The department is developing ways to secure federal research facilities from cyberattacks on their internet-connected controls.
The Homeland Security Department is testing new software to protect government laboratories from cyberattacks that could potentially release tuberculosis, yellow fever and other dangerous pathogens into the environment.
Federal research facilities rely on internet-connected devices to automate many basic building functions like ventilation, heating and security, as well as more hazardous processes like decontaminating equipment and preventing lethal microbes from escaping the lab.
Hackers could potentially exploit these devices to take control of building operations, but the DHS Science and Technology Directorate is investing in software that smothers attacks before they start.
Developed by Red Balloon Security, “Symbiote Embedded Defense” technology injects software into each device’s binary operating system and constantly analyzes the code to prevent rogue commands from executing. Because the technology doesn’t rely on a particular operating system, it works for every single embedded device, according to Ang Cui, founder and chief executive officer of Red Balloon Security.
Homeland Security awarded the company a $1 million contract to test the software at the agency’s Plum Island Animal Disease Center, a Biosafety Level 3 lab off the coast of New York, S&T Chief of Media Relations John Verrico told Nextgov. Researchers at BSL-3 facilities work with dangerous microbes like SARS, West Nile virus and yellow fever, meaning even a small attack on building operations could have enormous consequences.
“You can cause the containment to breach, you can cause damage to the people inside and you can certainly release dangerous pathogens outside the facility … by just manipulating the small embedded computers that control the building,” Cui told Nextgov.
Building control systems at government labs and many production facilities run mostly on legacy software, which Cui said makes them particularly susceptible to an attack.
“We’re basically using 2018 offensive capabilities and analysis techniques to find and exploit vulnerabilities [that] were built in 1996,” he said. Because the Symbiote software integrates directly into the operating system and detects any unauthorized changes to the code, it’s able to lock down most outdated technology.
Midway through the 12-month pilot program, Cui said government officials are starting to realize how the software can be adapted to address the security issues “at the core” of the internet of things. He said the developments made today could be ultimately applicable “to every single type of laboratory, every type of industrial production environment.”