A newly developed Control Environment Laboratory Resource (CELR) platform by the Science and Technology Directorate (S&T) and the Cybersecurity and Infrastructure Security Agency (CISA) aims to enhance the cyber resilience of U.S. harbors.
The CELR test environment is set to support stakeholders in preparing for potential cyberattacks on U.S. seaports.
With funding from the Infrastructure Investment and Jobs Act, S&T, CISA, and the Pacific Northwest National Laboratory (PNNL) have developed a laboratory-sized seaport platform. This platform allows operators to safely simulate cyber-attacks, enhancing their threat detection and cyber-defense capabilities.
The new platform will eventually be integrated into CISA’s Control Environment Laboratory Resource (CELR) program and included in CISA’s existing OT security offerings.
The technology will also serve as a training and research tool for the USCG, Department of Homeland Security/Department of Defense partners, manufacturers, cybersecurity experts, researchers, and other seaport stakeholders.
PNNL Senior Cyber-physical Engineer, Scott Warnick, said, “CELR platforms are laboratory scale environments (about the size of a ping-pong table) that emulate critical infrastructure facilities and the processes, software, and hardware that they rely on in the real world.
“They are designed to provide security professionals—alongside technical personnel, owners, and operators who may have limited exposure to cyber effects—with a safe setting to simulate and experience the effects of cyberattacks without real-world consequences.”
The new CELR platform will enable stakeholders to study and analyze simulated attacks, identify vulnerabilities in IT and OT systems, and develop countermeasures to detect, prevent, or mitigate cyber threats.
Nine other CELR platforms are currently in operation at two national laboratory locations. PNNL operates four platforms: a wastewater treatment system, a water treatment facility, a hydroelectric dam, and a freight rail platform, all funded by S&T research and development.
Idaho National Laboratory (INL) operates five additional platforms: an electric transmission substation, an electric distribution substation, a building management system, a chemical processing system, and a natural gas pipeline system.
S&T Program Manager, Eileen Rubin, stated, “When CISA mentioned that the USCG’s Cyber Protection Team (CPT) identified the need to develop new training and testing tools for our seaports, we got right to work with subject matter experts (SMEs) in this field to build and implement a state-of-the-art seaport CELR platform.”
The platform is modeled after multiple U.S. seaports and demonstrates how various IT and OT systems and processes control operations like loading, unloading, and container movements between ships, trucks, and trains. Users can simulate and observe the effects of cyberattacks and train to develop and implement appropriate countermeasures.
Recently, the team hosted an online demonstration of the platform for stakeholders, showcasing its functionality, including ‘normal’ daily seaport operations and scenarios illustrating the potential consequences of cyberattacks.
Simulated cyberattack scenarios are being developed in coordination with USCG CPT and are expected to be available by next summer. The platform and scenarios will then be accessible to USCG CPT and other interested parties for training and research.
The Importance of Cybersecurity for Sea Ports
Seaports are crucial to the health of the U.S. economy. According to the National Oceanic and Atmospheric Administration’s Office for Coastal Management, $2.3 trillion in international trade is facilitated by seaports, with around 1.6 billion tons of goods being imported and exported by nearly 45,000 vessels each year.
To ensure smooth operations, the over 300 seaports in the U.S. depend on advanced information technology (IT) and operational technology (OT) systems.
These systems are essential for daily functions and are managed, accessed, and controlled online, which exposes them to risks such as “hacking, malware attacks, and other malicious online activities,” according to Rubin.
CISA Industrial Control Systems Section Chief, Alex Reniers, commented, “Cyber threats to seaport operations are a national security concern given our nation’s dependence on seaports for the movement of products and material goods.
“A disruption, even of brief duration, could have cascading negative consequences at regional and national levels. Therefore, it is imperative that we take the time to understand the potential risks to seaport IT and OT systems that malicious cyber actors could exploit.”
A disruption at a major U.S. seaport could cause delays in shipments by road, rail, or pipelines for days or even weeks, leading to monetary damages in the millions or billions of dollars and delaying critical supplies.
Such interruptions could severely impact the economy and the global supply chain. Therefore, the team is focused on enhancing both online and physical security to prepare frontline workers for any attempts to compromise these essential services and systems.
Broader Impacts
Over the next few years, S&T, CISA, PNNL, and INL plan to raise awareness, build more platforms, and expand access to the CELR suite, including equipping U.S. colleges and universities with test environments.
Reniers added, “Defending our nation’s critical infrastructure against threats and strengthening their overall cybersecurity is a high priority for CISA that requires vigilance, education, and collaboration from everyone in our field. And, since we have an entire suite of CELR platforms, one of our top priorities is to make all of them available to the cybersecurity SMEs, researchers, and owners and operators who would benefit from being able to use them.
“We anticipate by doing this, it will increase accessibility to these vital resources and make it easier for critical infrastructure owners, operators, and staff to be more prepared to address potential cyberattacks against critical infrastructure in the future.