Inside the cybersecurity labs protecting U.S. critical infrastructure

Some of the most important research into protecting the nation’s critical infrastructure from cyberattacks is happening in a group of labs in Northern Virginia.

Driving the news: I spent Thursday afternoon touring three of the research and development labs at the MITRE Corp., a not-for-profit organization that develops tech and security tools for both the private and public sectors.

• This was one of the first press tours MITRE has hosted of these labs since the pandemic began.

The big picture: Critical infrastructure systems face unique security challenges since most of the physical components that run these systems were installed or built decades ago.

• As operators start to integrate modern technologies and cloud-based storages onto these legacy parts, security flaws crop up at the intersection.
• Meanwhile, both nation-state and cybercriminal hacking groups have become wise to these flaws as they've rampantly targeted local governments, schools and hospitals.

Details: MITRE gave four reporters a tour of three labs during the Hack the Capitol conference in McLean, Virginia: the Cyber Infrastructure Protection Innovation Center, the Cyber Innovations Lab, and the Integration, Demonstration and Experimentation for Aeronautics (IDEA) Lab.

• The Cyber Infrastructure Protection Innovation Center is where MITRE tests out how to automate and deploy new security tools to augment critical infrastructure security. The lab includes a model city, called Cyber Town — with a hospital, rail station, chemical plant, downtown area and neighborhood — that acts as a test bed to run attack simulations.
• The Cyber Innovations Lab is where MITRE tests out new products, like the soon-to-be released Caldera for operational technology (OT) systems, on the hardware seen in critical infrastructure. For instance, a simulated cyberattack on a natural gas compressor station was actually run on a real-life meter and valve system in the lab.
• The IDEA Lab is where MITRE tests out new technologies to collect and analyze data for pilots, air traffic controllers and others. This is also where MITRE operates its partnership with the FAA.

Between the lines: Critical infrastructure operators and government agencies rely on labs like MITRE’s to solve some of the security problems they don’t have the budget to wrestle with themselves.

• Publicly run systems, like water utilities, can often afford only part-time IT teams that not only oversee the security of the plants, but also are responsible for general tech support at the company.

State of play: Many of the labs and tools MITRE showed us were either built in the last few months or are about to be deployed to the wider public.

• The Cyber Infrastructure Protection Innovation Center just moved locations in the last few months, and the team is starting to ramp up with the hopes that they can bring in a wide swath of agencies and city government teams to run through simulations of attacks.
• MITRE is working on releasing Caldera for OT systems to a small customer base for now. The tool gives agencies and critical infrastructure operators the ability to test what various kinds of cyberattacks would look like on their own systems.

The intrigue: A tour of a location as unique as MITRE's critical infrastructure security labs doesn't come without its own set of weird rules.

• For the first lab, visitors had to wear a mask to protect medical equipment stored in the room, and anyone with a pacemaker couldn't enter.
• To ensure sensitive information wasn't being leaked, reporters couldn't take photos (although MITRE had its own photographer on-site).

Yes, but: Fun anecdotes also came out of the experience.

• MITRE was kind enough to let some reporters test out flight simulators in the IDEA Lab — some reporters were better at taking off and landing their flights than others ... 👀 ✈️.