Bringing drawbridges to the cyber world

Often included in stories involving castles, moats, and knights on horseback, drawbridges are still used in modern day society. Due to their place in medieval lore, this style of bridge isn’t often top-of-mind when thinking about high-tech transportation solutions. The Critical Infrastructure Resilience Institute (CIRI) – a Department of Homeland Security (DHS) Center of Excellence - is working to bring drawbridges safely into the cyber world.

Drawbridges, or remote bridges as they’re sometimes called, traditionally have been manually controlled by a human operator at the bridge who controls it as needed to support vehicle and boat traffic flow. Increasingly, the owners of these bridges are working to update their technology to replace the human operator with computer and communications gear that will allow remote operation of the bridges.

“Increasingly, drawbridges are being transitioned to remote operations,” said Randy Sandone, executive director of CIRI. “This could take the form of a ship approaching the bridge and sending a signal telling the bridge to raise, or a train approaching and telling the bridge to lower. It would all be connected so if the boat and train were both arriving at the same time the bridge could inform the engineer to stop the train through another signal.”

This change would make the bridge operations more efficient and cost-effective, but entering the cyber world is not without its own problems. Handling operations with communication and information technology introduces potential cyber vulnerabilities and safety concerns that owners and operators must address upfront and on an on-going basis. CIRI is working with the US Coast Guard to research and develop cybersecurity protocols that will help keep bridges safe from malicious hackers.

To do this, CIRI researchers will analyze remote bridge architectures and identify areas of potential vulnerability in those systems. Informed by this analysis, CIRI researchers will develop and publish risk management guidelines and best practices as well as a proposed NIST Cyber Security Framework Profile for Remote Bridge Operations. These guidelines and best practices will be incorporated into a software tool previously developed by DHS and CIRI to help bridge owners and operators maintain safe and secure operations as the risks and technologies evolve. This will involve extensive CIRI engagement with the remote bridge owners to ensure that their operational needs are addressed and to make sure all stakeholders understand the technical and management requirements for safe and secure cyber-enabled remote bridge operations.

This research is part of a broader initiative through the Maritime Security Center.

“We will deliver these things to the community to help them standardize on their cybersecurity policies and practices,” said Sandone. “This will ensure a safer, more reliable, and more secure future for remote bridge operations.”