Digital Target Practice

Digital Target Practice

Cybersecurity training for companies and students at Purdue University, already one of the strongest programs in the world, is about to get even stronger thanks to a new way of delivering hands-on instruction to learners. Much like the way pilots use flight simulators, and law enforcement has firing ranges, a new cyberattack simulation range is being established in Indiana with the help of international expert partners.

Purdue officials worked with Cyberbit, a Ra’anana, Israel-based company, to establish a new Cyberbit Range at the university’s West Lafayette campus. The company is a global leader in this type of training, and was created from a leading Israeli defense technology firm called Elbit Systems, which produces things like unmanned aerial vehicles, artillery and countermeasure systems, and a lot more.

Businesses and industries from all over the United States will have a lot to learn from this new, first-of-its-kind collaboration. This is vital, because the stakes are incredibly high.

Earlier this year, Forbes/Cybersecurity Ventures reported that damages from cyberattacks are projected to hit $6 trillion annually by 2021. That total will be more than the combined impact of natural disasters in a year, or the annual global trade of illegal drugs.

“We will work with Purdue to help ensure its industry partners are learning, retaining what they learn and building the reflexes needed to remain prepared in the highly dynamic world of cybersecurity,” said Adi Dar, CEO of Cyberbit.

Intended Targets – Who Should Train at the Range?

Virtually all businesses and critical pieces of municipal/industrial infrastructure could be vulnerable to cyberattacks, and there is great variety in the spectrum of threats. On one hand, a threat could come in the form of a phishing scam against a small company. On the other, industrial operations could incur major sabotage, affecting hundreds of jobs. Or a region’s power or water supply could be disrupted.

Because of this, the new cyberattack simulation platform was designed to meet the needs of any organization that comes to learn. Mat Trampski, director of partnerships & analytics in Purdue’s Office of Corporate & Global Partnerships, described the range’s flexibility.

“The range can be customized so it can be a great fit for companies from many industries. Healthcare, manufacturing, defense, technology, government, large retail, food service, and education are all excellent fits. It is a platform that, when mixed with Purdue curriculum, can suit any company with connected devices and a need for cybersecurity.”

In addition to what the range can do for learners already in the workforce, it can also foster new interdisciplinary opportunities in education and research for students and faculty. The space is designed to transition easily between corporate needs and academic activities.

“It is the layering of our top-ranked cybersecurity faculty and professionals who build the right curriculum on top of the range platform that differentiates Purdue’s environment and offerings for workforce upskilling in cyber. Also, the engagement can seamlessly morph or expand to include world-class research and for-credit education,” said E. Daniel Hirleman, chief corporate & global partnerships officer and professor of mechanical engineering.

Zeroing In – What Can the Range Do?

As explained by Purdue and Cyberbit, the new range is a software platform that creates a virtual model of a company’s IT network architecture, including servers, routers, and applications. The platform can simulate many different types of attacks and test abilities to respond. This drives security professionals to develop proactive defenses.

“We can simulate more than a dozen attacks including network-based attacks, malware and other virus payloads, ransomware, Man-in-the-Middle, etc.,” said Trampski.

Several key aspects and capabilities of the range include:

  • Robust network and attack traffic simulation capabilities
  • Modern and realistic attack methodology simulations, complex attack flows, with variety
  • Open source security operation center products, commercially recognized
  • Security information and event management (SIEM), network management, systems monitoring
  • Support for deep forensics analysis
  • Offensive and defensive methodologies (sometimes called red/blue team)
  • Sophisticated and expansive number of network endpoints including servers, workstations, enterprise services, etc.

Planning Ahead – What Comes Next?

Purdue and Cyberbit’s new partnership will also support the development of several other programs. The university plans to use the range to expand research on the most effective means of cybersecurity instruction. Also, the partnership will support the development of a joint information technology security lab for the study of protocols used in traditional IT infrastructures and the defense against advanced attack vectors.

Plans also call for the range to be used to enhance offerings under the university’s Cyber Technical Assistance Program (cyberTAP), which is designed to provide solutions that increase profitability for businesses and productivity for government.

Business, Take Aim

The new Purdue/Cyberbit project is a big win for Indiana, positioning our state to remain a leader in a rapidly advancing industry. If practice really does make perfect, and trillions of dollars are at stake, it’s a safe bet to presume the new Cyberbit Range will be an important piece of cybersecurity defense instruction that could very well prove to be an asset for numerous companies.

Category Features, IT & Tech