Living our Mission: Creating Authentic Cyber Training and Learning Environments Inspired by Real-World Experience: Todd Humes, Sr. Mission Designer

Reading Time: 2 minutes

Bringing his Air Force and military security engineering background to use, Senior Mission Designer Todd Humes understands what it takes to defend networks from adversaries. Prior to Circadence, he served in various government security roles including as a Systems Security Engineer and Systems Administrator and on the commercial side as a Director of Network Defense Operations at a Managed Security Service Provider. He noticed a gap in commercial cyber training and readiness that eventually lead him to Circadence.  

In his current role, Todd ensures that real-world training exercises developed meet critical training objectives and are authentic for the end-user. “We want to provide a safe place for trainees to learn cyber…so he/she doesn’t have to worry about causing damage on actual networks when trying to build skills,” he says.  

It’s important trainees in Project Ares experience true-to-life cyber threat scenarios that they would in their actual workplace.

In “mimicking a controlled environment that they would see” in the workplace, trainees gain “an experience that is highly relatable and allows for professional development,” Todd says.  

When developing new missions Todd and his team examine market verticals and threats associated with those industries to identify unique scenarios that can be built out in a Project Ares mission. “We do our own research and threat intelligence targeting verticals, brainstorm specific scenarios and begin designing what the network environment should look like,” he says. The automation and orchestration of how the mission will unfold require a great deal of programming. Between building the mission components, the layout, and the services that will be “affected” in the exercise, Todd and his team bring cyber threats to life in the most authentic way possible. Sometimes, he adds, “we have to reverse engineer the malware [for example] to get the capability we want,” adding layers of complexity and back-end work to produce the final product.  

But the intricacies of building missions is anything but dull. “It’s never boring! We’re always learning day in and day out and the people who are successful in this field are the individuals who continue to learn themselves,” Todd says.

To ensure missions stay relevant against today’s threats, Todd is always keeping a pulse on the latest research and vulnerabilities by studying online reports and attending cyber conferences and industry-related events to network with like-minded leaders.  

He believes by continuously learning about the industry, all professionals in this line of work and beyond can find new and better ways to address an exploit and stay one (or several) steps ahead of hackers. He considers cyber security one the few industries and specializations that requires persistent learning and skill building in order to “extend the life” of security across organizations and companies.   

Learn Project Ares, including recent mission and battle room updates here.   

Good Bots and Bad Bots: How to Tell the Difference to Stay Cyber Safe

Reading Time: 2 minutes

You may have heard or read the term “bot” in the context of cyber security. Normally we hear this word in the wake of a cyberattack and relate it to breaches in computer or network security. While there are certainly bad bots, there are good bots too! So what exactly is a bot, how can you differentiate, and how do they work?

What are bots?

The term bot is short for robot and is a type of software application created by a user (or hacker) that performs automated tasks on command. There are so many variations, from chatbots to spider bots to imposter bots. Good bots are able to assist in automating day to day activities, such as providing up to the minute information on weather, traffic, and news. They can also perform tasks like searching the web for plagiarized content and illegal uploads, producing progressively intelligent query results by scouring the internet content, or helping find the best purchase deals online.

While we encounter bots like these in our everyday activities without really thinking about them, being aware of bad bots is important. Bad bots, used by adversaries, perform malicious tasks and allow an attacker to remotely take control over an infected computer. From there, hackers can infiltrate the network and create “zombie computers,” which can all be controlled at once to perform large-scale malicious acts. This is known as a “botnet”.

How do bots work?

Cybercriminals often use botnets to perform DoS and DDoS attacks (denial of service and distributed denial of service, respectively). These attacks flood target URLs with more requests than they can handle, making regular traffic on a web site almost impossible. Hackers use this as a way to extort money from companies that rely on their website’s accessibility for key business functions and can send out phishing e-mails to direct customers to a fake emergency site.

Protect yourself from bad bots

Don’t let this information scare you though! Awareness is a great first step to recognizing any potential harmful activity, whether on your own computer or on a site you visit online. Preventing bad bots from causing attacks before they start is easy with these tips:

  • Ensure your antivirus software is up to date by setting it to automatically update.
  • Routinely check the security options available to you for your iOS, web hosting platform, or internet service provider.
  • Only click on links and open emails from trusted sources. Avoid accepting friend or connect requests, responding to messages, or clicking on links from unknown persons on social media.

Bots can be incredibly helpful, and we use them every day. Knowing how to differentiate the good from the bad while taking the necessary precautions to protect yourself against malicious bots will ensure that you only need to deal with bots when they are telling you about blue skies or saving you money on that great shirt you’ve been wanting!

Photo by Su San Lee on Unsplash

Ransomware – The Attack Du Jour!

Reading Time: 3 minutes

Ransomware is gaining traction among hackers; emboldened by financial success and anonymity using cryptocurrencies. In fact, ransomware is now considered a tried and true cyberattack technique, with attacks spreading among small and medium-sized businesses, cities and county governments. Coveware’s recent 2019 Q1 Ransomware Report notes:

  • Ransoms have increased by an average of 89% over Q1 in 2019 to $12,762 per ransom request
  • Average downtime after a ransomware attack has increased to 7.3 days, up from 6.2 days in Q4 of 2018, with estimated downtime costs averaging $65,645
  • Victim company size so far in 2019 is anywhere from 28 to 254 employees (small, medium, and large-sized businesses)

Let’s review how ransomware works and why it’s so effective. Ransomware is a type of cyberattack where an unauthorized user gains access to an organization’s files or systems and blocks user access, holding the company’s data hostage until the victim pays a ransom in exchange for a decryption key. As you can surmise, the goal of such an attack is to extort businesses for financial gain.

Ransomware can “get into” a system in different ways, one of the most common through phishing emails or social media where the human worker inadvertently opens a message, attachment, or link acting as a door to the network or system.  Messages that are urgent and appear to come from a supervisor, accounts payable professional, or perceived “friends” on social media are all likely ransomware actors disguising themselves to manipulate or socially engineer the human.

Near and Far: Ransomware Has No Limits

Many types of ransomware have affected small and medium-sized businesses over the last two decades but it shows no limitations in geography, frequency, type, or company target size.

  • Norwegian aluminum manufacturing company Norsk Hydro, a significant provider of hydroelectric power in the Nordic region, was shut down because of a ransomware infection. The company’s aluminum plants were forced into manual operations and the costs are already projected to reach $40 million (and growing). The ransomware name: LockerGoga. It has crippled industrial firms across the globe from French engineering firm Altran, and manufacturing companies Momentive, and Hexion, according to a report from Wired.
  • What was perceived as an unplanned system reboot at Maersk, a Danish shipping conglomerate, turned out to be a corrupt attack that impacted one-fifth of the entire world’s shipping capacity. Deemed the “most devastating cyberattack in history,” NotPetya created More than $10 billion in damages. To add insult to injury, the cyber risk insurance company for Maersk denied their claim on the grounds that the NotPetya attack was a result of cyberwar (citing an act of war exclusionary clause).  WannaCry was also released in 2017 and generated between $4 billion and $8 billion in damages but nothing (yet) has come close to NotPetya.
  • On Black Friday 2016, the San Francisco Municipal Transportation Agency fell victim to a ransomware attack. The attacker demanded $73,000 for services to be restored. Fortunately, speedy response and backup processes helped the company restore systems in 2 days—avoiding having to pay the ransom. In March 2018, the City of Atlanta experienced a ransomware attack that cost upwards of $17 million in damages. The Colorado Department of Transportation fell victim, too, left with a bill totaling almost $2 million.

These headlines are stories of a digital war that has no geographical borders or structured logic. No one is truly immune to ransomware, and any company that thinks that way is likely not as prepared as they think they are. Beazley Breach Response (BBR) Services found a 105% increase in the number of ransomware attack notifications against clients in Q1 2019 compared to Q1 of 2018, as well as noting that attackers are shifting focus to targeting larger organizations and demanding higher ransom payments than ever before.

Immersive cyber ranges – Protect Yourself, Your Business, Your People

If your own security efforts, staff practices, and business infrastructure are continuously hardened every time a new breach headline makes the news, the things that matter most to you and your company will be better protected. One of the ways to consistently harden security practices is via immersive and persistent training on gamified cyber ranges. Some benefits of using cyber ranges like this include:

  • Helping professionals of all skill levels learn and apply preventative measures such as: regular backups, multi-factor authentication, and incident response planning and analysis.
  • Understanding what ransomware looks like and how it would “work” if it infected their company’s network.
  • Cloud-based environments can scale to emulate any size digital system and help users “see” and respond to threats in safe spaces.
  • Providing user assistance and immediate feedback in terms of rewards, badges, and progress indicators, allowing organizational leaders who want to upskill their cyber teams to see the skills gaps and strengths in their teams and identify ways to harden their defenses.

When ransomware does come knocking at your business door, will you be ready to recover from the costly and reputational damages? If there is any shred of doubt in your mind, then it’s time to re-evaluate your cyber readiness strategy. As we’ve learned, even the smallest vulnerability or level of uncertainty is enough for a cybercriminal to take hold.

Photo by Michael Geiger on Unsplash and via website.

Cyber Attacks and Risk Mitigation in Critical Infrastructure

Reading Time: 4 minutes

Critical infrastructure is a term used by the government to describe assets that are essential for the functioning of a society and economy (think oil and gas, water, electricity, telecommunication, etc.). According to the Department of Homeland Security, there are 16 sectors of critical infrastructure. In the past few years, we’ve seen attacks on departments of transportation, cities, and other network infrastructure that are prompting many cyber security leaders to pay closer attention to their readiness strategy and risk management. With the threat of cyberattacks against public and private sector infrastructure on the rise, it is important to understand the history of these attacks, as well as what critical infrastructure cyber security professionals can do to protect themselves against them. Today, we are going to focus on three sectors: oil and gas, energy and electricity, and transportation.

Oil & Gas Cyber Security

Much of how we live and work is dependent upon the energy produced from oil and gas production, including cooking, heating/cooling, driving, and use of electronic devices and appliances. There have been several successful attacks on this industry already:

  • One of the most famous noted attacks came in 2010 with Stuxnet, a malicious computer worm used to hijack industrial control systems (ICS) around the globe, including computers used to manage oil refineries, gas pipelines, and power plants. It reportedly destroyed a fifth of Iran’s nuclear centrifuges. The worm was delivered through a worker’s thumb drive.
  • In August 2012, an unauthorized user with privileged access to one of the world’s leading National Oil Companies’ (NOCs’) computers unleashed a computer virus called Shamoon (disk-wiping malware). This virus erased three quarters (30,000) of the company’s corporate personal computer data and resulted in an immediate shutdown of the company’s internal network.
  • National Security Authority Norway said 50 companies in the oil sector were hacked and 250 more were warned to check their systems, in one of the biggest hacks in Norway’s history.
  • Ugly Gorilla, a Chinese attacker who invaded the control systems of utilities in the United States, gained cyber keys necessary to access systems that regulate flow of natural gas. In January 2015, a device used to monitor the gasoline levels at refueling stations was remotely accessed by online attackers, manipulated to cause alerts, and set to shut down the flow of fuel. Several gas-tank-monitoring systems suffered electronic attacks thought to be instigated by hacktivist groups.
  • In December 2018, Sapeim fell victim to a cyberattack that hit servers based in the Middle East, India, Aberdeen and Italy.The attack led to cancellation of important data and infrastructures.

Energy & Electricity Cyber Security

While we may not think of the energy sector as being a large cyber vulnerability, it is not only of intrinsic importance to a functioning society but necessary for all other sectors that make up the nation’s critical infrastructure.

There are not many documented cases of a successful power grid attack but that doesn’t mean they don’t occur! The first known instance taking place on December 23, 2015 in Ukraine. Hackers were able to compromise information systems of three energy distribution companies in the Ukraine and temporarily disrupt electric supply to end customers. A year later, Russian hackers targeted a transmission level substation, blacking out part of Kiev.

Although there may not be many examples of historical energy utility hacks, these kinds of attacks are no longer a theoretical concern. In 2014, Admiral Michael Rogers, director of the National Security Agency, testified before Congress that China and other countries likely had the capability to shut down the U.S. power grid. An adversary with the capability to exploit vulnerabilities within the electric utility silo may be motivated to carry out such an attack under a variety of circumstances, and it seems increasingly likely that the next war will be cyber.

Transportation Cyber Security

Via plane, train, or automobile, the transportation sector supports nearly 10 percent of the U.S. GDP (gross domestic product), which includes monetary value of all goods and services produced within the United States. Over the past couple of years, the industry has grown in operational complexity with logistical chains, production, facility and manufacturing partners and plant management. As a result of this growth, it has become an even more alluring and accessible hacking playground for cybercriminals. There have been a few noteworthy attacks on this silo of infrastructure in the last few years:

  • Maersk: Petyamalware variant infected the IT systems of the world’s largest shipping company with 600 container vessels handling 15% of the world’s seaborne trade in June 2017.
  • LOT: A Polish airline canceled 10 flights due to an attack against the airline’s ground computer systems at Warsaw’s Okecieairport in June 2015.
  • Jeep Cherokee: A coordinated attack in 2015 by Charlie Miller and Chris Valasek demonstrated the ease by which a connected car can be remotely hacked into, in this case, using Uconnect.

 

You can see that attacks on these silos of industry have already begun (and show no signs of stopping) and we need to be prepared for what the future holds. To lessen the attack surface vulnerabilities and protect critical infrastructure against cyber threats, teams need to be prepared to address all possible scenarios that can occur on said attack surface in order to effectively protect and defend IT and OT critical infrastructures.

Reducing Risk in Critical Infrastructure Cyber Security

Project Ares® cyber security learning platform can prepare cyber teams with the right skills in immersive environments that emulate their own IT and OT networks to be most effective. In fact, there are exercises within the cyber range platform that have players detect threats on a water treatment plant and in an oil and gas refinery. It is designed for continuous learning, meaning it is constantly evolving with new missions rapidly added to address the latest threats in any critical infrastructure sector. Further, targeted training can be achieved from the library of battle room scenarios to work on specific skill sets like digital forensics, scripting and Linux.

Training in cyber ranges is a great way to foster collaboration, accountability, and communication skills among your cyber team as well as cross-departmentally. Persistent and hands-on learning will help take your cyber team to the next level. Benefits of this kinds of learning include:

  • Increased engagement – by keeping learners engaged they are able to stay focused on the subject matter at hand
  • Opportunities to close gaps immediately – instant feedback, instruction, and critique make it easy for learners to benefit from interaction with the instructor and peers and immediately implement this feedback to improve
  • Risk mitigation and improved problem solving – hands-on training allows learners to master skills prior to working in real-world environments. People can work through tough scenarios in a safe training environment – developing problem-solving skills without risk.

By placing the power of security in human hands, cyber security teams can proactively improve a company’s ability to detect cyber-related security breaches or anomalous behavior, resulting in earlier detection and less impact of such incidence on energy delivery, thereby lowering overall business risk. Humans are the last line of defense against today’s adversary, so prioritizing gamified training for teams will foster the level of collaboration, transparency, and expertise needed to connect the dots for cyber security across these critical infrastructure sectors.

Photo by Ian Simmonds on Unsplash

How to Launch a Cyber Security Career

Reading Time: 5 minutes

Preparing for a cyber security career is more enjoyable than you may think! The technical challenge, problem-solving, constant change (you’re never bored!), and continuous learning opportunities are positive experiences one can have when entering the field of cyber security.

For any interested student or autodidactic, pursuing a cyber security career may seem a little daunting. But with the right cyber security tools and teachings in place, coupled with the latest proficiencies, any person can learn cyber and garner the skills necessary to enter the workforce with confidence and competency.

The earning potential for an individual pursuing a career in cyber is significant. The national average cyber security career salary is $93,000 (on the low end) for a security-related position in the U.S. according to the Robert Half Technology’s 2019 Salary Guide. The industry offers high paying jobs, yet many positions continue to be unfilled with an estimated 3.5 million open cyber positions by 2021. Today, there are more than 300,000 open positions nationwide.

This begs the question: what is the best way to fill the cyber security skills gap with motivated and budding professionals? The answer is multi-faceted but at its core is a fundamental shift in how we prepare and train them with the skills needed to thrive.

Pro Tips for Building a Cyber Security Career Path 

Just like many other career paths, cyber security needs people who possess a mix of academic, theoretical-based knowledge, practical skill sets, and a lot of creative thinking. An aspiring cyber security professional can learn the knowledge, skills, and abilities needed in the industry, seek out internships and/or apprenticeships, and learn of careers in cyber without actually being on the defensive frontlines of cyber attacks. Details of each approach are below.

IDENTIFY INDIVIDUAL CYBER STRENGTHS AND KNOWLEDGE/SKILLS/ABILITIES (KSAs)

The first suggestion for an individual who wants to learns on their own is to match their unique strengths (technical and non-technical) to the kinds of knowledge, skills, and abilities needed to do certain cyber jobs in the workplace. Understand what kinds of jobs are available too. For students, they will likely learn these details in traditional classes and in their coursework assignments. With Google at our fingertips, however, it’s easy to find a variety of online resources to learn cyber security KSA’s including ISACAISC(2)ISSA, and The SANS Institute—all of which provide information about the profession and detail certification and training options. Understanding the kinds of tasks performed in certain work roles and the kinds of behaviors needed to perform certain jobs, an aspiring cyber professional will be better prepared during the interview and job search process. He/she won’t be surprised to learn about what is required to start a job in cyber security.

PURSUE INTERNSHIPS, APPRENTICESHIPS, ALTERNATIVE PATHWAYS

As a self-guided learner, you likely have the go-getting attitude needed to find a cyber security internship, apprenticeship, or alternative trade school to start building your knowledge, skills, and abilities more.

Internships are available through many community colleges, technical colleges, and universities, each of which have well-oiled practices of connecting students with local companies. In fact, it’s not uncommon for most students, both undergraduate and graduate, to be required to complete an internship in their field of study before graduation.

Apprenticeships are a “learn while you earn” kind of model and are incredibly beneficial for both the company offering the apprenticeship and the student.

“This is absolutely fundamental, and a key plan in meeting the workforce needs. Our solution to the gap will be about skills and technical ability,” says Eric Iversen, VP of Learning & Communications, Start Engineering. “And the most successful of apprenticeship programs offer student benefits (e.g., real-world job skills, active income, mentorship, industry-recognized credentials, an inside track to full-time employment, etc.) and employer benefits (i.e., developed talent that matches specific needs and skill sets, reduced hiring costs and a high return on investment, low turnover rates and employee retention, etc.)”

The Department of Homeland security created a Cyber Corp Scholarship program to fund undergraduate and graduate degrees in Cyber Security. Students in this program agree to work for the Federal Government after graduating (with a one year service for every year of scholarship).

These types of opportunities are especially advantageous for recruiting individuals who may be switching careers, may not have advanced degrees, or are looking to re-enter the field.

Alternative pathways are also quite accessible for the college graduate or self-driven learner seeking a career in cyber security. One cyber career pathway is via “stackable” courses, credits, and certifications that allow learners to quickly build their knowledgebase and get industry-relevant experience. These kinds of courses are available in high school (taking collegiate-level courses) and at the college level. Another type of alternative pathway is via cyber competitions and hackathons. Learners can gain practical skills in a game-like event while meeting fellow ambitious professionals. Participating in these events also makes for great “extracurricular activities” on one’s resumé too.

Circadence is proud to lend its platform Project Ares® for many local and national cyber competitions including the Wicked6 Cyber Games, cyberBUFFS, SoCal Cyber Cup, and Paranoia Challenge so students can engage in healthy competition and skill-building among peers. For more information on cyber competitions and hackathons, check out the Air Force Association’s CyberPatriotCarnegie Mellon’s picoCTFMajor League Hacking, and the National Cyber League.

Cyberseek.org also has a detailed and interactive roadmap for hopeful professionals to learn more about how to start and advance their careers in cyber security. This interactive cyber security career pathway map breaks it all down. For example, if you’re interested in a software development role, you’ll want to build skills in Java or Python, databases, code testing, and software engineering, as well as, build cyber skills in cryptography, information assurance, security operations, risk management, and vulnerability assessment. You may also consider certifications in Certified Ethical Hacking (CEH), Security+, Network+, Linux+, Offensive Security Certified Professional (OSCP), CISSP, and GIAC in addition to having real-world experience and training.

Cyber Security Career Requirements

We recommend three types of experience when considering a career in cyber security:

·     Degree experience for basic understandings of cyber theory and practice

·     Technical experience to demonstrate learned knowledge translates to skill sets acquired

·     Real-world training experience, either via an internship/on-the-job opportunity or via realistic cyber range training

Many entry-level cyber security job descriptions will require at least a bachelor’s degree or 4 years’ experience in lieu of a degree. Higher-level positions will require the academic degree plus some technical experience and/or real-world training.

It’s important to note that there are two types of cyber training available: A traditional classroom-based setting and an on-demand, persistent training option. Both are great in their own ways and can complement each other for holistic cyber learning. The classroom-based learning presents information to learners via PowerPoints, lectures, and/or video tutorials. Learners can take that knowledge and apply it in a hands-on virtual cyber range environment to see how such concepts play out in real-life cyber scenarios.

Since cyber security is an interdisciplinary field, it requires knowledge in technology, human behavior/thinking, risk, law, and regulation—to name a few. While many enter the field with the technical aptitude, many forget the “soft skills” to cyber security. To communicate effectively with a cyber team, problem-solve, analyze data, identify vulnerabilities, and understand the “security story” of the employer, a young professional needs to possess and demonstrate those social skills to thrive in their job.

The Variety of Cybersecurity Fields are Endless

There’s more to cyber security than being a network analyst or incident response manager. Interested, aspirant professionals can work in cyber security through other departments beyond security and IT. Cyber careers in human resources, marketing, finance, and business operations are all available sectors that allow a learner to “be in cyber” without doing the actual day-to-day frontline security defense tactics. It is important to know about the other careers individuals can pursue in cyber security because it is not just for the IT department to “manage” within a business. Furthermore, cyber security roles don’t have to be pursued at technology companies – there are many healthcare, banking, energy, and enterprise companies seeking cyber security professionals in their organizations. So, if a certain industry is of interest to you, you can explore cyber in that specific industry. In the age of digital transformation, practically every sector has a security need that needs hardened.

For young graduates entering the cyber security field, a multi-faceted approach to learning cyber security skills is recommended. The good news is that motivated learners have lots of avenues and resources available to them to pave a career path that best fits their needs and interests.

Cyber Ranges and How They Improve Security Training

Reading Time: 3 minutes

WHAT ARE CYBER RANGES?

Cyber ranges were initially developed for government entities looking to better train their workforce with new skills and techniques. Cyber range providers like us deliver representations of actual networks, systems, and tools for novice and seasoned cyber professionals to safely train in virtual, secure environments without compromising the safety of their own network infrastructure. Today, cyber ranges are used in the cybersecurity industry to effectively train the cyber workforce across companies and organizations for stronger cyber defense against cyber attacks. As technology advances, cyber range training advances in scope and potential.

To learn more about Circadence’s cyber range offering, visit https://www.circadence.com/solutions/topic/cyber-ranges/.

The National Initiative for Cybersecurity Education reports cyber ranges provide:

  • Performance-based learning and assessment
  • A simulated environment where teams can work together to improve teamwork and team capabilities
  • Real-time feedback
  • Simulate on-the-job experience
  • An environment where new ideas can be tested and teams and work to solve complex cyber problems

In order to upskill cybersecurity professionals, commercial, academic, and government institutions have to gracefully fuse the technicalities of the field with the strategic thinking and problem-solving “soft skills” required to defeat sophisticated attacks.

Currently, cyber ranges come in two forms: Bare environments without pre-programmed content; or prescriptive content that may or may not be relevant to a user’s industry. Either cyber range type limits the learner’s ability to develop many skill sets, not just what their work role requires.

UNDERSTANDING CYBER RANGES IN A BOX (OR CYRAAS, as we call it.)

Cyber ranges in a box is a collection of virtual machines hosted on an on-premise or cloud-based environment. Now, don’t let the name “in a box” fool you, at Circadence, you can’t purchase our cyber range solution on its own. To your cyber learning benefit, Circadence offers a cyber-range-as-a-service [CyRaas] solution embedded within the Project Ares cyber learning platform for optimized training and skill building at scale. When you purchase Project Ares, CyRaaS is included. It provides all-encompassing tools and technologies to help professionals achieve the best cybersecurity training available. Our service offers industry-relevant content to help trainees practice offense and defense activities in emulated networks. Cyber ranges also allow learners to use their own tools within emulated network traffic to reflect the real-world feeling of an actual cyberattack. In “training as you would fight,” learners will have a better understanding of how to address cyber threats when the real-life scenario hits.

With advances in Artificial Intelligence (AI), we know cyber ranges can now support such technology. In the case of our own Project Ares, we are able to leverage AI and machine learning to gather user data and activity happening in the platform. As more users play Project Ares, patterns in the data reveal commonalities and anomalies of how missions are completed with minimal human intervention. Those patterns are used to inform the recommendations of an in-game advisor with chat bot functionality so players can receive help on certain cyber range training activities or levels. Further, layering AI and machine learning gives security  professionals better predictive capabilities and, according to Microsoft, even  “improve the efficacy of cybersecurity, the detection of hackers, and even prevent attacks before they occur.”

To learn how cyber ranges are being used to improve cyber learning for students (and how it can be applied to your organization or company,
DOWNLOAD OUR “LEARN BY DOING ON CYBER RANGES” INFOGRAPHIC.

GAMIFIED CYBER RANGES

With many studies touting the benefits of gamification in learning, it only makes sense that cyber ranges come equipped with a gamified element. Project Ares has a series of mini-games, battle rooms, and missions that help engage users in task completion—all while learning new techniques and strategies for defeating modern-day attacks. The mini-games help explain cyber technical and/or operational fundamentals with the goal of providing fun and instructional ways to learn a new concept or stay current on perishable skills. The battle rooms are environments used for training and assessing an individual on a set of specific tasks based on current offensive and defensive tactics, techniques and procedures. The missions are used for training and assessing an individual or team on their practical application of knowledge, skills and abilities in order to solve a given cybersecurity problem set, each with its own unique set of mission orders, rules of engagement and objectives.

CYBER RANGE SECURITY

There is a lot of sensitive data that can be housed in a cyber range, so system security is the final piece to comprising a cyber range. The cloud is quickly recognized as one of the most secure spaces to house network components (and physical infrastructure). To ensure the cyber ranges are operating quickly with the latest updates and to increase visibility of how users are engaging in the cyber ranges across the company, information security in the cloud is the latest and greatest approach for users training in test environments.

We are proud to have pioneered such a state-of-the-art cyber range in many of our platforms including (as mentioned above), Project Ares®, and CyRaaSTM. We hope this post helped you understand the true potential of cyber ranges and how they are evolving today to automate and augment the cyber workforce.

3 Ways to Prevent Cyber Security Election Interference

Reading Time: 4 minutes

Voting is the crux of what we refer to as an American Democracy. Since the 2016 elections in the United States, numerous reports have cited concerns of vulnerabilities in the voting ecosystem, detailing attempts of foreign interference by organizations such as the Russian government to exploit election results with pervasive cyber attacks.

To assist in securing critical infrastructure and preventing cyber attacks, Congress provided federal funding under the recent 2018 Consolidated Appropriations Act Election Reform Program, authorized by the 2002 Help America Vote Act (HAVA). This funding grants states additional resources to make improvements in election cyber security.  Failure to negate election interference will only perpetuate future cyber attacks, which will lower voter confidence in the democratic process and impact on voter turnout.

Now more than ever, election security officials need to revisit their voting systems to leverage this newfound funding and better secure the human element that often causes cyberattacks. While the cyber attack surface of election systems is extensive due to the more than 8,000 jurisdictions in counties, states, and cities that maintain election infrastructure, there is one constant in the elections security system that can be leveraged—humans. With individuals and teams informing the entire voting process from voter registration to casting votes to reporting outcomes and auditing, humans are a key part in managing and directing both digital and manual processes.

If election security professionals can be better trained to understand how to stop cyber attacks using their own tools in emulated environments, the state of election cyber security will be greatly improved.

We’ve detailed three ways for election security officials to upskill their cyber security teams in spite of the variability in equipment and process.

1. ADOPT A CONTINUOUS LEARNING APPROACH TO ELECTION CYBER SECURITY  

In previous Circadence blogs, we’ve shared the benefits of a continuous learning approach, and there’s a reason for it—if cyber teams cannot keep pace with evolving adversary techniques and tactics, they won’t know how to stop them from causing mass damage. Learning basic cyber skills as well as how adversaries are using social engineering to influence election campaigns will help state, local and government election officials be better prepared to identify and respond to cyber attacks on voting systems.

Unfortunately, there have been documented instances of untrained personnel who have knowingly and unknowingly jeopardized the security of elections thus far. Notably, one of the first cryptic signs of cyberespionage came when a Democratic National Committee (DNC) help desk contractor ignored repeated calls from the FBI who were reporting a cyber threat from a computer system hack conducted by a Russian group referred to as “the Dukes28.” The article notes the contractor “was no expert in cyber attacks,” and couldn’t differentiate the call from a prank call.

Fortunately, with the passing of the Election Reform Program, now is the time for election cyber security professionals to dedicate the resources necessary to address all aspects of cyber security that affect a strong cyber posture. This includes:

  • having the proper equipment and security protocols in place
  • employing a trained team who can identify and combat threats quickly
  • deployment of cyber resilience when attacks do occur, and much more.

2. ANALYZE PREVIOUS ATTACKS TO UNDERSTAND ADVERSARY TECHNIQUES  

It is insufficient to solely analyze the specific cyber attacks from the past few years, but it is still important to see and understand the tactics and vulnerabilities exploited, particularly since electronic voting machines are not upgraded often. Two cyber attack groups, Fancy Bear and Cozy Bear are worth investigating further since their methods have been analyzed in detail already. From using fake personas to deliver stolen emails and documents to journalists, to the use of malware and spear-phishing, adversaries were able to access an operational infrastructure, implant the agent and encrypt communication to silently exfiltrate data remotely.

Understanding adversary techniques like this can inform how cyber teams train for future cyber attacks. Election officials can begin to assess the skill level of their teams and all involved in the election process to get a sense of their capabilities and how they would approach a “Cozy Bear 2.0” for instance.

3. PARTICIPATE IN OR HOST TABLETOP AND LIFE FIRE EXERCISES  

Recently, Circadence used its Project Ares platform to help the City of Houston simulate a realistic cyber attack exercise to help public and private entities better prepare for an attack scenario. Emergency response simulated a cyber attack on transportation, energy, water, and government sectors while senior leaders worked directly with technical professionals to develop timely responses.  This type of collaborative approach could be undertaken in every voting jurisdiction to test election systems.

There will always be risks, but cities and counties are realizing that the key is getting ahead of the cyber attack and to develop effective cyber readiness policies and procedures, realistic virtual training environments can help. Running through these cyber exercises with multiple players helps leaders see apparent gaps in offensive and defensive techniques while reaffirming the practices that must take place to secure any type of infrastructure.

As election security officials plan for new ways to leverage the HAVA Election Security Fund to improve processes, they will be pressed with justifying expenditures while also demonstrating that said security measures have indeed improved. The above recommendations will make elections safer and likely contribute to the restoration of public confidence in our democratic process.

The more focus election security officials place on upskilling their cyber teams with 1) continuous learning approaches, 2) analyzing past cyber attack methods, and 3) participating in realistic training events, the more effectively they reduce human error as a dominant source of cyber attacks.

To learn more ways to prevent election cyberattacks download our whitepaper “Protecting Democracy from Election Hacking.”

DOWNLOAD WHITEPAPER