure that they can meet any challenges they might face in the future.”