Cyberdefense may not be quite as glamorous as it is portrayed in movies from the 1990s (watch Hackers with Jonny Lee Miller and Angelina Jolie anyway). But unlike the 90s, cybersecurity has become an endurance profession.

Not a week goes by that yet another big company doesn’t announce a security breach leaking thousands of customer records into the wild. In an effort to prepare the next generation of cybersecurity warriors, Electronic Technology Associates Inc.  (ETA) and Cyberbit Ltd. have joined to build the first live, standalone, hands-on cybersecurity training center in the U.S.

The location in Baltimore, MD, places the ETA Cyber Range within what Bloomberg calls the Silicon Valley of Cybersecurity and in close proximity to Fort Meade, MD, and the Aberdeen Proving Ground, both of which are hotbeds for U.S. government cybersecurity operations. The Cyber Range will initially employ 10 highly trained cybersecurity professionals as staff and expects to employ as many as 100 by the end of 2017.

Adi Dar, CEO of Cyberbit. Photo courtesy of Cyberbit

“Public sector organizations manage highly-sensitive infrastructure and cannot afford to have staff’s first encounter with a threat occur during attacks,” said Adi Dar, chief executive of Cyberbit. “By training and simulating the response process in advance, security staff can dramatically improve their performance. I am looking forward to helping Baltimore’s industry create top-notch security experts by means of the Range platform.”

Although the location puts the ETA Cyber Range within striking distance of many public sector cybersecurity operations, enterprise business could benefit hugely from the exact sort of training as they are also targeted just as often.  In 2015, U.S. businesses saw an average of 160 successful cyber attacks per week.

When it comes to enterprise applications it’s an online world and while that world is no longer the Wild West of the web, it’s still a place filled with threats that can cost businesses time, money and customers. To combat this, the enterprise sector is spending more money than 2015 to secure their infrastructure. According to a forecast from Gartner, security products and services are set to reach $81 billion in 2016, an increase of 7.9 percent over 2015. And the market is expected to soar to $170 billion spending by 2020

As more and more customer data is digitized and put online and more enterprise business turn to networks to enhance communication the costs of cybercrime will continue to increase. In 2015, British insurance company Lloyd’s of London estimated that cyberattacks cost businesses as much as $400 billion a year.

An example of possible training courses at the ETA Cyber Range. Image courtesy of Cyberbit.

The Cyber Range Platform

While a tremendous amount of cybersecurity is done before an operation puts itself online—setting up firewalls, installing instrumentation, inspecting protocols and essentially putting cyber-bars on doors and windows—once things are running, security professionals are dealing with threats in real time. This means that preparation is indeed half the battle; the other half is knowing what to look for and how to respond.

Speaking to SiliconANGLE, Stephen Thomas, Cyberbit vice president of sales, explained that the ETA Cyber Range will run on Cyberbit’s “Cyber Range Platform,” a sophisticated application that can simulate a cyberattack against a network and puts security professionals into situations they can expect during a real attack.

As cybersecurity is team-based, the Cyber Range “allocates individual team members into their roles in the environment,” Thomas said. Professionals get trained and practice as teams, which gives them a chance to experience an attack without the company’s resources being on the line.

The Cyber Range is set up to simulate numerous different types of attacks and for most of them it compresses the time they take down to a few hours or a few days—when in real life, most cyberattacks against an institution may take days or months (most hackers are extremely patient and wait for an opening as opposed to prying one open because that gets an attack noticed). Attacks can be simulated for ransomware, Trojans that have snuck into the network, port scans, SQL injection, Java Applet Send Mail, WMI worms and many more security threats.

While in the Cyber Range, professionals are put into an environment that not only simulates attacks, it also simulates normal operations. This means that the Cyber Range sets up and simulates a real world network, showing traffic going to and from applications. In most real-world situations involving a cybersecurity incident, an attack sneaks in amid normal traffic, training to tell the difference and react swiftly is critical practice.

Thomas also told SiliconANGLE that the Cyber Range is capable of simulating most popular cybersecurity software suites so that teams can practice with their own setups.

As for simulating attacks, Thomas said that the Cyber Range can pit a team of professionals against a human team (in cyberwarfare terms this would be a “Red Team”) or simply automate the opposing team. While it’s much better training to go up against a Red Team, Thomas joked, the downside is that having humans on the other end of a simulated attack can cause training to go off script. However, both can be crucial to effective practice that simulates real-world scenarios cybersecurity professionals may encounter.

“We’ve even had people bring trainees into the range at 2 a.m., when people are disoriented and have them do a scenario,” Thomas added. “Since in the real world you can’t always expect attackers to work on your schedule and some attacks happen during times when people are less ready to respond.”

Just like sports practice, the ETA Cyber Range will have the capability of recording the entire simulation from start to finish by “flight recording” each seat for every team member’s role, Thomas told SiliconANGLE. The staff at the Cyber Range will also be able to sit in a gallery and watch as a team trains on the range and annotate events with their own commentary (all without interrupting the proceedings).

This will provide teams a way to debrief after an incident simulation and do a play-by-play of what happened and enable them to better understand what they missed and how they can do better next time.

For a real-life cybersecurity event this sort of hindsight only happens during the post-mortem of an attack while a cyber forensics team is trying to determine what happened. Being able to review how well a team did against a simulated attack not only provides good training in what an attack looks and feels like, it also provides a way for a team to discover weaknesses in their own understanding, communication or security protocol.

Example Cyber Range command center. Photo courtesy of Cyberbit.

Setting the standard

By providing a standalone Cyber Range, ETA and Cyberbit hope to attract security professionals who want to practice and experience live-fire simulations of cyberattacks in order to hone their skills.

To do this the Cyber Range will have regular training sessions, like a school with a syllabus for training on contemporary cyberthreats, but will also allow enterprise and government teams to buy out time on the range.

No details have been released on how much it will cost for training sessions or free-play practice simulations, but Thomas suggests that the cost will be competitive for the industry.

Leave a Reply

Your email address will not be published. Required fields are marked *

WordPress Lightbox Plugin