- Filed Under
The Air Force is beefing up training for its cybersecurity personnel, a move that may result in its training program being adopted by other agencies.
The Air Force is contracting with the SANS Institute, a computer security training organization, to develop the new training capabilities that will be incorporated into existing training at the Air Force's 39th Information Operations Squadron at Hurlburt Field, Fla.
Early next year, airmen will begin beta tests of a new product from SANS called NetWars CyberCity, said Skip Runyan, technical adviser for the Air Force unit.
CyberCity is a 6-by-8-foot replica of a small city, complete with a residential neighborhood, bank, hospital and patient medical records, water tower, train system, the Cuppa' Jo-sephine coffee shop and a social networking site with fictitious user accounts representing people in the town.
The CyberCity model is in New Jersey, but airmen training on the system at Hurlburt will access the city and its virtual systems via the Internet as a subscription-based training tool. Users can train individually or compete against one another in tournament scenarios.
"We're seeing the threat change, and our customers have said to us we need to show kinetic impact" — in other words, physical damage — caused by hacking into an industrial control system or stealing and manipulating data, said Ed Skoudis, the creator of CyberCity and a SANS instructor.
"We are like a flight simulator for cyber warriors," he said.
Here's how CyberCity will work: Users must first hack into physical cameras distributed throughout the model city to gain a visual picture of what's happening. Users are given missions that could include preventing terrorists from contaminating the town's reservoir, derailing a train or hacking into the town's utility company and shutting down power. Another mission may be preventing a resident's medical records from being manipulated.
For instance, if a terrorist were successful in contaminating the water, an LED light used to make the replica reservoir appear blue would turn red. Or one of the model trains could derail following a successful attack.
Missions in CyberCity can last hours or multiple days, and airmen are scored on how long it takes them to complete each mission, whether they were able to prevent the attack and other criteria to ensure they understand how they arrived at a particular solution.
CyberCity also provides users with realistic simulations of the back-end systems that control real-world critical systems, Runyan said.
"If we can defend the model train set, our graduates can most certainly defend the real thing," he said.
For now, CyberCity can support about 30 to 50 trainees at a time, but there are requests to increase the capability significantly, Skoudis said. SANS also has requests to allow users to create their own missions, he said.
The Defense Department is funding development of the city and has given permission for other federal agencies and utility companies to eventually train on CyberCity. Neither SANS nor the Air Force would say how much the project costs, but it has been reported that the price tag is less than $1 million.
The Air Force is using other virtual ranges similar to CyberCity that can simulate control of a critical system, but CyberCity adds a visual element and the ability to better score each user's abilities. Airmen can fail fast and correct their mistakes during training, as opposed to failing on the job.
"The first time that they see bad guys in front of them should not be on a live network, it should be on our training network," Runyan said.
In the end, the service will objectively score and determine whether airmen have mastered the necessary defensive skills.
"My customers are the operational squadron commanders," said Lt. Col. Kiley Weigle, commander of the Air Force's 39th Information Operations Squadron at Hurlburt. "So, I have to look them in the eye and tell them that I know beyond a shadow of a doubt that this troop … is ready to go."
Last month, Lt. Gen. Michael Basla, chief of information dominance and chief information officer of the Air Force, told reporters that he expects there will be an increase in training as the demands for talented cyber warriors increase. A final decision on how to increase training will be decided soon, Basla said.