PNNL

As the world becomes more digital and our nation’s critical infrastructure systems become more connected, cyberattacks against these systems are becoming an increasingly larger threat. It’s vital that owners and operators of U.S. critical infrastructure understand how to quickly identify, respond to, and recover from cyber-attacks on their systems. Testing and training on these systems while in operation, however, is challenging in part because they are “always on.”

Pacific Northwest National Laboratory (PNNL) is partnering with the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) to develop and operate the Control Environment Laboratory Resource (CELR), an environment for government and private industry partners to experience and learn how to mitigate the possible effects of a cyber-kinetic attack.

Approach

PNNL has designed, engineered, and fabricated multiple models of different critical infrastructure equipped with industrial control systems (ICSs) and supervisory control and data acquisition (SCADA) systems. These platforms include scaled physical processes, kinetic effects, and specific operational technologies found in actual U.S. critical infrastructure. Control system hardware and software are used for research, training, capability testing, and supporting operational elements of the Cybersecurity Division at CISA, industry partners, and other government organizations.

PNNL’s operation and support of CELR is executed by a multi-disciplinary team of engineers in the cyber, control systems, and mechanical/electrical domains who, in addition to establishing the CELR platforms, have:

• Developed capabilities for deploying repeatable enterprise information technology models joined with the ICS and SCADA systems to represent the end-to-end cyber footprint of a representative critical infrastructure owner or operator.
• Studied and reviewed industry environments and worked with industry partners to verify accuracy of the models, resulting in a scaled representation of real-world deployments.
• Defined and implemented kinetic disaster scenarios demonstrating system operations under a cyberattack.

Impact

The CELR capability allows system owners/operators and federal agency analysts to prepare for the eventuality of cyber-attacks by experiencing a red team/blue team simulated engagement utilizing their tools, techniques, and processes to practice responding to an attack effectively and efficiently. The analyst will experience threat tactics in a realistic and safe environment that they may not have seen before. Valuable datasets are also generated to support the testing and development of advanced analytics and allow for the assessment of defensive solutions.