Control Environment Laboratory Resource

Environment For Cyber Research Of Operational Technologies

The Control Environment Laboratory Resource (CELR) is an environment for government and private industry partners to experience the possible effects of kinetic cyber-physical attacks. CELR allows users to perform security research on industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems.

CELR is a test range that uses multiple platforms capable of hosting simulated risk scenarios against real critical infrastructure (CI) processes. CELR enables the study of complete cyber warfare against our Nation’s CI targets, which society relies on to maintain our way of life. CELR is highly adaptable, simulates numerous corporate network configurations, and provides control system hardware and kinetic outputs of various CI sectors. With the ability to host multiple concurrent simulations, analysts across the Nation can interact with the environment while being both on and offsite through extended range connections

CELR Distinguishing Assets and Capabilities

What’s Unique About Our Environment?

  • Combines functional ICS/SCADA systems with threat actor tactics, techniques, and procedures (TTPs)
  • Hosts simulations for both red and blue teams to experience specific threat actor TTPs
  • Shows disruptive and destructive consequences of cyber attacks against ICS and how to defend against them


CELR enables hands-on research of sensitive systems.  The core capabilities of the range include:

  • Study red team capabilities, techniques, artifacts, and impacts within specific network configurations
  • Enabling blue teams to hone defensive skills and develop new processes for detecting malicious cyber activity
  • Validate and understand the impact of vulnerabilities within ICS hardware and configurations

CELR notably differs from traditional Operational Technology (OT) ranges in its focus on ICS technologies and the ability to simulate cyberattacks carried out to the point of physical disruption and destruction. Unlike attack scenarios of traditional ranges, CELR-generated attack scenarios integrate kinetic motion to successfully account for infrastructural interdependencies across unique test scenarios. The capability to accurately respond in real time enables CELR to go beyond static simulation and support teams engaging across the entire cyberattack life cycle—from internet entry points to external demilitarized zone (DMZ), corporate Local Area Network (LAN), and ICS networks, and physical components.

CELR Facility Tours

Overview Video Tour of CELR Facility

ics-celr chemical skid

Chemical Processing

ics-celr electric skid

Electrical Distribution and Transmission

ics-celr gas skid

Natural Gas Pipeline

Who CELR Can Support

CELR provides a research zone, permitting its users to simulate speculative risk scenarios that would otherwise introduce unacceptable risk to production environments. This laboratory environment provides opportunities for enhancing the way government and industry partners defend ICS networks. Potential users include, but are not limited to:

  • Federal civilian agencies (e.g., Department of Energy, Justice, Interior)
  • Department of Defense (DOD) Cyber Protection Teams (CPTs)
  • National Security Agency (NSA)
  • U.S. asset owner operators
  • Vendors and integrators
  • Academia researchers
  • Third-party cyber firms and researchers
  • International partners

CISA designed CELR with Critical Infrastructure partners in mind and to serve as many industry groups as possible. The range is a common environment where a variety of partners can research, learn, and share TTPs.

CELR User Assets

  • Concurrent simulations supporting diverse user groups
  • Custom corporate environments ranging from small business to international conglomerates
  • 16 sector-specific scenarios for ICS skids
  • Remote access to simulations
cyber research skids

CELR and Industrial Control System Presentations

The information videos below offer additional information on the CELR and its use in research and training of cybersecurity professionals on ICS and OT environments. These presentations were provided to the ICS community during previous Industrial Control System Joint Working Group (ICS-JWG) seminars to facilitate information sharing and reduce the risk to the nation’s industrial control systems. Sponsored by the Cybersecurity and Infrastructure Security Agency (CISA), the ICSJWG provides a vehicle for communicating and partnering across all Critical Infrastructure (CI) Sectors between federal agencies and departments, as well as private asset owners/operators of industrial control systems. The goal of the ICSJWG is to continue and enhance the collaborative efforts of the industrial control systems stakeholder community in securing CI by accelerating the design, development, and deployment of secure industrial control systems.

Tutorials and Use Cases


dhs cisa logo

Cybersecurity and Infrastructure Security Agency (CISA) works with partners to defend against today’s threats and collaborating with industry to build more secure and resilient infrastructure for the future. CISA is at the heart of mobilizing a collective defense to understand and manage risk to our critical infrastructure. Our partners in this mission span the public and private sectors. The programs and services we provide are driven by our comprehensive understanding of the risk environment and the corresponding needs identified by our stakeholders. We seek to help organizations better manage risk and increase resilience using all available resources, whether provided by the Federal Government, commercial vendors, or their own capabilities.

Participating Partners

johns hopkins university

DHS Program Office

CELR Program Office

INL Control Systems Program

Timothy Huddleston

NHS Media

Michelle Farrell

Idaho National Laboratory