Cyber Range Strategy: How to Get Small and Arm Defenders, Stat
by Pam O'NealBy Pam O’Neal
In an era of steep budget cuts for the U.S. Department of Defense (DoD), the objective in government circles has been to “get small” — to do more without spending more. Although some budget allocations for cybersecurity may be protected from cuts, the imperative to get small still makes sense. Smaller typically means more agile, easier to deploy widely, and, of course, less costly.
This certainly holds true on the cyber range front, where those charged with cyber defense await the online training grounds they need to develop incident response and defense techniques. By investing in newer, compact, and agile cyber ranges, the DoD could deliver full Internet-scale simulation capabilities to military bases worldwide. Who says you can’t have better, faster, AND more cost-effective?
BreakingPoint’s Director of Product Management, Scott Register, recently recorded a webinar on cyber ranges for the Institute for Defense and
Government Advancement (IDGA). In his talk, set to broadcast April 5 as part of IDGA’s ongoing cyber security series, Scott discusses how BreakingPoint customers in public and private organizations have already deployed evolved Internet-scale cyber ranges to harden defensesand develop cyber personnel. In contrasting legacy approaches to the evolved model, he shows that the creation of Internet-scale simulations need not require a large-scale data center. In fact, that kind of legacy thinking is holding back the development of a trained and armed cyber defense workforce.
This slide, taken from Scott’s talk, lays out the difference between the traditional and evolved approaches in straightforward terms:
A Note From a Real-World Evolved Cyber Range Deployment
At one U.S. military base (now a BreakingPoint customer), staffers had followed the traditional model to build out a large lab filled with hundreds of servers to simulate the load of 15,000 users. Their mission, however, required 250,000 simulated users. Emulating a quarter of a million users the old way would mean huge investments in hardware, software licenses, electricity, and real estate. It also would have required dozens of skilled professionals from the military or a defense contractor dedicated solely to set up, configure, integrate, and maintain these systems. And finally, the legacy setup requires dozens of experienced security researchers with the knowledge required to continually discover and publish an evolving mix of attacks to keep simulations current.
That base and others now embrace an evolved cyber range model, which looks like this:
Throughout the upcoming webinar, Scott shares a lot more information using anecdotes from companies such as PayPal, Mastercard, Northrop Grumman, and even the U.S. Defense Information Systems Agency (DISA). Below we have provided a video clip preview of the webinar; be sure to register for the full webcast on the IDGA site.
