One important component of CybExer’s cyber range approach is value-adding services, starting with powerful, NATO-awarded situational awareness visualization dashboards.
Let us take an example of utility of a visualization solution during a large-scale exercise. While the team that participates in the training exercise might perhaps only look at its own score and progress, the exercise control team has a powerful tool to direct and conduct the exercise, knowing at any given time about any given attack against any given system deployed on the cyber range. This is not only a convenience, but it helps to change the nature of the cybersecurity exercise: it will make the experience more dynamic, more immersive, more realistic. The exercise control based on the visual data that they can see, can conduct effective media campaign, guide and manage the red team and if need be, effectively engage and escalate to the executive level. Visualization solution plays also an important role in exercise “hot washup”, where the participants can have step-by-step detailed overview of the exercise events and the training experience. It is also an effective tool to brief guests, executives and VIPs on the activities conducted on the cyber range, helping to breach the “interface lag” that sometimes exists between the technical and management levels.
In the field of skills gap management, a powerful visualization solution can help organizations to have an effective overview of the skills and capability gap in cybersecurity, making it thereby more manageable and more understandable. Visualization solution can be used for benchmarking as well.
To demonstrate a very practical advantage of having a powerful visualization solution as an enabler, let us share a little war story by Ragnar Rattas that stresses the importance of careful design of the cyber range exercises at every step of the way: ‘We ran an exercise where a red team was carrying out a ransomware campaign against blue teams. The red team was quite successful, and their ransom demands, in bitcoins, were escalated to the management team. Somewhat surprisingly, the CEO refused to pay the ransom. Why? Turned out that there was no wallet address where the bitcoin ransom should have been paid; it had accidentally been left out of the exercise design.
‘The logic behind the CEO’s decision not to pay the ransom was that the missing wallet address indicated that the attacker’s idea was not to demand money in the first place but something else, in other words that the whole ransom campaign was a false flag.
‘Hence a small mistake in the design of the exercise led to a totally different interpretation of the ransom situation from that originally intended – an important lesson in very careful and thorough planning when designing exercise scenarios. The devil is in the details.’