DARPA Cyber Range - Not Necessarily a Novel Idea?

cyber security, cyber risks, risk anlysis, cyber threat managment

Cyber threats and the DARPA initiative: Sound like a Tom Clancy novel?

 

It sounds like the theme for a Tom Clancy novel. The U.S. Pentagon announces plans to develop a very large simulated computer environment in which to test offensive and defensive capabilities - a National Cyber Range. The expected outcome will be a "revolution in national cyber capabilities", according to DARPA, the Defense Advanced Research Projects Agency sponsoring the initiative.  Add in critical infrastructure cyber threats and thieves bent on financial fraud - and you have an exciting read.  Or a dangerous reality for today's corporations and government agencies.

It's easy to poke holes in such an ambitious program.  But it's more constructive to look at the potential of the DARPA Cyber Range effort based on the time-proven experiences of enterprises.  In industry, test environments are used every day to anticipate potential hazards, manage risk and rapidly respond to daily surprises.   This is a great time for government as well as smaller enterprises to learn from security experts at some of the world's most complex networks.

'Cyber Ranges' of any scale need to start with an accurate, comprehensive model of the network environment. This model is essential to validating the impact of security changes and threats in test mode without touching the actual production environment. From there, sophisticated algorithms and protocols simulate 'what if' scenarios. Done right, this will quickly predict the paths that cyber attackers could use to get to critical assets. IT experts use this expert analysis to prevent attacks and verify that risks will be minimized when implementing changes to the real environment.  

Never before in our history has cyber security been more important, and we encourage all organizations to look to seasoned security practitioners with a track record using advanced technologies to proactively find and respond to cyber-threats. Implementation of 'Cyber Range' type capabilities including modeling and attack simulation tools will give companies and agencies the power to re-write the ending to the novel and avoid devastation at the hands of the cyber criminal.