Arm and train your cyber warriors on a cyber range
By Sivanathan Subramaniam March 26, 2014
- Professional certifications and some hands-on experience may not be sufficient
- A realistic environment that is used for cyber warfare training and cyber resiliency
I AM sure after reading the title of this article, you can’t wait to know what a cyber range is exactly.
A cyber range is a realistic environment that is used for cyber warfare training and cyber resiliency. It is very much like a military shooting range which is used to facilitate training in weapons, operations or tactics.
Organisations worldwide face a dangerous shortage of cyber warriors with the skills required to defend against cyber-attacks or worse, cyber-terrorism. This urgent situation is made worse by the weaknesses and vulnerabilities that continue to pervade critical IT infrastructures.
Addressing these problems requires Internet–scale simulation environments, along with a comprehensive training curriculum and proven methodologies, to develop elite cyber warriors and simulate attacks on IT infrastructures.
A cyber range can be used for two main purposes: Cyber warfare training such as flag exercises, cyber competitions and training exercises (red team / blue team / white team); and measuring and hardening network and application infrastructure resiliency. (I will talk about cyber resiliency and device evaluation in another article).
You may want your cyber-security team to be well equipped with the necessary skills in the event of a critical security breach such as a DDoS (Distributed Denial of Service) attack on your network. But how can you be sure that they are equipped and ready?
Mere professional certifications and some hands-on experience may not be sufficient to immediately fend off such attacks. The only way is to train the team with real-world experience on your network, but you can’t do it on the production network – hence you need a cyber range.
A good cyber range will be able to simulate and emulate the entire network and systems, and at the same time simulate and emulate the actual user traffic of your network.
Once that is done, you can introduce any kind of attacks for your cyber-security team to train and at the same time, fight (blue vs red teams).
So who actually needs a cyber range? Any organisation carrying mission-critical information on networked computing elements. These include:
a) Governments and militaries
b) Network equipment manufacturers
c) Service providers
d) Enterprises
The United States, for instance, is already working on a National Cyber Range under the Defence Advanced Research Projects Agency (Darpa). The goals of the National Cyber Range include:
a) Replicate large scale, complex and diverse networks and users for future and current Department of Defence (DoD) weapon systems and operations,
b) Enable a realistic testing facility for Internet and Global Information Grid (GIG) research,
c) Enable the development and deployment of state-of-the-art cyber-testing capabilities,
d) Facilitate the scientific use of cyber-testing methods, and
e) Provide a virtual environment for the quantitative, qualitative and realistic assessment of potentially ground-breaking cyber technologies for research and development.
If we need to protect our land, water, air and space by military means and for that we need a highly-skilled soldiers for the jobs which are provided by training in military ranges, our cyber space is also an element that needs protection … and for that we need to churn out more highly skilled cyber warriors by training them in cyber ranges.
Just as soldiers on the battlefield are assessed and certified for marksmanship, cyber warriors must be educated and put to the test to evaluate and refine their skills. CIOs (chief information officers) and CISOs (chief information security officers) can educate their forces through a wide range of exercises at increasing levels of difficulty to evaluate expertise and certify capabilities.
Sivanathan Subramaniam is the CEO of Cyber Intelligence Sdn Bhd, an information security audit, compliance and consultancy service provider.
Previous Instalment: Information security is about you … yes, you!
Related Stories:
APAC emergency response teams in drills with OIC, Euro counterparts
Cyber-war: Time for our agencies to step up
Malaysian Government formulates national cyber-crisis policy
Interpol lays out response blueprint for global cybercrime war
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.