Living Our Mission Blog Series: Building Hyper-Scalable Cyber Training Experiences with Randy Thornton, Enterprise Architect at Circadence

A newly minted Engineering Fellow, Randy Thornton has dedicated his craft to software development for over 30 years. His passion for learning and using new technologies is evident in Circadence’s cyber range platform, Project AresÒ.

Randy joined Circadence in 2005 when the company was selling its WAN Optimization product, MVOÔ. His background in scientific computing software for CAD/CAM, telecom, and seismology have all been brought to bear to transform Project Ares from a mere cool idea that met unique market demands, to now, a full-fidelity, hyper-scalable range training tool for cyber security professionals used worldwide.

Randy and Circadence: Then and Now

In the beginning, there were about four Circadence employees working on the Project Ares prototype, which was eventually adopted by government and military agencies who were looking for better ways to train their cyber operators. Fast forward to today, Randy is leading the Project Ares team to redesign the architecture to scale within Microsoft Azure.  The goal is to provide private sector enterprises the same cutting-edge opportunity to train their cyber teams of any size and location on a gamified range—persistently, authentically, with flexibility and relevant to their specific cyber readiness needs. And Randy has been there through it all!

Today Randy mentors the engineering team at Circadence and helps them identify and collate standards around how the company’s products’ code is written and tested. He also helps identify what technologies to use and evaluates the technical feasibility of using new tech in the products themselves.

“Researching and learning new technology and staying on the cutting-edge is one of the most exciting parts of my job,” said Randy. “I see so much potential for Project Ares…so much promise…and being able to build out complicated networks in the cloud is a welcomed challenge for me.” he added.

Fellow Designation Reflected in Technical Capabilities within Project Ares

Randy’s contributions have been celebrated with a promotion to an Engineering Fellow, a significant career milestone that honors his achievements, expertise, and technical leadership to Project Ares, Circadence, and the cyber security industry as a whole.  The well-deserved recognition clearly stems from the fact that Randy never stops learning! He recently completed his Azure architecture certification exam, which helps him contribute to transitioning Project Ares to run on Microsoft Azure intelligent cloud.

“Project Ares’ ability to scale across regions is even more prevalent now thanks to Microsoft Azure,” said Randy. “The usability, the functionality, and its capability to connect across multiple locations and look like one single installation will be very beneficial to enterprise and government entities looking to scale their cyber training efforts effectively.”

A professional motto that drives Randy’s belief in continuous innovation in Project Ares is “Every time we change code, we should improve it.” It is this technical philosophy that has kept Randy and the Circadence engineering team on their toes and moving at pace to meeting market demands for scalable cyber training experiences.

Evolving Cyber Training to Scale for Customers

Randy’s current project lies in Project Ares.Next, an evolution of Project Ares from an on-premise application to a true cloud native SaaS platform that fully exploits the advantages of the cloud computing model.  Many of the cloud native improvements for Project Ares will be “under the covers”.  But customers will see performance improvements in mission virtual machines and new cyber curriculum will be able to be added to the platform more expeditiously. Project Ares users who want to train their teams from anywhere in the world will be able to do so persistently, without compromising user experience and impacting mission load times, etc.

As Project Ares evolves, we start to adapt to Go and Google standards and Kubernetes standards,” said Randy. “We’ve been working closely with Microsoft engineering teams on how we use the Azure Cloud most effectively and efficiently,” he adds.

The work of Randy and his teams is technical in nature and we greatly appreciate the level of knowledge and expertise they have to ensure Project Ares stays on the cusp of cyber training market demands using the latest technology to automate and augment the cyber workforces of tomorrow. We are grateful for their work to make Project Ares better every day as they use their talents to inform what our customers experience in the platform.

Learn Project Ares, including recent mission and battle room updates!

Photo by Markus Spiske on Unsplash
Photo by John Schnobrich on Unsplash

Living our Mission: Creating Authentic Cyber Training and Learning Environments Inspired by Real-World Experience: Todd Humes, Sr. Mission Designer

Bringing his Air Force and military security engineering background to use, Senior Mission Designer Todd Humes understands what it takes to defend networks from adversaries. Prior to Circadence, he served in various government security roles including as a Systems Security Engineer and Systems Administrator and on the commercial side as a Director of Network Defense Operations at a Managed Security Service Provider. He noticed a gap in commercial cyber training and readiness that eventually lead him to Circadence.  

In his current role, Todd ensures that real-world training exercises developed meet critical training objectives and are authentic for the end-user. “We want to provide a safe place for trainees to learn cyber…so he/she doesn’t have to worry about causing damage on actual networks when trying to build skills,” he says.  

It’s important trainees in Project Ares experience true-to-life cyber threat scenarios that they would in their actual workplace.

In “mimicking a controlled environment that they would see” in the workplace, trainees gain “an experience that is highly relatable and allows for professional development,” Todd says.  

When developing new missions Todd and his team examine market verticals and threats associated with those industries to identify unique scenarios that can be built out in a Project Ares mission. “We do our own research and threat intelligence targeting verticals, brainstorm specific scenarios and begin designing what the network environment should look like,” he says. The automation and orchestration of how the mission will unfold require a great deal of programming. Between building the mission components, the layout, and the services that will be “affected” in the exercise, Todd and his team bring cyber threats to life in the most authentic way possible. Sometimes, he adds, “we have to reverse engineer the malware [for example] to get the capability we want,” adding layers of complexity and back-end work to produce the final product.  

But the intricacies of building missions is anything but dull. “It’s never boring! We’re always learning day in and day out and the people who are successful in this field are the individuals who continue to learn themselves,” Todd says.

To ensure missions stay relevant against today’s threats, Todd is always keeping a pulse on the latest research and vulnerabilities by studying online reports and attending cyber conferences and industry-related events to network with like-minded leaders.  

He believes by continuously learning about the industry, all professionals in this line of work and beyond can find new and better ways to address an exploit and stay one (or several) steps ahead of hackers. He considers cyber security one the few industries and specializations that requires persistent learning and skill building in order to “extend the life” of security across organizations and companies.   

Learn Project Ares, including recent mission and battle room updates here.   

Cyber Security and the Baby Boomer, Gen X Populations

We all have someone in our lives who isn’t tech-savvy They don’t know how to convert a word doc into a PDF, or they try to do a Google search on Facebook, or they seem to struggle with the ‘simple’ act of text messagingThese are not uncommon missteps when using smart devices for people who didn’t grow up with Siri ® (let alone the Internet!) at their fingertips. While these mistakes seem harmless or even comical at times, there can be much more serious cyber security consequences.  

Baby Boomer and Generation X populations (born 1946-64 and 1965-76) are a growing target for scammers because they are a largely trustworthy population made up of financially successful people. And some of the oldest may have cognition and memory ailments. The American Journal of Public Health estimates that about 5of the Baby Boomer population, (about 2 to 3 million people)experience from some sort of scam every year. The Federal Bureau of Investigation cites that older adults lose more than 3 billion dollars a year to financial scams. 

Some of the most common forms of cyber threats that vulnerable Baby Boomers can fall victim to are impersonation scams, or fraud. This is a kind of deception involving trickery and deceit that leads unsuspecting victims to give money, property, or personal information in exchange for something they perceive as valuable or worth protecting. According to Scam Watch, in 2019 so far 10,297 scams have been reported in the 55-64 age range, and 13,323 scams have been reported in those 65 and older.  

Here are some of the top types of scams used against this population: 

  • Medicare, health insurance, and pharmacy scams in which perpetrators may pose as a Medicare representative or provide bogus healthcare services for patients in order to gain access to their personal information. They may also be persuaded to buy unsafe or fake prescription medication that may harm their health. 
  • Sweepstakes and lottery fraud occur when an advertisement pops up saying you’re the lucky winner in a random website sweepstakes. This is a ploy to get people to enter their personal information, including address and credit card number in order to “claim a prize” or win money.
  • Sweetheart scams seem unusually cruel. With a majority of the Baby Boomer population dealing with the death of a loved one or children leaving home, maybe living alone for the first time, loneliness can creep in. Scammers in these scenarios pretend to be a love interest of the victim and eventually ask for money to help support them. 

The good news is that we can help the most vulnerable in this population avoid falling victim to a scamWe can have conversations to stimulate awareness of online and phone safety practices, make frequent visits and facilitate discussions about monthly bills and medications, and destigmatizing fear or embarrassment to come forward if they find they have been taken advantage of (waiting to rectify the situation could only make things worse). You can report scams to a number of organizations, including the FBI, Social Security Administration, Federal Trade Commission, or your bank or retirement facility. 

 Don’t wait until it’s too late, have important conversations with loved ones of all ages and ensure they feel empowered to make smart decisions online. 

When cyber security meets machine learning

What happens when cyber security and machine learning work together? The results are pretty positive. Many technologies are leveraging machine learning in cyber security functions nowadays in order to automate and augment their cyber workforce. How? Most recently in training and skill building.

Machine learning helps emulate human cognition (e.g. learning based on experiences and patterns rather than inference) so autonomous agents in a cyber security system for instance, can “teach themselves” how to build models for pattern recognition—while engaging with real human cyber professionals.

Machine learning as a training support system

Machine learning becomes particularly valuable in cyber security training for professionals when it can support human activities like malware detection, incident response, network analysis, and more. One way machine learning shows up is in our gamified cyber learning platform Project Ares, under our AI-advisor “Athena” who generates responses to player’s queries when they get stuck on an activity and/or need hints to progress through a problem.

Athena generates a response from its learning corpus, using machine learning to aggregate and correlate all player conversations it has, while integrating knowledge about each player in the platform to recommend the most efficient path to solving a problem. It’s like modeling the “two heads are better than one” saying, but with a lot more “heads” at play.

Machine learning as an autonomous adversary

Likewise, machine learning models provide a general mechanism for organization-tailored obscuring of malicious intent during professional training—enabling adversaries to disguise their network traffic or on-system behavior to look more typical to evade detection. Machine learning’s ability to continually model and adapt enables the technology to persist undetected for longer (if it is acting as an autonomous agent against a trainee in our platform). This act challenges the trainee in the platform in a good way, so they begin to think like an adversary and understand their response to defensive behavior.

Machine learning supports cyber skills building

Companies like Uber use machine learning to understand the various routes a driver takes to transport people from point A to point B. It uses data collected to recommend the most efficient route to its destination.

It increases the learning potential for professionals looking to hone their cyber skills and competencies using machine learning.

Now imagine that concept applied to cyber training in a way that can both help cyber pros through cyber activities while also activating a trainee’s cognitive functions in ways we previously could not with traditional, off-site courses.

Machine learning abilities can analyze user behavior for both fraud detection and malicious network activity. It can aggregate and enrich data from multiple sources, act as virtual assistants with specialized knowledge, and augment cyber operators’ daily tasks. It’s powerful stuff!

To learn more about machine learning and AI in cyber training, download our white paper “Upskilling Cyber Teams with Artificial Intelligence and Gamified Learning.”

Photo by Startup Stock Photos from Pexels

Cyber Security in the Age of Digital Transformation

Is your company doing through a digital transformation?

The age of digital transformation is prompting businesses to examine their increased threat surfaces and cyber risk. Circadence provides tips for how to ride the cyber security wave of digital transformation while keeping practices and preparedness efforts strong.

From unifying security architecture to automating routine security tasks to building a culture of continuous cyber training for professionals, Circadence helps businesses of all sizes upskill cyber security teams to fortify the vulnerable human element of cyber security.

Targeted Cybercrime on the Rise

Targeted attacks against particular groups or entities are on the rise this year. Instead of a “spray and pray” approach, malicious hackers are getting particular about who and what they attack and how for maximum accuracy. Why? The right ransomware attack on the right data set to the right group of people can yield more monetary gain than an attack towards a general group of people at varying companies. To empower ourselves, we need to understand how cybercrime is “getting personal” and what we can do to prevent attacks like this.

Cybercriminals want to stay under the radar, so the more their attacks remain hidden from the public eye, the better chance they have to replicate that method on other vulnerable groups with lots to lose. Unauthorized adversaries target certain devices, computer systems, and groups of professionals most vulnerable to cybercrime.

Server hacking for faster monetary gain

Attacks on endpoint devices like computers and laptops are a thing of the past for evolving hackers who know that unsecured enterprise servers offer the best chances of staying undercover than device firewalls allow. Why get pennies and minimal personal information from a single laptop user when you can get millions from a few locked up servers that house incredibly sensitive data like billing information and credit cards?

The City of Baltimore experienced this firsthand with a ransomware attack that affected 14,000 customers with unverified sewer charges. Hackers demanded $76,000 in bitcoin to unlock city service computers, which impacted the delivery of water bills to local residents. While many residents might not mind skipping a payment, in the long run it’ll cause “surprise” bills when back-pay is requested.

Recently, Rivera Beach in Florida was one of the latest government entities to be crippled by a ransomware attack, and unfortunately, they paid almost $600,000 to hackers to regain access to their data.

But it’s more than a local city and state governments that are being attacked at this scale.

Multi-mass hacking for political disruption

Devices that are used by the masses are also at risk. Think about voting machines. Hacking into those machines has never been easier due to old devices and lack of security on them. To ensure the integrity of data, governments can consider using blockchain to maintain a more hardened security structure all the while, educating their election security professionals on the latest hacking methods so they can assess vulnerabilities on physical systems. The end result of voting machine hacking isn’t monetary per se—it’s much better—pure, unbridled political chaos and public distrust in election security and government operations.

Car-jacking to car hacking

Modern transportation system and vehicle attacks are on the rise too. Today’s cars are basically computers on wheels with the levels of code embedded within them. Hackers have been known to target cars to control key functions like brakes, steering and entertainment consoles to jeopardize the people in the car, as well as everyone around them on the road. In an interview with Ang Cui, CEO of Red Balloon Security, he notes “If you can disable a fleet of commercial trucks by infecting them with specialized vehicle ransomware or in some other way hijacking or crippling the key electronic control units in the vehicle, then the attacker could demand a hefty ransom.”

Cyber security professor Laura Lee notes, “The transportation sector is said to now be the third most vulnerable sector to cyber-attacks that may affect the seaport operations, air traffic control, and railways. The ubiquitous use of GPS information for positioning makes this sector especially concerned about resiliency.”

Preventing targeted cybercrime

In many of the incidences above and those not reported upon, humans are often the first and last line of defense for these companies and devices being attacked. Humans have the ability to detect vulnerabilities and gaps in security while also understanding what hackers are after when it comes to cybercrime tactics.

Our ability to handle both technical and analytical aspects of hacking means more can be done proactively to prevent targeted cybercrime like this. Specifically, in the field of training cyber security professionals, government and commercial entities should evaluate current training efforts to ensure their teams are 100% prepared for targeted attacks like these. How hackers attack changes every day so a persistent, enduring method of training would be critical to helping empower and enable defenders to anticipate, identify, and mitigate threats coming their way.

New cyber training approaches are using gamification to complement and enhance existing traditional, off-site courses. Currently, many traditional courses are passively taught with PowerPoint presentations and prescriptive video learning, often disengaging trainees who want to learn new cyber concepts and skill sets (in addition to staying “fresh” on the cyber fundamentals).

Government organizations and commercial enterprises would be smart to explore engaging ways to keep cyber team skills up to snuff while increasing skill retention rates during training.

More information on new ways to gamify cyber learning can be found here.

Handcuffs: Photo by Bill Oxford on Unsplash
Keyboard : Photo by Taskin Ashiq on Unsplash

Good Bots and Bad Bots: How to Tell the Difference to Stay Cyber Safe

You may have heard or read the term “bot” in the context of cyber security. Normally we hear this word in the wake of a cyberattack and relate it to breaches in computer or network security. While there are certainly bad bots, there are good bots too! So what exactly is a bot, how can you differentiate, and how do they work?

What are bots?

The term bot is short for robot and is a type of software application created by a user (or hacker) that performs automated tasks on command. There are so many variations, from chatbots to spider bots to imposter bots. Good bots are able to assist in automating day to day activities, such as providing up to the minute information on weather, traffic, and news. They can also perform tasks like searching the web for plagiarized content and illegal uploads, producing progressively intelligent query results by scouring the internet content, or helping find the best purchase deals online.

While we encounter bots like these in our everyday activities without really thinking about them, being aware of bad bots is important. Bad bots, used by adversaries, perform malicious tasks and allow an attacker to remotely take control over an infected computer. From there, hackers can infiltrate the network and create “zombie computers,” which can all be controlled at once to perform large-scale malicious acts. This is known as a “botnet”.

How do bots work?

Cybercriminals often use botnets to perform DoS and DDoS attacks (denial of service and distributed denial of service, respectively). These attacks flood target URLs with more requests than they can handle, making regular traffic on a web site almost impossible. Hackers use this as a way to extort money from companies that rely on their website’s accessibility for key business functions and can send out phishing e-mails to direct customers to a fake emergency site.

Protect yourself from bad bots

Don’t let this information scare you though! Awareness is a great first step to recognizing any potential harmful activity, whether on your own computer or on a site you visit online. Preventing bad bots from causing attacks before they start is easy with these tips:

  • Ensure your antivirus software is up to date by setting it to automatically update.
  • Routinely check the security options available to you for your iOS, web hosting platform, or internet service provider.
  • Only click on links and open emails from trusted sources. Avoid accepting friend or connect requests, responding to messages, or clicking on links from unknown persons on social media.

Bots can be incredibly helpful, and we use them every day. Knowing how to differentiate the good from the bad while taking the necessary precautions to protect yourself against malicious bots will ensure that you only need to deal with bots when they are telling you about blue skies or saving you money on that great shirt you’ve been wanting!

Photo by Su San Lee on Unsplash

Ransomware – The Attack Du Jour!

Ransomware is gaining traction among hackers; emboldened by financial success and anonymity using cryptocurrencies. In fact, ransomware is now considered a tried and true cyberattack technique, with attacks spreading among small and medium-sized businesses, cities and county governments. Coveware’s recent 2019 Q1 Ransomware Report notes:

  • Ransoms have increased by an average of 89% over Q1 in 2019 to $12,762 per ransom request
  • Average downtime after a ransomware attack has increased to 7.3 days, up from 6.2 days in Q4 of 2018, with estimated downtime costs averaging $65,645
  • Victim company size so far in 2019 is anywhere from 28 to 254 employees (small, medium, and large-sized businesses)

Let’s review how ransomware works and why it’s so effective. Ransomware is a type of cyberattack where an unauthorized user gains access to an organization’s files or systems and blocks user access, holding the company’s data hostage until the victim pays a ransom in exchange for a decryption key. As you can surmise, the goal of such an attack is to extort businesses for financial gain.

Ransomware can “get into” a system in different ways, one of the most common through phishing emails or social media where the human worker inadvertently opens a message, attachment, or link acting as a door to the network or system.  Messages that are urgent and appear to come from a supervisor, accounts payable professional, or perceived “friends” on social media are all likely ransomware actors disguising themselves to manipulate or socially engineer the human.

Near and Far: Ransomware Has No Limits

Many types of ransomware have affected small and medium-sized businesses over the last two decades but it shows no limitations in geography, frequency, type, or company target size.

  • Norwegian aluminum manufacturing company Norsk Hydro, a significant provider of hydroelectric power in the Nordic region, was shut down because of a ransomware infection. The company’s aluminum plants were forced into manual operations and the costs are already projected to reach $40 million (and growing). The ransomware name: LockerGoga. It has crippled industrial firms across the globe from French engineering firm Altran, and manufacturing companies Momentive, and Hexion, according to a report from Wired.
  • What was perceived as an unplanned system reboot at Maersk, a Danish shipping conglomerate, turned out to be a corrupt attack that impacted one-fifth of the entire world’s shipping capacity. Deemed the “most devastating cyberattack in history,” NotPetya created More than $10 billion in damages. To add insult to injury, the cyber risk insurance company for Maersk denied their claim on the grounds that the NotPetya attack was a result of cyberwar (citing an act of war exclusionary clause).  WannaCry was also released in 2017 and generated between $4 billion and $8 billion in damages but nothing (yet) has come close to NotPetya.
  • On Black Friday 2016, the San Francisco Municipal Transportation Agency fell victim to a ransomware attack. The attacker demanded $73,000 for services to be restored. Fortunately, speedy response and backup processes helped the company restore systems in 2 days—avoiding having to pay the ransom. In March 2018, the City of Atlanta experienced a ransomware attack that cost upwards of $17 million in damages. The Colorado Department of Transportation fell victim, too, left with a bill totaling almost $2 million.

These headlines are stories of a digital war that has no geographical borders or structured logic. No one is truly immune to ransomware, and any company that thinks that way is likely not as prepared as they think they are. Beazley Breach Response (BBR) Services found a 105% increase in the number of ransomware attack notifications against clients in Q1 2019 compared to Q1 of 2018, as well as noting that attackers are shifting focus to targeting larger organizations and demanding higher ransom payments than ever before.

Immersive cyber ranges – Protect Yourself, Your Business, Your People

If your own security efforts, staff practices, and business infrastructure are continuously hardened every time a new breach headline makes the news, the things that matter most to you and your company will be better protected. One of the ways to consistently harden security practices is via immersive and persistent training on gamified cyber ranges. Some benefits of using cyber ranges like this include:

  • Helping professionals of all skill levels learn and apply preventative measures such as: regular backups, multi-factor authentication, and incident response planning and analysis.
  • Understanding what ransomware looks like and how it would “work” if it infected their company’s network.
  • Cloud-based environments can scale to emulate any size digital system and help users “see” and respond to threats in safe spaces.
  • Providing user assistance and immediate feedback in terms of rewards, badges, and progress indicators, allowing organizational leaders who want to upskill their cyber teams to see the skills gaps and strengths in their teams and identify ways to harden their defenses.

When ransomware does come knocking at your business door, will you be ready to recover from the costly and reputational damages? If there is any shred of doubt in your mind, then it’s time to re-evaluate your cyber readiness strategy. As we’ve learned, even the smallest vulnerability or level of uncertainty is enough for a cybercriminal to take hold.

Photo by Michael Geiger on Unsplash and via website.

Cyber Security and the LGBTQIA Community

While most of us recognize the inherent vulnerabilities of putting our personal information online, we may not think about how marginalized communities are at even greater risk of malicious attacks on the internet. The LGBTQIA (lesbian, gay, bi-sexual, transgender, queer, intersex, and asexual) community certainly understands the ramifications of sharing their lifestyles on the web, and it is of vital importance to consider how compromised online privacy can specifically impact these already vulnerable groups.

To understand the privacy risks for LGBTQIA individuals, consider how we all use the internet and create digital footprints. Here are some statistics from LGBT Tech, The Trevor Project, and a study released by GLSEN (the Gay, Lesbian, and Straight Education Network).

  • 81% of LGBTQIA youth have searched for health information online, as compared to 46% of non-LGBTQIA youth.
  • 62% of LGBTQIA youth have used the internet to connect with other members of the community in the last year.
  • More than 1 in 10 said they had first disclosed their LGBTQIA identity to someone online.
  • 1 in 4 youth said they are more out online than in person.
  • 42% of youth in this community have been bullied online versus 15% of the general public.
  • 27% of LGBTQIA members report not feeling safe online.
  • LGBTQIA youth are almost 5 times as likely to attempt suicide from harassment and isolation compared to heterosexual youth.

The internet can be a scary place for members of the LGBTQIA community, but it is often also a lifeline.  LGBT-identifying adults often need to find resources and places that will be welcoming and supportive, and mobile devices play a vital role in their day today.  For many individuals who are not yet comfortable revealing their sexual identity at home or in their communities, the internet is often the first tentative step for seeking both information and community belonging.

However, when privacy is breached, intentionally or unintentionally, for vulnerable populations, consequences can be catastrophic including loss of employment, damaged familial relationships or friendships, and even threats of physical harm or death.

Back in 2013, the National Cyber Security Alliance (NCSA) launched a collaboration with the LGBT Technology Partnership to highlight safety issues and increase focus on vulnerable populations. They created a sheet of specific tips and tricks for the LGBTQIA community for staying safe online based on the slogan STOP. THINK. CONNECT. which can be found here. Many of these tips are helpful for everyone looking to stay safe online, but when reviewing them, you can see just how cautious members of this population need to be in order to feel safe.

Ensuring that every person has equal rights and access to online safety is of the utmost importance. While many walk through life taking precautions to ensure their data is protected, we must be aware of how certain communities are at more risk than others and strive to practice our own safe behavior online so as not to put anyone else’s lives at risk.

We wish members of the LGBTQIA community a cyber safe Pride Month and risk-free access to the resources they need.

To ensure everyone stays safe online, we’ve developed a few educational videos to keep everyone informed about hacking methods and how to avoid them.
Watch the video series here.

 

Photo by Peter Hershey on Unsplash